Since the origin of the web, up to social networks, and now to the internet of things, the quantity of personal information produced and shared is uncontrollably increasing. Privacy regulations protect our right to have the control on our personal data. According to the recent General Data Protection Regulation (GDPR), entered into force in May 2018, infringements can be very costly to organizations, ranging from 10s to 100s of thousands of Euros. In order to ensure compliance with such regulations, privacy should be taken into consideration as early as at requirements time, so to avoid expensive after-the-fact fixes. Modeling frameworks have been proposed to support the analysis of requirements in complex socio-technical systems, however, even if a primary role is given to security, for privacy more work need to be done. In this paper, starting from the social concept of consent, we propose a modeling language and define the formal framework for the analysis of privacy-consent requirements. We report on our experience in the analysis of privacy in the medical domain, in the context of a research project with the Trentino health-care provider (APSS).
(2018). Modeling and reasoning about privacy-consent requirements . Retrieved from https://hdl.handle.net/10446/324012
Modeling and reasoning about privacy-consent requirements
Salnitri, Mattia;
2018-01-01
Abstract
Since the origin of the web, up to social networks, and now to the internet of things, the quantity of personal information produced and shared is uncontrollably increasing. Privacy regulations protect our right to have the control on our personal data. According to the recent General Data Protection Regulation (GDPR), entered into force in May 2018, infringements can be very costly to organizations, ranging from 10s to 100s of thousands of Euros. In order to ensure compliance with such regulations, privacy should be taken into consideration as early as at requirements time, so to avoid expensive after-the-fact fixes. Modeling frameworks have been proposed to support the analysis of requirements in complex socio-technical systems, however, even if a primary role is given to security, for privacy more work need to be done. In this paper, starting from the social concept of consent, we propose a modeling language and define the formal framework for the analysis of privacy-consent requirements. We report on our experience in the analysis of privacy in the medical domain, in the context of a research project with the Trentino health-care provider (APSS).| File | Dimensione del file | Formato | |
|---|---|---|---|
|
FM + 2018+Modeling+and+Reasoning+About+Privacy-Consent+Requirements.pdf
Solo gestori di archivio
Versione:
publisher's version - versione editoriale
Licenza:
Licenza default Aisberg
Dimensione del file
1.89 MB
Formato
Adobe PDF
|
1.89 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo
