Privacy Models

A model is an abstract representation of an entity or collection of entities that provides the ability to portray, understand or predict the properties or characteristics of the entity or collection under conditions or situations of interest. One well-known type of models is model engineering.

Engineering with Models
When applied to system engineering, models are defined as representations of a topic of interest, e.g., a real-work process, a device or a concept . A model is a specification which uses representation conventions, also known as concrete syntax, following some description language, for instance UML (Universal Modellin Language). UML defines two types of diagrams: structural diagrams (class diagrams, component diagrams, composite structure diagrams, deployment diagrams, object diagrams, package diagrams, profile diagrams) and behavioral diagrams (activity diagrams, communication diagrams, interaction overview diagrams, sequence diagrams, state diagrams, timing diagrams, use case diagrams).

The practice of engineering with models is critical to engineer complex systems, as models are digital artefacts that can be used by tools to ensure consistency and traceability during system development. They can further be reused and therefore increase the productivity of engineering. The ISO/IEC/IEEE 24641 (Methods and tools for model-based systems and software engineering) standard provides guidance on how to apply model-based systems and software engineering (MBSSE) within an organization, identifying four groups of processes: plan MBSSE, build models, perform MBSSE and support Models.

Engineering Privacy with Models
Using models to engineer privacy can not only bring the benefits of MBSSE, but also contribute to the following requirements: transparency, maintainability and compliance. Privacy models can enhance transparency, as models can be used by managers, data protection officers, domain experts, developers, auditors, citizens to understand and evaluate the privacy capabilities of a system. Privacy models can also facilitate maintainability, as they make it possible to maintain and extend models jointly by different stakeholders. Finally privacy models can be used to verify compliance of a given systems.

Example of PDP4E Project
In the frame of the PDP4E project, engineering privacy with models was applied to four processes, risk management, engineering requirements, privacy-aware design and assurance management. The results were demonstrated in two domains, connected vehicles and big data on smart grid. As a result of this project, a preliminary work item, ISO/IEC 27564 on privacy models has been started.

Some references
Y. Martin and A. Kung, “Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering,” 2018 IEEE
European Symposium on Security and Privacy Workshops (EuroS&PW), 2018, pp. 108-111, doi: 10.1109/EuroSPW.2018.00021.