Ontologies for Privacy

..

Ontologies for Privacy

Dr. Ian OliverSecurity ResearchNokia Networks

14 April 2015

1 © Nokia Solutions and Networks

Outline of the Problem

2 © Nokia Solutions and Networks

Outline of the Solution

3 © Nokia Solutions and Networks

Terminological/Ontological definitions for:

• Legal Concepts• Controller, Processor, Usage vs Purpose• Identity, Provenance• Notice and Consent

• Information Concepts

• SE Concepts (binding)• Data Flow• Logical partitioning: security, archiecture, controller/processor• Requirements

• Risk

4 © Nokia Solutions and Networks

Structure

5 © Nokia Solutions and Networks

Example Descriptive Ontologies

6 © Nokia Solutions and Networks

Understanding PII/Personal Data

7 © Nokia Solutions and Networks

Requirements and Risk

after Solove, Anton-Earp, et al8 © Nokia Solutions and Networks

Example Model

9 © Nokia Solutions and Networks

Conclusions

• Set of individual structures for describing information• Security, Data/Information classification• Usage, Purpose, Provenance, Jurisdiction

• Lesser ‘semantic gap’ between legal and engineering terminology• Avoids unfamiliar terms → eases communication• Keeps legal and engineering in their own domains :-) (culture)

• Links, or at least structure, across development process• Data flow model of the system as the binding structure

• OWL ontologies in development (one day)• Reasoning:

• privacy policy calculation• refinement and retrenchment (managed introduction of risk) of models

• Tool Support, DSL

10 © Nokia Solutions and Networks