ESR 8: User-centric and self-determined privacy management in mobile biometrics
What was achieved and the impacts
Privacy semantic modelling is a core practice of Privacy Engineering, an emerging discipline in information systems, which aims to provide techniques and methodologies such that IT systems will be designed with acceptable levels of privacy following the Privacy-by-Default Principles. Ontologies are the formalisation of terms in a domain and the relations among them. The adoption of ontologies in the IoT ecosystem is a first step towards implementation of privacy policies into machine-readable languages. In general, ontologies presented in the literature capture relations among privacy and law requirements, such as GDPR. Among these ontologies, a few are defined on privacy risks or threats. However, those that do it, present very high-level descriptions on the topic.
In other fields, such as computer forensic, the development of ontologies is a common tool for threat identification, such as money laundering, or for a better understanding, investigation, and prevention of organized financial crime. Thus, detecting and profiling modus operandi of some business practices in data sharing/flow/privacy policies, and other interrelated factors of companies that have violated/presented a threat to user privacy, maybe a step to integrate such modus operandi as a risk for a further privacy calculus. Therefore, to the best of our knowledge, there is no ontology for mobile applications that defines these relationships among privacy requirements, risks to privacy including privacy threats.
Our solution may contribute to further standardisation and certification of privacy-friendly mobile devices that the design core-principles are privacy and security.