Privacy Architectures: Reasoning About Data Minimisation and Integrity
This addresses the problem of legal compliance with privacy regulations for system designers, but it is incremental as it builds on existing formal methods.
The paper tackles the challenge of incorporating privacy requirements into system design by proposing a formal framework for specifying privacy architectures, focusing on data minimisation and its conflict with integrity, illustrated through a smart metering case study.
Privacy by design will become a legal obligation in the European Community if the Data Protection Regulation eventually gets adopted. However, taking into account privacy requirements in the design of a system is a challenging task. We propose an approach based on the specification of privacy architectures and focus on a key aspect of privacy, data minimisation, and its tension with integrity requirements. We illustrate our formal framework through a smart metering case study.