Extracting LPL privacy policy purposes from annotated web service source code

• Published in: Software and systems modeling Vol. 22; no. 1; pp. 331 - 349
• Main Authors: Hjerppe, Kalle, Ruohonen, Jukka, Leppänen, Ville
• Format: Journal Article
• Language: English
• Published: Berlin/Heidelberg Springer Berlin Heidelberg 01.02.2023; Springer Nature B.V
• Subjects: Compilers; Computer Science; Information Systems Applications (incl.Internet); Internet service providers; Interpreters; IT in Business; Legislation; Personal information; Policies; Privacy; Programming Languages; Programming Techniques; Regular Paper; Software Engineering; Software Engineering/Programming and Operating Systems; Source code; Web services; static analysis; privacy language; semantic web; Data protection; privacy engineering; GDPR
• ISSN: 1619-1366; 1619-1374
• DOI: 10.1007/s10270-022-00998-y

Privacy policies are a mechanism used to inform users of the World Wide Web about the processing of their personal data. Such processing has special requirements, since personal data are regulated by data protection legislation. For example, a consent or another legal basis is typically needed. Privacy policies are documents used, among other things, to inform the data subject about processing of their personal data. These are formally represented by privacy languages. In this paper, we present a technique for constructing Layered Privacy Language policy data from web service code bases. Theoretically, we model the purposes of processing within web services by extending the privacy language with composition. We also present a formal analysis method for generating privacy policy purposes from the source code of web services. Furthermore, as a practical contribution, we present a static analysis tool that implements the theoretical solution. Finally, we report a brief case study for validating the tool