Saved in:
Bibliographic Details
Main Authors: Althubiti, Ebtihal, Sevegnani, Michele
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2503.20464
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912295190265856
author Althubiti, Ebtihal
Sevegnani, Michele
author_facet Althubiti, Ebtihal
Sevegnani, Michele
contents Advancements in information technology have led to the sharing of users' data across borders, raising privacy concerns, particularly when destination countries lack adequate protection measures. Regulations like the European General Data Protection Regulation (GDPR) govern international data transfers, imposing significant fines on companies failing to comply. To achieve compliance, we propose a privacy framework based on Milner's Bigraphical Reactive Systems (BRSs), a formalism modelling spatial and non-spatial relationships between entities. BRSs evolve over time via user-specified rewriting rules, defined algebraically and diagrammatically. In this paper, we rely on diagrammatic notations, enabling adoption by end-users and privacy experts without formal modelling backgrounds. The framework comprises predefined privacy reaction rules modelling GDPR requirements for international data transfers, properties expressed in Computation Tree Logic (CTL) to automatically verify these requirements with a model checker and sorting schemes to statically ensure models are well-formed. We demonstrate the framework's applicability by modelling WhatsApp's privacy policies.
format Preprint
id arxiv_https___arxiv_org_abs_2503_20464
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Modelling Privacy Compliance in Cross-border Data Transfers with Bigraphs
Althubiti, Ebtihal
Sevegnani, Michele
Software Engineering
Advancements in information technology have led to the sharing of users' data across borders, raising privacy concerns, particularly when destination countries lack adequate protection measures. Regulations like the European General Data Protection Regulation (GDPR) govern international data transfers, imposing significant fines on companies failing to comply. To achieve compliance, we propose a privacy framework based on Milner's Bigraphical Reactive Systems (BRSs), a formalism modelling spatial and non-spatial relationships between entities. BRSs evolve over time via user-specified rewriting rules, defined algebraically and diagrammatically. In this paper, we rely on diagrammatic notations, enabling adoption by end-users and privacy experts without formal modelling backgrounds. The framework comprises predefined privacy reaction rules modelling GDPR requirements for international data transfers, properties expressed in Computation Tree Logic (CTL) to automatically verify these requirements with a model checker and sorting schemes to statically ensure models are well-formed. We demonstrate the framework's applicability by modelling WhatsApp's privacy policies.
title Modelling Privacy Compliance in Cross-border Data Transfers with Bigraphs
topic Software Engineering
url https://arxiv.org/abs/2503.20464