The Privacy Policy Permission Diagram - Toward a Unified View of Privacy

Abstract

Data collection is inevitable. To receive services, customers must provide personal information to organizations. When individuals disclose information, they are making decisions about giving up a portion of their privacy. Organizations use privacy policies to communicate their practices to their clients. A privacy policy is a set of statements that specifies how an organization gathers, uses, discloses, and maintains a client’s data. Most privacy policies, however, lack a clear, complete explanation of how data providers' information is used. In his 1976 paper titled The Entity-Relationship Model -- Toward a Unified View of Data, Peter Chen proposes a diagrammatic technique to model entities and their relationships. This technique is independent of the entities' domains. Inspired by this contribution, we propose a modeling methodology called Privacy Policy Permission Diagram (PPPD), which provides a uniform, easy-to-understand representation of privacy policies, that can accurately and clearly determine how data is used within an organization's practice. Using this modeling methodology, privacy policies are presented in a diagram, and are populated into a privacy catalog. The privacy catalog can then be used to store privacy policies and their relationships. This methodology highlights inconsistencies and inaccuracies in the privacy policy.