The Privacy Policy Permission Model: A Unified View of Privacy Policies

TL;DR

The paper introduces the Privacy Policy Permission Model (PPPM), a diagrammatic methodology that standardizes and clarifies privacy policies, helping organizations accurately communicate data practices and identify inconsistencies.

Contribution

It presents a novel modeling approach that visually represents privacy policies, improving clarity and consistency in privacy communication.

Findings

PPPM provides a clear, visual representation of privacy policies.

The model helps identify inconsistencies and inaccuracies.

Supports privacy officers in policy articulation.

Abstract

Organizations use privacy policies to communicate their data collection practices to their clients. A privacy policy is a set of statements that specifies how an organization gathers, uses, discloses, and maintains a client's data. However, most privacy policies lack a clear, complete explanation of how data providers' information is used. We propose a modeling methodology, called the Privacy Policy Permission Model (PPPM), that provides a uniform, easy-to-understand representation of privacy policies, which can accurately and clearly show how data is used within an organization's practice. Using this methodology, a privacy policy is captured as a diagram. The diagram is capable of highlighting inconsistencies and inaccuracies in the privacy policy. The methodology supports privacy officers in properly and clearly articulating an organization's privacy policy.