Extending model-based privacy analysis for the industrial data space by exploiting privacy level agreements

Considering the dramatic impact of the current technology changes on user privacy, it is important to contemplate privacy early on in software development. Ensuring privacy is particularly challenging in industrial ecosystems, in which an enterprise may depend on or cooperate with other enterprises to provide an IT service to a service customer. An example for such ecosystems is the Industrial Data Space (IDS). The IDS provides a basis for creating and using smart IT services, while ensuring digital sovereignty of service customers. In this paper, motivated by Article 25 of Regulation (EU) 2016/679 (GDPR), we apply a model-based privacy analysis approach to the IDS to enable the verification of conformance to customer's privacy preferences. To this end we extend an existing model-based privacy analysis to support customer's privacy preferences in compliance with the Article 5 of the GDPR. We also provide a privacy check to support the privacy of data exchanges between the enterprises. The approach is supported by the CARiSMA tool.