From Data Flows to Privacy Issues: A User-Centric Semantic Model for Representing and Discovering Privacy Issues

In today's highly connected cyber-physical world, people are constantly disclosing personal and sensitive data to different organizations and other people through the use of online and physical services. Such data disclosure activities can lead to unexpected privacy issues. However, there is a general lack of tools that help to improve users' awareness of such privacy issues and to make more informed decisions on their data disclosure activities in wider contexts. To fill this gap, this paper presents a novel user-centric, data-flow graph based semantic model, which can show how a given user's personal and sensitive data are disclosed to different entities and how different types of privacy issues can emerge from such data disclosure activities. The model enables both manual and automatic analysis of privacy issues, therefore laying the theoretical foundation of building data-driven and user-centric software tools for people to better manage their data disclosure activities in the cyber-physical world.