PrivAPP: An integrated approach for the design of privacy-aware applications

Nowadays, personal information is collected, stored, and managed through web applications and services. Companies are interested in keeping such information private due to regulation laws and privacy concerns of customers. Furthermore, the reputation of a company can be dependent on privacy protection, ie, the more a company protects the privacy of its customers, the more credibility it gets. This paper proposes an integrated approach that relies on models and design tools to help in the analysis, design, and development of web applications and services with privacy concerns. Using the approach, these applications can be developed consistently with their privacy policies to enforce them, protecting personal information from different sources of privacy violation. The approach is composed of a conceptual model, a reference architecture, and a Unified Modified Language Profile, ie, an extension of the Unified Modified Language for including privacy protection. The idea is to systematize the privacy concepts in the scope of web applications and services, organizing the privacy domain knowledge and providing features and functionalities that must be addressed to protect the privacy of the users in the design and development of web applications. Validation has been performed by analyzing the ability of the approach to model privacy policies from real web applications and by applying it to a simple application example of an online bookstore. Results show that privacy protection can be implemented in a model-based approach, bringing values for the stakeholders and being an important contribution toward improving the process of designing web applications in the privacy domain.