#PrivacyMatters. Recent scandals in Facebook and during the last US elections prove the increasing importance of what some of us call a basic human right in a world becoming more transparent day-after-day. In general, customers and users are required to unwrap many personal details and actions that should be protected according to very basic privacy principles and regulations. In this brief discussion, we will try to draft an introduction to an ontology of privacy to support the condition of privacy and help generalize the level of privacy linked to transactions.

This privacy ontology shall provide developers and service providers with an overview of a humble framework to look at their daily actions from a pure privacy-based perspective. This ontology approach aims to support end users with the capacity to design their own privacy requirements and measure them in front of third parties. This short paper shall trace the knowledge of the privacy paradigm and its aspects, dimensions, and assessments criterion. It is composed of an ontology postulate — what we would call the core privacy ontology- and one application domain: the financial world.

Ontology? Some first basics concepts

Let’s start by defining our concept of ontology for each one of us does have his/her own and respectful appreciation of the word. In general and widely, ontology questions the meaning of being, of what ‘is,’ or in other words, how we know what we know. “What does it mean to be, or exist” could be considered the inaugural question. And this is the question most of the early philosophers ask themselves, i.e. Parmenides and Plato. In other word, ontology asks about the meaning of being, related to the being-in-action (Etre de l’étant) or the being as-is (Etre comme tel). We shall address the ontology at the dawn of these two approaches.

Privacy — a quick view and its evolution

Speaking and writing about the endogenous concept of privacy forces us to take into consideration many notions. The concept itself has evolved over time when the first public records related to privacy is said to come from Warren and Brandeis in their “Right to Privacy”(1) which was published in a legal publication at the end of the 19th century. For these jurists, privacy meant “the right to be left alone.”

Let’s agree on the fact it looks quite simplistic and passé, given our modern understanding of privacy. Almost 100 years later, Alan Westin tried to update the definition of privacy as “the desire of people to choose freely under what circumstances and to what extent they will expose themselves, their attitudes, and their behavior to others”(2).

Further, Tom Gerety understands privacy as “the control over or the autonomy of the intimacies of personal identity”(3). We hope to succeed in pointing out how many different ways privacy can be interpreted and how many aspects of privacy exist. And to close this little tour around the concept of privacy, Máté Dániel Szabó argued that “privacy is the right of the individual to decide about himself/herself”(4).

And this the definition we shall adopt for the matter of this study.

But privacy might be seen in different ways and from different aspects. This plurality, this ontological mosaic, shall be taken into consideration. The primary concept of privacy comes directly from one of its definitions. As said priorly, privacy could be defined as the subjective condition a person experiences when two factors are in place. This been said, the person must have the control of information about him- or herself but not only. He or she must exercise that control consistent with his or her interests and values.

This first approach deals directly with the concept of access control. A contrario, in traditional security systems, individuals create and alter these rules and once submitted to a system (computer, software, bank, public authority), it (the system) has to obey these rules and not vice versa. Period. Individuals are allowed to alter and eventually revoke permissions granted to third parties. But in order to achieve this goal, other mechanisms like authentication (certificates or reputation), as well as notions of trust and risk management are playing a singular role.

Privacy sounds interesting when it comes to access control from a data subject perspective. The paradigm of auditing or access tracking looks capital and is, moreover, more powerful. Once permission has been granted to access personal data, individuals would eventually like to identify who actually accesses this information.

Toward a Privacy Ontology

Building an ontology could be related to using a doable method for seizing and structuring the knowledge in the domain of privacy.

One of the methodological approaches that could be used to reach this goal is the Methodology.

We would like to emphasise the general concept behind this approach which is based on the postulate whereby there is a vast differentiation between knowledge when it comes to privacy, and its multiple applications in specific fields of activity.

According to Nicola Guarino, an ontology is “a formal shared, explicit, but partial specification of the commonly agreed upon intended meaning of a conceptualisation”(6). This approach could fit with our needs of representing knowledge on a particular field and structuring it in an appropriate way. Using the Methondology approach could lead us to the fact that — to our knowledge — no other ontology exists when it comes to privacy and this approach allows us to build an ontology from scratch which makes it a candidate of choice.

Moreover, this methodology also permits to include knowledge during the building process in the form of other ontologies from other fields. This flexibility offers great opportunities when it comes to cross-ontologies-approach…