Abstract
Internet services have become an important part of the daily life for a large number of people, and often deal with varying amounts of personal information. A privacy policy is a legal document governed by territorial laws that outlines the collection, usage, storage, and sharing of personal data. A known problem with such documents is its ambiguity and difficulty in comprehension for end users. The General Data Protection Regulation (GDPR) requires transparency regarding the provision of such information to the data subject through its various obligations and rights. We propose a remodelling of the privacy policy based on provision of relevant information regarding personal data specific to the user. Such a policy will dynamically reflect the state of activities over personal data using a legal and comprehensive document, and can be used as a tool for the provision of rights and requests from data subjects. We support our discussion with an example use-case of a GDPR-based privacy policy adopted from online services. We present our analysis on identifying changes and our approach towards the representation and creation of such dynamic policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
References
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119, 1–88, May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
Ammar, W., Wilson, S., Sadeh, N., Smith, N.A.: Automatic categorization of privacy policies: a pilot study (2012). http://repository.cmu.edu/lti/199/
Bhatia, J., Breaux, T.D.: A data purpose case study of privacy policies. In: 2017 IEEE 25th International Requirements Engineering Conference (RE), pp. 394–399. IEEE (2017)
Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9
Esayas, S., Mahler, T., McGillivray, K.: Is a picture worth a thousand terms? Visualising contract terms and data protection requirements for cloud computing users. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 39–56. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46963-8_4
Fabian, B., Ermakova, T., Lentz, T.: Large-scale readability analysis of privacy policies. In: Proceedings of the International Conference on Web Intelligence, WI 2017, pp. 18–25. ACM, New York (2017). https://doi.org/10.1145/3106426.3106427
Fawaz, H.H.K., Schaub, R.L.F., Karl, K.G.S.: Polisis: automated analysis and presentation of privacy policies using deep learning. Technical report, EPFL (2017). https://pribot.org/files/Polisis_Technical_Report.pdf
Jensen, C., Potts, C.: Privacy policies as decision-making tools: an evaluation of online privacy notices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2004, pp. 471–478. ACM, New York (2004). https://doi.org/10.1145/985692.985752
Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018). https://doi.org/10.3233/SW-170283
Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_31
Pandit, H.J., Lewis, D.: Modelling provenance for GDPR compliance using linked open data vocabularies. In: Proceedings of the 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn2017) (PrivOn) (2017). http://ceur-ws.org/Vol-1951/#paper-06
Rossi, A., Palmirani, M.: A visualization approach for adaptive consent in the european data protection framework. In: 2017 Conference for E-Democracy and Open Government (CeDEM), pp. 159–170, May 2017. https://doi.org/10.1109/CeDEM.2017.23
Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: privacy policy benchmarking using machine learning and the EU GDPR. In: WWW 2018 Companion Proceedings of the Web Conference 2018, pp. 163–166. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2018). https://doi.org/10.1145/3184558.3186969
Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, IWSPA 2018, pp. 15–21. ACM, New York (2018). https://doi.org/10.1145/3180445.3180447
Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 1330–1340. Association for Computational Linguistics, Berlin, Germany, August 2016. http://www.aclweb.org/anthology/P16-1126
Acknowledgements
This work is supported by the ADAPT Centre for Digital Content Technology which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Pandit, H.J., O’Sullivan, D., Lewis, D. (2018). Personalised Privacy Policies. In: Benczúr, A., et al. New Trends in Databases and Information Systems. ADBIS 2018. Communications in Computer and Information Science, vol 909. Springer, Cham. https://doi.org/10.1007/978-3-030-00063-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-00063-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00062-2
Online ISBN: 978-3-030-00063-9
eBook Packages: Computer ScienceComputer Science (R0)