Skip to main content
SpringerLink
Log in

Armin Gerl, Bianca Meier

The Layered Privacy Language Art. 12 – 14 GDPR Extension – Privacy Enhancing User Interfaces

  • Schwerpunkt
  • Published:
Datenschutz und Datensicherheit - DuD Aims and scope Submit manuscript

Zusammenfassung

Since 25th May 2018, the EU-wide General Data Protection Regulation (GDPR) applies in order to strengthen the rights of Data Subjects. Although the GDPR specifies the required information, which has to be presented to a Data Subject, it can still be argued for a lack of transparency due to unfavourable presentation of the privacy policy. Furthermore, no systematic approach for the enforcement of privacy policies in technical systems is deployed. These issues are tackled by the both human- and machine-readable Layered Privacy Language (LPL), which models legal privacy policies. This work introduces an extension for LPL to comply with Art. 12 – 14 GDPR. Additionally, user interface prototypes will be introduced to allow the creation of LPL privacy policies by the Data Protection Officer as well as a structured presentation of the LPL privacy policy for web-applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Literatur

  1. Bitkom: Stimmen Sie den Aussagen voll / eher zu? Datenschutzerklärungen…, https://de.statista.com/statistik/daten/studie/467075/umfrage/beurteilung-der-datenschutzerklaerungen-von-online-diensten-in-deutschland/, 2015.

  2. Steinfeld, Nili: “I agree to the terms and conditions”: (How) do users read privacy policies online? An eye-tracking experiment. Computers in Human Behavior, 55:992–1000, 2016.

    Article  Google Scholar 

  3. Angulo, J.; Fischer-Hübner, S.; Pulls, T.; Wästl und, E.: Towards usable privacy policy display & management-The primelife approach. In: Proceedings of the 5th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2011. pp.108–118, 2011.

  4. McDonald, A. M.; Cranor, L. F.: The cost of reading privacy policies. I/S: A Journal of Law and Policy for the Information So-ciety, 4, 2008.

  5. GDPR: General Data Protection Regulation, April 2016. Regula-tion (EU) 2016 of the European Parliament and of the Council of on the protection of natural persons with regard to the pro-cessing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

  6. Gerl, Armin; Bennani, Nadia; Kosch, Harald; Brunie, Lionel: LPL, Towards a GDPR-Compliant Privacy Language: Formal Definition and Usage. In (Hameurlain, Abdelkader; Wagner, Roland, eds): Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVII. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 41–80, 2018.

    Chapter  Google Scholar 

  7. Gerl, Armin; Pohl, Dirk: Critical Analysis of LPL according to Articles 12 – 14 of the GDPR. In: Proceedings of International Conference on Availability, Reliability and Security. ARES 2018, Hamburg, Germany, p. 9, August 2018.

  8. Gerl, Armin; Prey, Florian: LPL Personal Privacy Policy User Interface: Design and Evaluation. In: Mensch und Computer 2018 – Tagungsband. Gesellschaft für Informatik e.V., Bonn, 2018.

  9. Gerl, Armin: Extending Layered Privacy Language to Support Privacy Icons for a Personal Privacy Policy User Interface. In: Proceedings of Brithish HCI 2018. BCS Learning and Develop-ment Ltd., Belfast, UK, p. 5, 2018

  10. Greger, Sebastian: , User-centred transparency design for privacy – Part I: The layered approach, https://sebastiangreger.net/ 2018/08/user-centred-transparency-design-the-layered-approach/, August 2018.

  11. Cranor, Lorrie Faith; Arjula, Manjula; Guduru, Praveen: Use of a P3P User Agent by Early Adopters. In: Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society. WPES ’02, ACM, New York, NY, USA, pp. 1–10, 2002.

  12. Cranor, Lorrie Faith; Guduru, Praveen; Arjula, Manjula: User Interfaces for PrivacyAgents. ACM Trans. Comput.-Hum. Interact., 13(2):135–178, June 2006.

    Article  Google Scholar 

  13. Angulo, Julio; Fischer-Hübner, Simone; Pulls, Tobias; König, Ulrich: HCI for Policy Display and Administration. In (Camenisch, Jan; Fischer-Hübner, Simone; Rannenberg, Kai, eds): Privacy and Identity Management for Life. Springer Berlin Heidelberg, Berlin,Heidelberg, pp. 261–277, 2011.

    Chapter  Google Scholar 

  14. Philip Raschke, Axel Küpper, Olha Drozd; Kirrane, Sabrina: De-signing a GDPR-compliant and Usable Privacy Dashboard. In: IFIP Advances in Information and Communication Technology. IFIP Summer School 2017, Springer, September 2017.

  15. P.A. Bonatti, S. Kirrane, I. Petrova L. Sauro E. Schlehahn: Deliv-erable D2.1 – Policy Language V1. Technical report, Scalable Policy-aware Linked Data Architecture For Privacy, Transparency and Compliance – SPECIAL, December 2017.

  16. Gerl, Armin; Bölz, Felix: Layered Privacy Language (LPL) Pseudonymisation Extension for Health Care. In: Proceedings of MedInfo 2019. 2019.

  17. Samarati, Pierangela; Sweeney, Latanya: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report, technical report, SRI International, 1998.

  18. Dwork, Cynthia: Differential Privacy. In (Bugliesi, Michele; Preneel, Bart; Sassone, Vladimiro; Wegener, Ingo, eds): Automata, Languages and Programming. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 1–12, 2006.

    Google Scholar 

  19. Aamot, Harald; Kohl, Christian Dominik; Richter, Daniela; Knaup-Gregori, Petra: Pseudonymisation of patient identifiers for translational research. BMC Medical Informatics and Decision Making, 13(1):75, Jul 2013

    Article  Google Scholar 

  20. Gerl, Armin; Meier, Bianca; Becher, Stefan: Let Users Control their Data – Privacy Policy-based User Interface Design. In: Hu-man Interaction and Emerging Technologies 2019- Proceedings of the 1st International Conference on Human Interaction and Emerging Technologies (IHIET 2019) conference. Université Côte d’Azur, Nice, France, August 2019.

  21. Shneiderman, B.: The eyes have it: a task by data type taxonomy for information visualizations. In: Proceedings 1996 IEEE Symposium on Visual Languages. pp.336–343, Sep. 1996.

  22. Melgoza, Pauline; Mennel, Pamela A.; Gyeszly, Suzanne D.: Information overload. Collection Building, 21(1):32–43, 2002.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Passau, Deutschland

    Armin Gerl

  2. Cham, Deutschland

    Bianca Meier

Authors
  1. Armin Gerl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bianca Meier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Armin Gerl.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gerl, A., Meier, B. The Layered Privacy Language Art. 12 – 14 GDPR Extension – Privacy Enhancing User Interfaces . Datenschutz Datensich 43, 747–752 (2019). https://doi.org/10.1007/s11623-019-1200-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11623-019-1200-9

Search

Navigation