Advertisement

Personalised Privacy Policies

  • Harshvardhan Jitendra Pandit
  • Declan O’Sullivan
  • Dave Lewis
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 909)

Abstract

Internet services have become an important part of the daily life for a large number of people, and often deal with varying amounts of personal information. A privacy policy is a legal document governed by territorial laws that outlines the collection, usage, storage, and sharing of personal data. A known problem with such documents is its ambiguity and difficulty in comprehension for end users. The General Data Protection Regulation (GDPR) requires transparency regarding the provision of such information to the data subject through its various obligations and rights. We propose a remodelling of the privacy policy based on provision of relevant information regarding personal data specific to the user. Such a policy will dynamically reflect the state of activities over personal data using a legal and comprehensive document, and can be used as a tool for the provision of rights and requests from data subjects. We support our discussion with an example use-case of a GDPR-based privacy policy adopted from online services. We present our analysis on identifying changes and our approach towards the representation and creation of such dynamic policies.

Keywords

Privacy policy Personalisation GDPR Metadata 

Notes

Acknowledgements

This work is supported by the ADAPT Centre for Digital Content Technology which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.

References

  1. 1.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119, 1–88, May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
  2. 2.
    Ammar, W., Wilson, S., Sadeh, N., Smith, N.A.: Automatic categorization of privacy policies: a pilot study (2012). http://repository.cmu.edu/lti/199/
  3. 3.
    Bhatia, J., Breaux, T.D.: A data purpose case study of privacy policies. In: 2017 IEEE 25th International Requirements Engineering Conference (RE), pp. 394–399. IEEE (2017)Google Scholar
  4. 4.
    Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-44760-5_9CrossRefGoogle Scholar
  5. 5.
    Esayas, S., Mahler, T., McGillivray, K.: Is a picture worth a thousand terms? Visualising contract terms and data protection requirements for cloud computing users. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 39–56. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-46963-8_4CrossRefGoogle Scholar
  6. 6.
    Fabian, B., Ermakova, T., Lentz, T.: Large-scale readability analysis of privacy policies. In: Proceedings of the International Conference on Web Intelligence, WI 2017, pp. 18–25. ACM, New York (2017).  https://doi.org/10.1145/3106426.3106427
  7. 7.
    Fawaz, H.H.K., Schaub, R.L.F., Karl, K.G.S.: Polisis: automated analysis and presentation of privacy policies using deep learning. Technical report, EPFL (2017). https://pribot.org/files/Polisis_Technical_Report.pdf
  8. 8.
    Jensen, C., Potts, C.: Privacy policies as decision-making tools: an evaluation of online privacy notices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2004, pp. 471–478. ACM, New York (2004).  https://doi.org/10.1145/985692.985752
  9. 9.
    Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018).  https://doi.org/10.3233/SW-170283
  10. 10.
    Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-93417-4_31CrossRefGoogle Scholar
  11. 11.
    Pandit, H.J., Lewis, D.: Modelling provenance for GDPR compliance using linked open data vocabularies. In: Proceedings of the 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn2017) (PrivOn) (2017). http://ceur-ws.org/Vol-1951/#paper-06
  12. 12.
    Rossi, A., Palmirani, M.: A visualization approach for adaptive consent in the european data protection framework. In: 2017 Conference for E-Democracy and Open Government (CeDEM), pp. 159–170, May 2017.  https://doi.org/10.1109/CeDEM.2017.23
  13. 13.
    Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: privacy policy benchmarking using machine learning and the EU GDPR. In: WWW 2018 Companion Proceedings of the Web Conference 2018, pp. 163–166. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2018).  https://doi.org/10.1145/3184558.3186969
  14. 14.
    Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, IWSPA 2018, pp. 15–21. ACM, New York (2018).  https://doi.org/10.1145/3180445.3180447
  15. 15.
    Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 1330–1340. Association for Computational Linguistics, Berlin, Germany, August 2016. http://www.aclweb.org/anthology/P16-1126

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Harshvardhan Jitendra Pandit
    • 1
  • Declan O’Sullivan
    • 1
  • Dave Lewis
    • 1
  1. 1.ADAPT CentreTrinity College DublinDublinIreland

Personalised recommendations