Advertisement

GDPR Transparency Requirements and Data Privacy Vocabularies

  • Eva Schlehahn
  • Rigo WenningEmail author
Chapter
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 547)

Abstract

This tutorial introduced participants to the transparency requirements of the General Data Protection Regulation (GDPR) [35]. Therein, it was explored together with the attendees whether technical specifications can be valuable to support transparency in favour of a data subject whose personal information is being processed. In the context of the discussions, past and present international efforts were examined that focus on data privacy vocabularies and taxonomies as basis work to enable effective enforcement of data handling policies. One example of a current undertaking in this area is the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG) which aims at developing a taxonomy of privacy terms aligned to the GDPR, which encompasses personal data categories, processing purposes, events of disclosures, consent, and processing operations. During the tutorial session, the potential of such efforts was discussed among the participants, allowing for conclusions about the need to re-align and update past research in this area to the General Data Protection Regulation.

Keywords

General Data Protection Regulation EU law Transparency Data privacy vocabularies Technical specifications supporting GDPR compliance 

Notes

Acknowledgments

Supported by the European Union’s Horizon 2020 research and innovation programme under grant 731601.

References

  1. 1.
    W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages (2003). W3C. https://www.w3.org/2003/p3p-ws/
  2. 2.
    Security assertion markup language (saml) v2.0. Technical report, March 2005. https://www.oasis-open.org/standards#samlv2.0, https://wiki.oasis-open.org/security/FrontPage#SAML_V2.0_Standard
  3. 3.
    Extensible markup language (xml) 1.0 (5. edition). Technical report, November 2008. http://www.w3.org/TR/2008/REC-xml-20081126/
  4. 4.
    Engineering Privacy by Design (2011)Google Scholar
  5. 5.
    Rdf 1.1 primer. Technical report, June 2014. http://www.w3.org/TR/2014/NOTE-rdf11-primer-20140624/
  6. 6.
    Gupta, A.: Data provenance. In: Liu, L., Özsu, M.T. (eds.) Encyclopedia of Database Systems. Springer, Boston (2009).  https://doi.org/10.1007/978-0-387-39940-9CrossRefGoogle Scholar
  7. 7.
    Berners-Lee, T., Fielding, R.T., Masinter, L.: Uniform resource identifier (URI): Generic syntax. Technical report (2005). http://www.ietf.org/rfc/rfc3986.txt
  8. 8.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_7CrossRefGoogle Scholar
  9. 9.
    Camenisch, J., Leenes, R., Sommer, D. (eds.): PRIME - Privacy and Identity Management for Europe. Lecture Notes in Computer Science, vol. 6545. Springer, Berlin (2011).  https://doi.org/10.1007/978-3-642-19050-6CrossRefGoogle Scholar
  10. 10.
    Collins, C.: A brief history of xml, March 2008. https://ccollins.wordpress.com/2008/03/03/a-brief-history-of-xml/
  11. 11.
    European Commission: Flash eurobarometer 443: e-privacy. Technical report, December 2016. http://data.europa.eu/euodp/en/data/dataset/S2124_443_ENG
  12. 12.
    European Commission: Summary report on the public consultation on the evaluation and review of the eprivacy directive. Technical report, August 2016. https://ec.europa.eu/digital-single-market/en/news/summary-report-public-consultation-evaluation-and-review-eprivacy-directive
  13. 13.
    European Council, European Parliament, and European Commission: Charter of Fundamental Rights of the European Union. Number 83 in Official Journal of the European Union C. European Union, pp. 389–403, March 2010. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:083:0389:0403:en:PDF
  14. 14.
    Cranor, L.F.: Web Privacy with P3P. O’Reilly & Associates Inc., Newton (2002). ISBN 0-596-00371-4Google Scholar
  15. 15.
    Decker, S., Peristeras, V. (eds.): Data Privacy Controls and Vocabularies: A W3C Workshop on Privacy and Linked Data (2017). W3C. https://www.w3.org/2018/vocabws/
  16. 16.
    Duerst, M., Suignard, M.: Internationalized resource identifiers (iris). Technical report 3987, January 2005. http://www.ietf.org/rfc/rfc3987.txt
  17. 17.
    ECHR2010: Convention for the protection of human rights and fundamental freedoms as amended by protocol no. 11 and no. 14, June 2010. http://conventions.coe.int/treaty/en/Treaties/Html/005.htm
  18. 18.
    Goodman, B., Flaxman, S.: EU regulations on algorithmic decision-making and a “right to explanation”. AI Mag. 38(3) (2017)Google Scholar
  19. 19.
    Holtz, L.-E., Nocun, K., Hansen, M.: Towards displaying privacy information with icons. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IAICT, vol. 352, pp. 338–348. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20769-3_27CrossRefGoogle Scholar
  20. 20.
    Inchauste, F.: The dirtiest word in UX: Complexity, July 2010. http://uxmag.com/articles/the-dirtiest-word-in-ux-complexity
  21. 21.
    Kinderlerer, J., Dabrock, P., Haker, H., Nys, H., Salvi, M.: Opinion 26 - Ethics of information and communication technologies. Publications Office of the European Union, February 2012. ISBN 978-92-79-22734-9.  https://doi.org/10.2796/13541, http://bookshop.europa.eu/en/ethics-of-information-and-communication-technologies-pbNJAJ12026/
  22. 22.
    Kodagoda, N.: Using machine learning to infer reasoning provenance from user interaction log data: based on the data/frame theory of sensemaking. JCEDM Spec. Issue 11(1), 23–47 (2017)Google Scholar
  23. 23.
    Koops, B.-J.: On Decision Transparency, or How to Enhance Data Protection after the Computational Turn, pp. 196–220 (2013)Google Scholar
  24. 24.
    Krauskopf, T., Miller, J., Resnick, P., Treese, W.: Pics label distribution label syntax and communication protocols. Technical report, October 1996. https://www.w3.org/TR/REC-PICS-labels-961031
  25. 25.
    Lehmann, J., et al.: Distributed semantic analytics using the SANSA stack. In: d’Amato, C., et al. (eds.) ISWC 2017. LNCS, vol. 10588, pp. 147–155. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-68204-4_15CrossRefGoogle Scholar
  26. 26.
    McDonald, A.M.: Footprints Near the Surf: Individual Privacy Decisions in Online Contexts. Ph.D. thesis (2010). https://kilthub.figshare.com/articles/Footprints_Near_the_Surf_Individual_Privacy_Decisions_in_Online_Contexts/6717041
  27. 27.
    McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. I/S: J. Law Policy Inf. Soc. 4(3), 543–568 (2008). http://heinonline.org/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/isjlpsoc4&section=27, https://kb.osu.edu/dspace/bitstream/handle/1811/72839/ISJLP_V4N3_543.pdf
  28. 28.
    Meis, R., Wirtz, R., Heisel, M.: A taxonomy of requirements for the privacy goal transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 195–209. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-22906-5_15CrossRefGoogle Scholar
  29. 29.
  30. 30.
    Moses, T.: Extensible access control markup language (xacml) v2.0. Technical report (2005). http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
  31. 31.
    Conference of the Independent Data Protection of the Authorities. The standard data protection model. Technical report (2016). https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methodology_V1.0.pdf
  32. 32.
    Pandit, H., O’Sullivan, D., Lewis, D.: Queryable provenance metadata for GDPR compliance. Procedia Comput. Sci. 137, 262–268 (2018)CrossRefGoogle Scholar
  33. 33.
    Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., De Oliveira, A.S., Sendor, J.: A-PPL: an accountability policy language. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP-2014. LNCS, vol. 8872, pp. 319–326. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-17016-9_21CrossRefGoogle Scholar
  34. 34.
    Sippel, B., European Parliament: Report on the proposal for a regulation of the European parliament and of the council concerning the respect for private life and the protection of personal data in electronic communications and repealing directive 2002/58/ec (regulation on privacy and electronic communications), October 2017. http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2017-0324&language=EN
  35. 35.
    European Union: Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation), May 2016Google Scholar
  36. 36.
    W3C: A P3P preference exchange language 1.0 (APPEL1.0) (2002)Google Scholar
  37. 37.
    W3C: The platform for privacy preferences 1.1 (P3P1.1) specification (2006)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  1. 1.Unabhängiges Landeszentrum für Datenschutz (ULD, Independent Centre for Privacy Protection) Schleswig-HolsteinKielGermany
  2. 2.World Wide Web Consortium/European Research Consortium for Informatics and Mathematics (W3C/ERCIM)Sophia AntipolisFrance

Personalised recommendations