Abstract
The privacy issue is highly relevant for modern information systems. Both particular users and organizations usually do not understand risks related with personal data processing. The ways an organization gathers, uses, discloses, and manages a customer’s or client’s data should be described by privacy policy, but in major cases such policies are confusing for the customer. The goal of this research is making privacy policy transparent for the users via automation of the privacy risks assessment process based on the privacy policy. The paper introduces the developed common approach to privacy risks assessment based on analysis of privacy policies and ontology for privacy policies. The approach includes construction of an ontology for a privacy policy, and generation of rules for privacy risks assessment based on the proposed ontology. The applicability of the proposed approach and ontology is demonstrated on the case study for IoT device.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
General Data Protection Regulation (GDPR). https://gdpr-info.eu/
Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-p 3p privacy policies and privacy authorization. In: Proceedings of the ACM workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA (2002)
Karjoth, G., Schunter, M.: Privacy policy model for enterprises. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada (2002)
Ardagna, C.A., De Capitani di Vimercati, S., Samarati, P.: Enhancing user privacy through data handling policies. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 224–236. Springer, Heidelberg (2006). https://doi.org/10.1007/11805588_16
Pardo, R., Le Métayer, D.: Analysis of privacy policies to enhance informed consent. In: Foley, Simon N. (ed.) DBSec 2019. LNCS, vol. 11559, pp. 177–198. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22479-0_10
Gerl, A., Bennani, N., Kosch, H., Brunie, L.: LPL, towards a GDPR-compliant privacy language: formal definition and usage. Trans. Large-Scale Data- Knowl.-Centered Syst. 37, 41–80 (2018)
De, S.J., Le Metayer, D.: Privacy risk analysis to enable informed privacy settings. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), London, pp. 95–102 (2018)
Zimmeck, S., et al.: MAPS: scaling privacy compliance analysis to a million apps. In: Proceedings on Privacy Enhancing Technologies, vol. 66 (2019). https://ir.lawnet.fordham.edu/faculty_scholarship/1040
Kumar V.B., et al.: Finding a choice in a haystack: automatic extraction of opt-out statements from privacy policy text. In: Proceedings of the Web Conference 2020 (WWW 2020), p. 1943–1954. Association for Computing Machinery, New York (2020)
Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018)
Children’s Online Privacy Protection Rule (“COPPA”). https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule. Accessed 05 July 2020
Health Information Privacy. https://www.hhs.gov/hipaa/index.html. Accessed 05 July 2020
Pandit, H.J., O’Sullivan D., Lewis, D.: An ontology design pattern for describing personal data in privacy policies. In: WOP@ISWC (2018)
IoT Security Compliance Framework. https://www.iotsecurityfoundation.org/best-practice-guidelines/. Accessed 05 July 2020
GSMA IoT Security Guidelines and Assessment. http://gsma.com/iot/iot-security/iot-security-guidelines/. Accessed 05 July 2020
PROV_O: The PROV Ontology. https://www.w3.org/TR/prov-o/#Agent. Accessed 05 July 2020
August Device and Service Privacy Policy. https://august.com/pages/privacy-policy#product. Accessed 05 July 2020
California Consumer Privacy Act 2018. https://oag.ca.gov/privacy/ccpa. Accessed 05 July 2020
Graffoo OWL Editor. https://essepuntato.it/graffoo/. Accessed 05 July 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Novikova, E., Doynikova, E., Kotenko, I. (2020). P2Onto: Making Privacy Policies Transparent. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE ADIoT 2020 2020 2020. Lecture Notes in Computer Science(), vol 12501. Springer, Cham. https://doi.org/10.1007/978-3-030-64330-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-64330-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64329-4
Online ISBN: 978-3-030-64330-0
eBook Packages: Computer ScienceComputer Science (R0)