Skip to main content
SpringerLink
Log in

P2Onto: Making Privacy Policies Transparent

  • Conference paper
  • First Online:
Computer Security (CyberICPS 2020, SECPRE 2020, ADIoT 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12501))

Abstract

The privacy issue is highly relevant for modern information systems. Both particular users and organizations usually do not understand risks related with personal data processing. The ways an organization gathers, uses, discloses, and manages a customer’s or client’s data should be described by privacy policy, but in major cases such policies are confusing for the customer. The goal of this research is making privacy policy transparent for the users via automation of the privacy risks assessment process based on the privacy policy. The paper introduces the developed common approach to privacy risks assessment based on analysis of privacy policies and ontology for privacy policies. The approach includes construction of an ontology for a privacy policy, and generation of rules for privacy risks assessment based on the proposed ontology. The applicability of the proposed approach and ontology is demonstrated on the case study for IoT device.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. General Data Protection Regulation (GDPR). https://gdpr-info.eu/

  2. Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-p 3p privacy policies and privacy authorization. In: Proceedings of the ACM workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA (2002)

    Google Scholar 

  3. Karjoth, G., Schunter, M.: Privacy policy model for enterprises. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada (2002)

    Google Scholar 

  4. Ardagna, C.A., De Capitani di Vimercati, S., Samarati, P.: Enhancing user privacy through data handling policies. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 224–236. Springer, Heidelberg (2006). https://doi.org/10.1007/11805588_16

    Chapter  Google Scholar 

  5. Pardo, R., Le Métayer, D.: Analysis of privacy policies to enhance informed consent. In: Foley, Simon N. (ed.) DBSec 2019. LNCS, vol. 11559, pp. 177–198. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22479-0_10

    Chapter  Google Scholar 

  6. Gerl, A., Bennani, N., Kosch, H., Brunie, L.: LPL, towards a GDPR-compliant privacy language: formal definition and usage. Trans. Large-Scale Data- Knowl.-Centered Syst. 37, 41–80 (2018)

    Google Scholar 

  7. De, S.J., Le Metayer, D.: Privacy risk analysis to enable informed privacy settings. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), London, pp. 95–102 (2018)

    Google Scholar 

  8. Zimmeck, S., et al.: MAPS: scaling privacy compliance analysis to a million apps. In: Proceedings on Privacy Enhancing Technologies, vol. 66 (2019). https://ir.lawnet.fordham.edu/faculty_scholarship/1040

  9. Kumar V.B., et al.: Finding a choice in a haystack: automatic extraction of opt-out statements from privacy policy text. In: Proceedings of the Web Conference 2020 (WWW 2020), p. 1943–1954. Association for Computing Machinery, New York (2020)

    Google Scholar 

  10. Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018)

    Article  Google Scholar 

  11. Children’s Online Privacy Protection Rule (“COPPA”). https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule. Accessed 05 July 2020

  12. Health Information Privacy. https://www.hhs.gov/hipaa/index.html. Accessed 05 July 2020

  13. Pandit, H.J., O’Sullivan D., Lewis, D.: An ontology design pattern for describing personal data in privacy policies. In: WOP@ISWC (2018)

    Google Scholar 

  14. IoT Security Compliance Framework. https://www.iotsecurityfoundation.org/best-practice-guidelines/. Accessed 05 July 2020

  15. GSMA IoT Security Guidelines and Assessment. http://gsma.com/iot/iot-security/iot-security-guidelines/. Accessed 05 July 2020

  16. PROV_O: The PROV Ontology. https://www.w3.org/TR/prov-o/#Agent. Accessed 05 July 2020

  17. August Device and Service Privacy Policy. https://august.com/pages/privacy-policy#product. Accessed 05 July 2020

  18. California Consumer Privacy Act 2018. https://oag.ca.gov/privacy/ccpa. Accessed 05 July 2020

  19. Graffoo OWL Editor. https://essepuntato.it/graffoo/. Accessed 05 July 2020

Download references

Author information

Authors and Affiliations

  1. HUAWEI Research Center, Marata str. 69-71, St. Petersburg, Russia

    Evgenia Novikova, Elena Doynikova & Igor Kotenko

  2. SPC RAS, SPIIRAS, 39, 14 Line, St. Petersburg, 199178, Russia

    Evgenia Novikova, Elena Doynikova & Igor Kotenko

Authors
  1. Evgenia Novikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elena Doynikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elena Doynikova .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Polytechnique Montréal, Montréal, QC, Canada

    Frédéric Cuppens

  3. Polytechnique Montréal, Montréal, QC, Canada

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. Department of Computer Science, University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  8. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

  9. Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Novikova, E., Doynikova, E., Kotenko, I. (2020). P2Onto: Making Privacy Policies Transparent. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE ADIoT 2020 2020 2020. Lecture Notes in Computer Science(), vol 12501. Springer, Cham. https://doi.org/10.1007/978-3-030-64330-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64330-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64329-4

  • Online ISBN: 978-3-030-64330-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation