Skip to main content

Personalised Privacy Policies

  • 1068 Accesses

Part of the Communications in Computer and Information Science book series (CCIS,volume 909)

Abstract

Internet services have become an important part of the daily life for a large number of people, and often deal with varying amounts of personal information. A privacy policy is a legal document governed by territorial laws that outlines the collection, usage, storage, and sharing of personal data. A known problem with such documents is its ambiguity and difficulty in comprehension for end users. The General Data Protection Regulation (GDPR) requires transparency regarding the provision of such information to the data subject through its various obligations and rights. We propose a remodelling of the privacy policy based on provision of relevant information regarding personal data specific to the user. Such a policy will dynamically reflect the state of activities over personal data using a legal and comprehensive document, and can be used as a tool for the provision of rights and requests from data subjects. We support our discussion with an example use-case of a GDPR-based privacy policy adopted from online services. We present our analysis on identifying changes and our approach towards the representation and creation of such dynamic policies.

Keywords

  • Privacy policy
  • Personalisation
  • GDPR
  • Metadata

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-00063-9_14
  • Chapter length: 11 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   79.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-00063-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.

Notes

  1. 1.

    http://www.internetlivestats.com/total-number-of-websites/.

  2. 2.

    https://usableprivacy.org/.

  3. 3.

    https://www.airbnb.ie/terms/privacy_policy.

  4. 4.

    https://twitter.com/en/privacy.

  5. 5.

    https://opengogs.adaptcentre.ie/harsh/privacy-policy-dashboard/.

  6. 6.

    https://openscience.adaptcentre.ie/projects/privacy-policy/personalise/.

  7. 7.

    https://www.w3.org/TR/microdata/.

  8. 8.

    https://www.w3.org/TR/rdfa-primer/.

  9. 9.

    http://schema.org/.

  10. 10.

    http://www.w3.org/TR/prov-o/.

  11. 11.

    http://purl.org/net/p-plan.

  12. 12.

    http://jinja.pocoo.org/.

  13. 13.

    https://www.w3.org/TR/sparql11-query/.

References

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119, 1–88, May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC

  2. Ammar, W., Wilson, S., Sadeh, N., Smith, N.A.: Automatic categorization of privacy policies: a pilot study (2012). http://repository.cmu.edu/lti/199/

  3. Bhatia, J., Breaux, T.D.: A data purpose case study of privacy policies. In: 2017 IEEE 25th International Requirements Engineering Conference (RE), pp. 394–399. IEEE (2017)

    Google Scholar 

  4. Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9

    CrossRef  Google Scholar 

  5. Esayas, S., Mahler, T., McGillivray, K.: Is a picture worth a thousand terms? Visualising contract terms and data protection requirements for cloud computing users. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 39–56. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46963-8_4

    CrossRef  Google Scholar 

  6. Fabian, B., Ermakova, T., Lentz, T.: Large-scale readability analysis of privacy policies. In: Proceedings of the International Conference on Web Intelligence, WI 2017, pp. 18–25. ACM, New York (2017). https://doi.org/10.1145/3106426.3106427

  7. Fawaz, H.H.K., Schaub, R.L.F., Karl, K.G.S.: Polisis: automated analysis and presentation of privacy policies using deep learning. Technical report, EPFL (2017). https://pribot.org/files/Polisis_Technical_Report.pdf

  8. Jensen, C., Potts, C.: Privacy policies as decision-making tools: an evaluation of online privacy notices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2004, pp. 471–478. ACM, New York (2004). https://doi.org/10.1145/985692.985752

  9. Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018). https://doi.org/10.3233/SW-170283

  10. Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_31

    CrossRef  Google Scholar 

  11. Pandit, H.J., Lewis, D.: Modelling provenance for GDPR compliance using linked open data vocabularies. In: Proceedings of the 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn2017) (PrivOn) (2017). http://ceur-ws.org/Vol-1951/#paper-06

  12. Rossi, A., Palmirani, M.: A visualization approach for adaptive consent in the european data protection framework. In: 2017 Conference for E-Democracy and Open Government (CeDEM), pp. 159–170, May 2017. https://doi.org/10.1109/CeDEM.2017.23

  13. Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: privacy policy benchmarking using machine learning and the EU GDPR. In: WWW 2018 Companion Proceedings of the Web Conference 2018, pp. 163–166. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2018). https://doi.org/10.1145/3184558.3186969

  14. Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, IWSPA 2018, pp. 15–21. ACM, New York (2018). https://doi.org/10.1145/3180445.3180447

  15. Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 1330–1340. Association for Computational Linguistics, Berlin, Germany, August 2016. http://www.aclweb.org/anthology/P16-1126

Download references

Acknowledgements

This work is supported by the ADAPT Centre for Digital Content Technology which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Harshvardhan Jitendra Pandit .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Pandit, H.J., O’Sullivan, D., Lewis, D. (2018). Personalised Privacy Policies. In: , et al. New Trends in Databases and Information Systems. ADBIS 2018. Communications in Computer and Information Science, vol 909. Springer, Cham. https://doi.org/10.1007/978-3-030-00063-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00063-9_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00062-2

  • Online ISBN: 978-3-030-00063-9

  • eBook Packages: Computer ScienceComputer Science (R0)