Abstract
The General Data Protection Regulation (GDPR) makes the creation of compliant privacy policies a complex process. Our goal is to support policy authors during the creation of privacy policies, by providing them feedback on the privacy policy they are creating. We present the Privacy Policy Compliance Guidance (PriPoCoG) framework supporting policy authors as well as data protection authorities in checking the compliance of privacy policies. To this end we formalize the Layered Privacy Language (LPL) and parts of the GDPR using Prolog. Our formalization, ‘Prolog-LPL’ (P-LPL), points out inconsistencies in a privacy policy and problematic parts of a policy regarding GDPR-compliance. To evaluate P-LPL we translate the Amazon.de privacy policy into P-LPL and perform a compliance analysis on this policy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
Available at: https://github.com/jensLeicht/PriPoCoG.
References
Amazon Europe Core: Amazon.de privacy policy (2020). https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010 &language=en_GB, Accessed 11 Jan 2022
Bhatia, J., Evans, M.C., Breaux, T.D.: Identifying incompleteness in privacy policy goals using semantic frames. Requirements Eng. 24(3), 291–313 (2019). https://doi.org/10.1007/s00766-019-00315-y
Caramujo, J., Rodrigues da Silva, A., Monfared, S., Ribeiro, A., Calado, P., Breaux, T.: RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies. Requirements Eng. 24(1), 1–26 (2018). https://doi.org/10.1007/s00766-018-0305-2
European Parliament, Council of the European Union: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119, 1–88 (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
Gerl, A.: Modelling of a Privacy Language and Efficient Policy-based De-identification. Ph.D. thesis, Universität Passau (2020). https://nbn-resolving.org/urn:nbn:de:bvb:739-opus4-7674
Gol Mohammadi, N., Pampus, J., Heisel, M.: Pattern-based incorporation of privacy preferences into privacy policies: negotiating the conflicting needs of service providers and end-users. In: Proceedings of the 24th European Conference on Pattern Languages of Programs, pp. 1–12 (2019)
ISO 13221–1:1995: Information technology - Programming languages - Prolog - Part 1: General core. Standard, International Organization for Standardization, Geneva, CH (1995)
Kiyomoto, S., Nakamura, T., Takasaki, H., Watanabe, R., Miyake, Y.: PPM: privacy policy manager for personalized services. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 377–392. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40588-4_26
Leicht, J., Gerl, A., Heisel, M.: Technical report on the extension of the layered privacy language. University Duisburg-Essen (2021). https://doi.org/10.17185/duepublico/74569
Pandit, H.J.: Data privacy vocabulary (DPV). Draft, Data Privacy Vocabularies and Controls Community Group (2021). https://dpvcg.github.io/dpv/
Slavin, R., et al.: Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the 38th International Conference on Software Engineering, pp. 25–36 (2016)
Torre, D., et al.: An AI-assisted approach for checking the completeness of privacy policies against GDPR. In: 2020 IEEE 28th International Requirements Engineering Conference (RE), pp. 136–146. IEEE (2020)
Yang, L., Chen, X., Luo, Y., Lan, X., Chen, L.: PurExt: automated extraction of the purpose-aware rule from the natural language privacy policy in IoT. Secur. Commun. Netw. 2021, 1–11 (2021)
Acknowledgement
We thank Thomas Santen for his useful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Leicht, J., Heisel, M., Gerl, A. (2022). PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies. In: Katsikas, S., Furnell, S. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2022. Lecture Notes in Computer Science, vol 13582. Springer, Cham. https://doi.org/10.1007/978-3-031-17926-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-17926-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17925-9
Online ISBN: 978-3-031-17926-6
eBook Packages: Computer ScienceComputer Science (R0)