Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Personalised Privacy Policies

8 views

Published on

Workshop Paper
Harshvardhan J. Pandit, Declan O'Sullivan, Dave Lewis.
TELERISE: 4th International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Budapest, Hungary. 2018

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Personalised Privacy Policies

  1. 1. Personalised Privacy Policies Harshvardhan J. Pandit, Declan O’Sullivan, Dave Lewis ADAPT Centre - Trinity College Dublin - Ireland https://openscience.adaptcentre.ie/ pandith@tcd.ie | @coolharsh55 The ADAPT Centre is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund. contribution to µ novel rthatisme I twitter emailme thoughts questions collaboration's criticism
  2. 2. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Privacy Policy privacy policy is a legal document (according to privacy laws) that discloses how (personal) data is - a) gathered b) used c) disclosed d) managed 2
  3. 3. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Reading Privacy Policies 3 Reading the Privacy Policies You Encounter in a Year Would Take 76 Workdays - Alexis C. Madrigal - The Atlantic - Mar 1, 2012
  4. 4. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 then came GDPR... GDPR, which became enforced from 25th May specifies additional rights and obligations for information to be provided by the controller to the data subject before collecting happens. 4
  5. 5. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Soon after 25th May... 5
  6. 6. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 GDPR says... Provide specific information to the user about how their data is being collected, used, stored, and shared. 6 Exactly what data? How is it collected? Shared with whom ? Stored for how long? Only for me i. e. Data Subject • Not common to everyone • Not generalised•
  7. 7. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 But the Privacy Policy still says... a) we “may” collect your data b) we “may” store your data c) we “may” use your data d) we “may” share your data Q: Are you collecting data? A: Yes. No. “Maybe”. 7
  8. 8. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Resolving Ambiguity 8 represent the system as a model of steps and artefacts
  9. 9. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Resolving Ambiguity 8 A meta model of the system Annotate model using semantic web vocabularies GDPRtEXT [10] and GDPRov [11] 7 uses data uses data shares data collects data stores data gives data Third party has access to data data data
  10. 10. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Analysis of Privacy Policies 9
  11. 11. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Annotate Privacy Policy 10 storedcopy becauseprivacy policiescanchange datacollection legal basis information categories grouping of data datainstances purpose
  12. 12. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Why do it? Benefits!!! 11 1. Systematic representation of privacy policy metadata 2. Can generate privacy policy when system changes 3. Automation of policies 4. Structured metadata 5. Better for Data Subjects (more information available) 6. Metadata is also useful for compliance purpsoes
  13. 13. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 How to do it? Approaches... 12 A. Manually i) complex ii) requires legal clarity for concepts iii) time consuming B. Automate i) faster ii) difficult to implement iii) can scale to large number of policies TWO approaches - do it myself, or automate
  14. 14. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Future Work - More Annotations 13
  15. 15. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Future Work - Demo 14
  16. 16. www.adaptcentre.ie “Personalised Privacy Policies” at TELERISE2018 http://openscience.adaptcentre.ie/ Presented by: Harshvardhan J. Pandit pandith@tcd.ie @coolharsh55 Let us discuss! 15

×