This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
These slides provide an overview of the new data protection framework for academic research under the GDPR, situating this within the broader context of ethical review. After outlining the broad scope and default duties of the GDPR, the slides look at the critical issue of distinguishing processing for “academic purposes” - common in humanities and social studies – from processing only for “research” – common in the biomedical and other “hard” sciences. Whilst the former is subject to wide and liberal derogations akin to journalism, the latter is subject to mandatory safeguards and limited (and often further safeguarded) derogations. The implications of all this for ensuring lawful processing is outlined focusing on purposes specification, transparency, legal vires, data export and discipline duties as regards processors and co-controllers. It is finally noted that article 23 of the GDPR could permit further flexibility in future through secondary legislation.
European Data Protection, the Right to be Forgotten and Search EnginesDavid Erdos
Provides background and explores the interpretation and enforcement of search engines' obligations under European data protection almost four years on from Google Spain (2014) and on the cusp of the new GDPR era. Focuses on four ongoing controversies: (i) the scope of such responsibilities under DP, (ii) the regulation of sensitive persona data, (iii) the legitimacy of webmaster notification and (iv) the geographical scope of action required.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Reconciling Humanities and Social Science Research With Data ProtectionDavid Erdos
Humanities and social science research contribute enormously to collective public knowledge and discussion. Such activity will almost invariably involve the processing of personal information and will, therefore, trigger the application of EU data protection law including the forthcoming General Data Protection Regulation (GDPR). This presentation argues that the GDPR’s default provisions – especially as regards the presumption of consent for sensitive data, data subject notification rules and strict discipline provisions – pose an acute threat to such activity. Moreover, whilst the research derogations (Art. 89) ameliorate a few of the issues, they are principally designed for work based on a highly structured, predetermined and largely fiduciary model such as is common in bio-medicine. As recognised by a wide variety of research organizations during debate on the GDPR (including the Wellcome Trust and UK Economic and Social Research Council), given that social/humanities scholarship is intrinsically linked to public knowledge and discussion, it should in fact benefit not just from these research derogations but also from the more permissive (but not absolute) derogations for free speech. The GDPR now recognises this but granting free speech protection for “academic expression” alongside that of journalism, literature and art (Art. 85 (2)). (N.B. These slides are based on a talk given at the University of Hong Kong “Positioning Privacy and Transparency in Data-intensive Research and Data-drive Regulation” on 8 November 2016).
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
These slides provide an overview of the new data protection framework for academic research under the GDPR, situating this within the broader context of ethical review. After outlining the broad scope and default duties of the GDPR, the slides look at the critical issue of distinguishing processing for “academic purposes” - common in humanities and social studies – from processing only for “research” – common in the biomedical and other “hard” sciences. Whilst the former is subject to wide and liberal derogations akin to journalism, the latter is subject to mandatory safeguards and limited (and often further safeguarded) derogations. The implications of all this for ensuring lawful processing is outlined focusing on purposes specification, transparency, legal vires, data export and discipline duties as regards processors and co-controllers. It is finally noted that article 23 of the GDPR could permit further flexibility in future through secondary legislation.
European Data Protection, the Right to be Forgotten and Search EnginesDavid Erdos
Provides background and explores the interpretation and enforcement of search engines' obligations under European data protection almost four years on from Google Spain (2014) and on the cusp of the new GDPR era. Focuses on four ongoing controversies: (i) the scope of such responsibilities under DP, (ii) the regulation of sensitive persona data, (iii) the legitimacy of webmaster notification and (iv) the geographical scope of action required.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Reconciling Humanities and Social Science Research With Data ProtectionDavid Erdos
Humanities and social science research contribute enormously to collective public knowledge and discussion. Such activity will almost invariably involve the processing of personal information and will, therefore, trigger the application of EU data protection law including the forthcoming General Data Protection Regulation (GDPR). This presentation argues that the GDPR’s default provisions – especially as regards the presumption of consent for sensitive data, data subject notification rules and strict discipline provisions – pose an acute threat to such activity. Moreover, whilst the research derogations (Art. 89) ameliorate a few of the issues, they are principally designed for work based on a highly structured, predetermined and largely fiduciary model such as is common in bio-medicine. As recognised by a wide variety of research organizations during debate on the GDPR (including the Wellcome Trust and UK Economic and Social Research Council), given that social/humanities scholarship is intrinsically linked to public knowledge and discussion, it should in fact benefit not just from these research derogations but also from the more permissive (but not absolute) derogations for free speech. The GDPR now recognises this but granting free speech protection for “academic expression” alongside that of journalism, literature and art (Art. 85 (2)). (N.B. These slides are based on a talk given at the University of Hong Kong “Positioning Privacy and Transparency in Data-intensive Research and Data-drive Regulation” on 8 November 2016).
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
In general, the GDPR applies to any business that processes personal data by automated or manual processing
A strategic approach is introduced to regulating personal data and the normative foundations of the European Unions General Data Protection Regulation (GDPR)
Existing Requirements imposed by the 1995 Data Protection Directive are refined.
It does this by establishing a uniform framework for data protection legislation across the EU
This presentation covers what you as a business owner need to do in order to be ready and compliant for GDPR. It shows you all of the different lawful basis that you can use for processing personal data, so that you do not have to rely on consent.
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Knobbe Martens Of Counsel, Arsen Kourinian hosted a webinar regarding data privacy issues surrounding the COVID-19 coronavirus outbreak, and the current state of the evolving regulations governing the California Consumer Privacy Act (CCPA).
General Data Protection Regulation for OpsKamil Rextin
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
The International Comparative Legal Guide to: Data Protection 2016Matheson Law Firm
Matheson partners Anne-Marie Bohan and Andreas Carney co-wrote the Ireland chapter for The International Comparative Legal Guide to: Data Protection 2016, third edition.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
In general, the GDPR applies to any business that processes personal data by automated or manual processing
A strategic approach is introduced to regulating personal data and the normative foundations of the European Unions General Data Protection Regulation (GDPR)
Existing Requirements imposed by the 1995 Data Protection Directive are refined.
It does this by establishing a uniform framework for data protection legislation across the EU
This presentation covers what you as a business owner need to do in order to be ready and compliant for GDPR. It shows you all of the different lawful basis that you can use for processing personal data, so that you do not have to rely on consent.
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Knobbe Martens Of Counsel, Arsen Kourinian hosted a webinar regarding data privacy issues surrounding the COVID-19 coronavirus outbreak, and the current state of the evolving regulations governing the California Consumer Privacy Act (CCPA).
General Data Protection Regulation for OpsKamil Rextin
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
The International Comparative Legal Guide to: Data Protection 2016Matheson Law Firm
Matheson partners Anne-Marie Bohan and Andreas Carney co-wrote the Ireland chapter for The International Comparative Legal Guide to: Data Protection 2016, third edition.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
General Data Protection Regulation (GDPR) is here! Here's what you need to know on keeping your data secure and regulated! What it will mean for your existing data and what it means for future data you collect!
Wherever your business is located in the world, the GDPR will apply if you:
Offer products/services to EU citizens and/or:
Collect personal information from EU citizens
A simple, beautiful guide to understanding GDPR (General Data Protection Regulation).
All businesses in the UK and EU need to comply with GDPR by the 25th of May 2018 or risk hefty fines.
Use this free, visual guide to understand how you need to comply.
We'll be looking at what your customers' rights are, privacy by design, breach notifications, data security and more.
Finally, we'll give you a GDPR action checklist so you can take right steps to comply with the legislation in time.
After ensuring compliance as a controller and processor of data, Reddico created this presentation for the team - offering further guidance and information on our processes and how we've complied. For accuracy purposes, some information comes directly from the ICO's guidelines.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
It, Legal, Marketing and sales departments are all affected by the European Union's General Data Protection Regulation (EU GDPR). EU GDPR is more than an IT governance issue, it impacts the IT architecture and the user journey of your online and offline data capture processes.
The General Data Protection Regulation (GDPR) is a regulation scheduled to be enacted on May 25, 2018. It is designed to protect the privacy and rights of EU citizens, no matter where they are in the world. These slides cover the basics of these regulations and how you can make sure you are EU compliant.
This talk was presented in NULL/OWASP Delhi chapter meet in November 2017. It acts as an introduction to GDPR (General Data Protection Regulation) for security professionals
The GDPR changes are fast approaching and time is running out to prepare yourself and your data. GDPR is an important topic that you will need to know inside out for your business and marketing to succeed. CommuniGator can help you get fully prepared for its arrival.
We are here to answer YOUR GDPR questions to arm you with everything you need to ensure you are compliant come May 2018.
Find out how the new data law will affect your B2B marketing abilities. We answer all your questions with a Q&A section from our experts in the field – so you can really get to grips with the changes.
We cover:
- The good the bad and the ugly of GDPR
- Your own checklist to becoming compliant
- How to get your existing data ‘double opted-in’
- Answers to your burning questions!
The European Union General Data Protection Regulation (“EU-GDPR”) will come into effect on May, 25th. Your company may think it does not have to worry about this because you are located in the United States, and you may be wrong. If your company processes or holds personal data for a person residing in a European Union country, your company will have to comply.
GDPR Data Subject Rights - What You Need to KnowPiwik PRO
The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018 and introduces a list of data subjects’ rights to protect internet users. Learn how data controllers can ensure these rights and avoid severe fines.
The infographic was created by the experts from Piwik PRO.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
General Data Protection Regulation specifies how customers data can be used and protected. The primary objective of the GDPR is to give citizens control of their personal data. Failing to comply with GDPR can cost you 4% of global turnover or €20 million or whichever is greater.
Similar to An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR (20)
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
A Sighting of filterA in Typelevel Rite of Passage
An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR
1. .lusoftware verification & validation
VVS
An AI-assisted Approach
for Checking the Completeness of
Privacy Policies Against GDPR
Zurich, September 3rd, 2020
Damiano Torre1, Sallam Abualhaija1,
Mehrdad Sabetzadeh2,1, Lionel Briand1,2
{damiano.torre, sallam.abualhaija}@uni.lu
{msabetza, lbriand}@uottawa.ca
1 University of Luxembourg, Luxembourg
2 University of Ottawa, Canada
Katrien Baetens, Peter Goes,
Sylvie Forastier
{katrien.baetens, peter.goes,
sylvie.forastier}@linklaters.com
Linklaters, Luxembourg
3. General Data Protection Regulation
• A complex EU regulation to harmonize data protection and
privacy in the European Union and the European Economic Area
• Every organization, EU-based or not, must comply with GDPR as
long as it collects and processes personal data of EU citizens and
residents
• Failure to comply with GDPR may result in fines of up to €20m or
4% of an organization's global turnover for specific breaches
3
4. Industrial Motivation
• Linklaters is a global law firm,
headquartered in London with a
base in Luxembourg
• Most of GDPR compliance checking
procedures are carried out manually
• Manual checking is time consuming
• Effective automated compliance
checking is needed
4
https://www.linklaters.com
5. Privacy Policy
Document stating how an organization handles personal data
5
How many privacy policies have you
read so far before clicking on “I agree”?
Twitter @bertsesame
6. Example of Checking
To comply with the regulation,
the privacy policy should include:
6
Article 13.2. (b) the existence
of the right to request from
the controller access to and
rectification or erasure of
personal data or restriction of
processing concerning the
data subject […].
CompletenessCompliance
7. Research Questions
RQ1: What are the metadata types required for checking the completeness
of a privacy policy according to GDPR?
Ø Building a conceptual model of GDPR privacy-related requirements
RQ2: How can the metadata required for completeness checking of a
privacy policy be extracted automatically?
Ø Developing automated metadata identification approach using NLP & ML
RQ3: How accurately can we extract metadata from privacy policies?
Ø Evaluating our metadata identification approach
RQ4: How accurately can we check the completeness of privacy policies?
Ø Evaluating our completeness checking approach
7
10. From GDPR to Metadata Model
10
(b) the existence of the right to request from the controller access to and rectification or
erasure of personal data or restriction of processing concerning the data subject […].
Article 13.2. The controller shall, at the time when personal data are obtained, provide the
data subject with the following further information to ensure fair and transparent processing:
DATA_SUBJECT_RIGHT
ACCESS RECTIFICATIONRESTRICTIONERASURE
11. DATA SUBJECT
RIGHT
11
RQ1: What are the metadata types required for checking
the completeness of a privacy policy according to GDPR?
RESTRICTION
COMPLAINT
ERASURE
OBJECT
PORTABILITY
WITHDRAW
CONSENT
ACCESS
RECTIFICATION
SA
DIRECT
INDIRECT PD ORIGIN
PUBLICLY
COOKIE
THIRD-PARTY
14. 14
Keywords
Training Data
Pre-
processing
1
Pre-trained Classifiers
Identified
Metadata
Pre-trained
Word Embeddings
Prediction
7
Similarity-based
Classification
5
Vectorization
3
KW-based
Classification
6
ML-based
Classification
4
Pre-
processing
1
Post-
processing
8
Text
Generalization
2
Privacy Policy
RQ2: How can the metadata required for completeness
checking of a privacy policy be extracted automatically?
15. Applying the NLP pipeline
Unit of Analysis: Sentence
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice provides you with detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice provides you with detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
• To access: you can obtain information relating to the processing of your personal
data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or incomplete,
you can require that such personal data be modified accordingly.
• To erase: you can require the deletion of your personal data, to the extent permitted
by law.
• To restrict: you can request the restriction of the processing of your personal data.
• To object: you can object to the processing of your personal data, on grounds
relating to your particular situation. You have the absolute right to object to the
processing of your personal data for direct marketing purposes, which includes
profiling related to such direct marketing.
• To withdraw your consent: where you have given your consent for the processing
of your personal data, you have the right to withdraw your consent at any time.
• To data portability: where legally applicable, you have the right to have the personal
data you have provided to us be returned to you or, where technically feasible,
transferred to a third party.
If you wish to exercise the rights listed above, please send a letter to the following
address data protection officer BNP Paribas Asset Management, 14 rue Bergere 75009
PARIS, FRANCE or an email using dataprotection@bnpparibas.com.
In accordance with applicable regulation, in addition to your rights above, you are also
entitled to lodge a complaint with the competent supervisory authority.
Pre-processing
15
Stopwords Removal
The protection of your personal data is important to the
BNP Paribas Group in France, which has adopted
strong principles in that respect for the entire Group.
protection personal data important BNP Paribas Group
France, adopt strong principle respect entire Group.
Lemmatization
16. Text Generalization
Replacing specific textual entities with more general ones
Ø Locations, organizations, websites, telephone numbers, e-mail and addresses
16
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice provides you with detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
• To access: you can obtain information relating to the processing of your personal
data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or incomplete,
you can require that such personal data be modified accordingly.
• To erase: you can require the deletion of your personal data, to the extent permitted
by law.
• To restrict: you can request the restriction of the processing of your personal data.
• To object: you can object to the processing of your personal data, on grounds
relating to your particular situation. You have the absolute right to object to the
processing of your personal data for direct marketing purposes, which includes
profiling related to such direct marketing.
• To withdraw your consent: where you have given your consent for the processing
of your personal data, you have the right to withdraw your consent at any time.
• To data portability: where legally applicable, you have the right to have the personal
data you have provided to us be returned to you or, where technically feasible,
transferred to a third party.
If you wish to exercise the rights listed above, please send a letter to the following
address data protection officer BNP Paribas Asset Management, 14 rue Bergere 75009
PARIS, FRANCE or an email using dataprotection@bnpparibas.com.
In accordance with applicable regulation, in addition to your rights above, you are also
entitled to lodge a complaint with the competent supervisory authority.
protection personal data important BNP Paribas Group
France adopt strong principle respect entire Group.
protection personal data important
ORGANIZATION LOCATION
adopt strong principle respect
entire Group.
exercise right list please send letter
following address data protection
officer ORGANIZATION ADDRESS
email use EMAIL.
17. Transforming the sentences into 100-dimentional vectors
Ø Using GloVe pre-trained models
Vectorization
17
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice provides you with detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
• To access: you can obtain information relating to the processing of your personal
data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or incomplete,
you can require that such personal data be modified accordingly.
• To erase: you can require the deletion of your personal data, to the extent permitted
by law.
• To restrict: you can request the restriction of the processing of your personal data.
• To object: you can object to the processing of your personal data, on grounds
relating to your particular situation. You have the absolute right to object to the
processing of your personal data for direct marketing purposes, which includes
profiling related to such direct marketing.
• To withdraw your consent: where you have given your consent for the processing
of your personal data, you have the right to withdraw your consent at any time.
• To data portability: where legally applicable, you have the right to have the personal
data you have provided to us be returned to you or, where technically feasible,
transferred to a third party.
If you wish to exercise the rights listed above, please send a letter to the following
address data protection officer BNP Paribas Asset Management, 14 rue Bergere 75009
PARIS, FRANCE or an email using dataprotection@bnpparibas.com.
In accordance with applicable regulation, in addition to your rights above, you are also
entitled to lodge a complaint with the competent supervisory authority.
data protection noticePre-processed sentence
protection
data
notice
[ -0.4710, 0.6158, 0.6897, -0.1815, 0.3078, -0.8415, -0.4187, -0.2001, 0.2818, -0.3401, 0.7729, -0.2277, 0.0599, -0.2414,
0.8778, 0.7204, 0.6429, 0.3625, 0.4162, 0.1300, -0.4707, -0.4466, 0.4736, 0.4076, -1.0341, -1.1422, 0.3744, 0.2463, -0.6729,
0.4918, 0.4651, 0.1361, -0.9380, 0.5189, 0.5155, -0.2651, -0.1455, 0.2252, 0.3524, -0.7965, -0.4225, -0.9059, -0.8400, 0.4536,
-0.7249, -0.1259, 0.4366, -0.5366, 0.0205, -0.7461, 1.1925, 0.1572, 0.2932, 0.9266, 0.4824, -1.8290, -0.0127, -0.3703, 2.3618,
0.3359, -0.1544, 0.1466, -0.1131, -0.0249, 0.3193, 0.2882, -0.2963, -0.3303, 1.4774, 0.2374, -0.2531, 0.6137, 0.5681, -0.5699,
0.4880, 0.0654, 0.2826, -0.1354, -1.1096, -0.3597, 0.8531, 0.4630, -1.1223, 0.0072, -1.7636, -0.4455, 1.2478, -0.3754, -0.2163,
0.4594, -0.1139, 0.7558, -0.2442, -0.0565, 0.5479, -0.3093, 0.2592, -0.5961, 0.2760, 0.0880]
[ 0.0330, -0.2653, 0.2386, -0.1449, 0.4572, -0.2129, -0.6080, -0.4135, 0.0960, -0.2114, -0.0625, -0.1854, 0.0909, -0.2509,
0.0931, -0.2927, 0.9347, -0.1482, -0.9635, 0.0151, -0.3910, -0.2225, -0.1056, 0.4497, 0.0575, 0.3878, -0.2755, -0.5580, -0.9241,
-0.4803, 0.3122, -0.0470, -0.0105, 0.4453, 0.3733, -0.2642, -0.0194, 0.0778, -0.0885, 0.0392, -0.1973, -0.3003, 0.2938, -0.2649,
0.5680, -0.2838, -0.4947, 0.3432, -0.4117, -0.9482, 0.5263, 0.1430, -0.7211, 1.2293, 0.4163, -0.9417, 0.8058, -1.0777, 2.4755,
0.3097, 0.1849, 0.3422, -0.2709, 0.2793, 1.0019, 0.0157, -0.4184, -0.1016, 0.8306, -0.3263, 0.1229, -0.4821, 0.3061, -0.1621,
0.7334, -0.1168, -0.3701, 0.1795, -1.1684, 0.1200, 0.8329, -0.1387, 0.0737, 0.5353, -1.1984, 0.7402, 0.1241, 0.0189, 0.2222,
-0.0001, 1.0163, -1.2003, 0.0576, 0.1005, 0.3886, 0.6566, -0.2975, -0.0867, 0.5531, -0.3809]
[ 0.1377, -0.5041, -0.1082, -0.2499, -0.2414, 0.3749, -0.5977, 0.4089, 0.3198, -0.4266, 0.2197, 0.0467, -0.0241, -0.3295,
0.1505, -0.0197, -0.0795, 0.3808, -0.0841, 0.0600, -0.2723, 0.3564, -0.5089, -0.5272, 0.1763, 0.0837, -0.0244, -0.0261, 0.2384,
-0.6271, 0.4758, 0.0080, 0.1979, -0.2095, -0.4243, 0.5012, -0.2161, -0.7097, -0.0681, -0.1287, -0.2156, 0.6505, 0.3222, -0.4843,
0.1309, -0.2888, -0.0246, -0.1711, 0.2656, -1.0098, 1.1561, -0.2706, -0.1719, 0.4489, 0.0501, -1.2639, -0.0260, -0.6504, 1.7581,
0.1059, -0.3542, 0.8539, -0.5211, 0.0547, 0.8483, -0.1820, -0.2561, 0.1676, -0.2452, -0.0495, -0.4471, -0.2160, 0.2036, -0.5234,
0.3364, 0.9539, -0.0427, -0.3200, -0.9549, -0.4273, 0.1453, -1.0337, -0.5458, -0.2693, -1.0983, -0.4366, 0.3313, -0.0407, 0.1030,
0.1724, 0.0570, -0.2919, 0.0124, -0.3216, 0.0375, 0.6194, -0.0108, 0.0652, -0.3073, 0.1408]
Corresponding
100-D vector
[ -0.1001, -0.0512, 0.2734, -0.1921, 0.1745, -0.2265, -0.5415, -0.0682, 0.2326, -0.3260, 0.3100,
-0.1221, 0.0422, -0.2739, 0.3738, 0.1360, 0.4994, 0.1984, -0.2105, 0.0684, -0.3780, -0.1042, -0.0470,
0.1100, -0.2668, -0.2236, 0.0248, -0.1126, -0.4529, -0.2052, 0.4177, 0.0324, -0.2502, 0.2516, 0.1548,
-0.0094, -0.1270, -0.1356, 0.0653, -0.2953, -0.2785, -0.1852, -0.0747, -0.0985, -0.0087, -0.2328, -0.0276,
-0.1215, -0.0419, -0.9014, 0.9583, 0.0099, -0.1999, 0.8683, 0.3162, -1.3449, 0.2557, -0.6995, 2.1985,
0.2505, -0.1079, 0.4475, -0.3017, 0.1030, 0.7232, 0.0406, -0.3236, -0.0881, 0.6876, -0.0461, -0.1925,
-0.0281, 0.3593, -0.4185, 0.5193, 0.3008, -0.0434, -0.0920, -1.0776, -0.2223, 0.6105, -0.2365, -0.5315,
0.0911, -1.3534, -0.0473, 0.5677, -0.1324, 0.0363, 0.2106, 0.3198, -0.2455, -0.0581, -0.0925, 0.3247,
0.3222, -0.0164, -0.2059, 0.1739, -0.0507]
20. ML-based Classification
• A binary classifier for each metadata type (levels 1&2)
20
DATA SUBJECT RIGHT
Not DATA SUBJECT RIGHT
Not DATA SUBJECT RIGHT
Not DATA SUBJECT RIGHT
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice enables you to obtain detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
22. Looking for the keywords of a metadata type that are present in the
sentence
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice enables you to obtain detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
• To access: you can obtain information relating to the processing of your personal
data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or incomplete,
you can require that such personal data be modified accordingly.
• To erase: you can require the deletion of your personal data, to the extent permitted
by law.
• To restrict: you can request the restriction of the processing of your personal data.
• To object: you can object to the processing of your personal data, on grounds
relating to your particular situation. You have the absolute right to object to the
processing of your personal data for direct marketing purposes, which includes
profiling related to such direct marketing.
• To withdraw your consent: where you have given your consent for the processing
of your personal data, you have the right to withdraw your consent at any time.
• To data portability: where legally applicable, you have the right to have the personal
data you have provided to us be returned to you or, where technically feasible,
transferred to a third party.
If you wish to exercise the rights listed above, please send a letter to the following
address data protection officer BNP Paribas Asset Management, 14 rue Bergere 75009
PARIS, FRANCE or an email using dataprotection@bnpparibas.com.
In accordance with applicable regulation, in addition to your rights above, you are also
entitled to lodge a complaint with the competent supervisory authority.
Keyword-based Classification
22
data protection notice enable obtain
detail information relate protection
personal data ORGANIZATION entity
list appendix all subject data
protection notice hereunder refer
access obtain information
relate processing personal data
copy personal data
Keywords of “ACCESS”
23. Combining the results
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice enables you to obtain detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
• To access: you can obtain information relating to the processing of your personal
data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or incomplete,
you can require that such personal data be modified accordingly.
• To erase: you can require the deletion of your personal data, to the extent permitted
by law.
• To restrict: you can request the restriction of the processing of your personal data.
• To object: you can object to the processing of your personal data, on grounds
relating to your particular situation. You have the absolute right to object to the
processing of your personal data for direct marketing purposes, which includes
profiling related to such direct marketing.
• To withdraw your consent: where you have given your consent for the processing
of your personal data, you have the right to withdraw your consent at any time.
• To data portability: where legally applicable, you have the right to have the personal
data you have provided to us be returned to you or, where technically feasible,
transferred to a third party.
If you wish to exercise the rights listed above, please send a letter to the following
address data protection officer BNP Paribas Asset Management, 14 rue Bergere 75009
PARIS, FRANCE or an email using dataprotection@bnpparibas.com.
In accordance with applicable regulation, in addition to your rights above, you are also
entitled to lodge a complaint with the competent supervisory authority.
Prediction
23
Keywords
Training Data
Pre-
processing
1
Pre-trained Classifiers
Identified
Metadata
Pre-trained
Word Embeddings
Prediction
7
Similarity-based
Classification
5
Vectorization
3
KW-based
Classification
6
ML-based
Classification
4
Pre-
processing
1
Post-
processing
8
Text
Generalization
2
Privacy Policy
DATA SUBJECT
RIGHT
COMPLAINT SA
DATA SUBJECT
RIGHT
ACCESS
24. DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice enables you to obtain detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
Considering the contextual information
Post-processing
24
Not DATA SUBJECT RIGHT
Not DATA SUBJECT RIGHT
Not DATA SUBJECT RIGHT
DATA SUBJECT RIGHTDATA SUBJECT RIGHT
Not DATA SUBJECT RIGHT
26. Case Study
DATA SUBJECT RIGHT and LEGAL BASIS
26
TO ENTER
CONTRACT
CONTRACTUAL
STATUTORY
CONSENT
PUBLIC
FUNCTION
LEGITIMATE
INTEREST
VITAL INTEREST
CONTRACT
LEGAL
OBLIGATION
LEGAL BASIS
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ERASURE
OBJECT
PORTABILITY
WITHDRAW
CONSENT
SA
ACCESS
RECTIFICATION
27. Document Collection
A total of 234 privacy policies, fully annotated
Ø 90% training-set and 10% testset
27
DATA SUBJECT RIGHT # of Sentences
ACCESS 228
COMPLAINT 196
SA 183
ERASURE 219
OBJECT 298
PORTABILITY 171
RECTIFICATION 215
RESTRICTION 179
WITHDRAW CONSENT 204
TOTAL 1710
LEGAL BASIS # of Sentences
CONSENT 272
CONTRACT 265
TO ENTER CONTRACT 69
CONTRACTUAL 164
STATUTORY 16
LEGAL OBLIGATION 351
LEGITIMATE INTEREST 507
PUBLIC FUNCTION 71
VITAL INTEREST 13
TOTAL 1479
29. Evaluation Metrics
• Precision (P): percentage of correctly identified metadata types
by the approach – TP/(TP+FP)
• Recall (R): percentage of correctly identified metadata types from
the ones actually present in the privacy policies – TP/(TP+FN)
29
True Positive
(TP)
Metadata type is present in the privacy policy and is
identified by the approach
False Positive
(FP)
Metadata type is NOT present in the privacy policy
but is identified by the approach
False Negative
(FN)
Metadata type is present in the privacy policy but is
NOT identified by the approach
30. RQ3: How accurately can we extract metadata from a
given privacy policy?
30
DATA SUBJECT RIGHT P(%) R(%)
ACCESS 100 91
COMPLAINT 100 100
SA 100 100
ERASURE 100 89
OBJECT 94 94
PORTABILITY 100 100
RECTIFICATION 100 95
RESTRICTION 100 94
WITHDRAW CONSENT 100 94
LEGAL BASIS P(%) R(%)
CONSENT 95 100
CONTRACT 90 95
TO ENTER CONTRACT 100 87
CONTRACTUAL 94 100
STATUTORY 83 100
LEGAL OBLIGATION 100 96
LEGITIMATE INTEREST 100 81
PUBLIC FUNCTION 75 60
VITAL INTEREST 100 80
32. Case Study Completeness Criteria
32
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ACCESS
RECTIFICATION
C1: Must always be present C2:
C4:C3:
DATA SUBJECT
RIGHT
ERASURE
OBJECT
PORTABILITY
WITHDRAW
CONSENT
CONSENT
LEGAL BASISIF THEN
DATA SUBJECT
RIGHT
PORTABILITY
CONTRACT
LEGAL BASIS
IF THEN
DATA SUBJECT
RIGHT
OBJECT
PUBLIC
FUNCTION
LEGITIMATE
INTEREST
LEGAL BASIS
IF THEN
https://www.clipartkey.co
m/view/hJTTiw_muppet-
wiki-sesame-street-bert/
If you give your consent for sharing
your data, can you withdraw it?
33. Example of Incompleteness Issue
33
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ACCESS
RECTIFICATION
C1: Must always be present
C3:
DATA SUBJECT
RIGHT
PORTABILITY
CONTRACT
LEGAL BASIS
IF THEN
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ACCESS
RECTIFICATION
DATA SUBJECT
RIGHT
PORTABILITY
CONTRACT
LEGAL BASIS
IF THEN
DATA PROTECTION NOTICE
The protection of your personal data is important […]
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
• To access: you can obtain information relating to the processing of your
personal data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or
incomplete, you can require that such personal data be modified
accordingly.
[…]
In accordance with applicable regulation, in addition to your rights above,
you are also entitled to lodge a complaint with the competent supervisory
authority.
WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA?
a) To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, […]
b) To perform a contract with you or to take steps at your request
before entering into a contract
We use your personal data to enter into and perform our contracts to provide you with
information regarding our products and services.
34. Evaluation Metrics
• Precision (P): percentage of correctly identified incompleteness
by the approach – TP/(TP+FP)
• Recall (R): percentage of correctly identified incompleteness from
what actually is in the privacy policies – TP/(TP+FN)
34
True Positive
(TP)
Incompleteness issue exists in the privacy policy and
is identified by the approach
False Positive
(FP)
Incompleteness issue does NOT exist in the privacy
policy but is identified by the approach
False Negative
(FN)
Incompleteness issue exists in the privacy policy but
is NOT identified by the approach
35. RQ4: How accurately can we check the completeness
of a given privacy policy?
On our test set (24 privacy policies):
Ø45 out of 47 incompleteness issues are correctly identified
ØFalse alarm on eight occasions
35
Criterion TPs FPs FNs P(%) R(%)
C1 16 4 0 80 100
C2 5 1 0 83 100
C3 3 0 2 100 60
C4 21 3 0 88 100
Summary 45 8 2 85 96