Extracting Layered Privacy Language Purposes from Web Services

Web services are important in the processing of personal data in the World Wide Web. In light of recent data protection regulations, this processing raises a question about consent or other basis of legal processing. While a consent must be informed, many web services fail to provide enough information for users to make informed decisions. Privacy policies and privacy languages are one way for addressing this problem; the former document how personal data is processed, while the latter describe this processing formally. In this paper, the so-called Layered Privacy Language (LPL) is coupled with web services in order to express personal data processing with a formal analysis method that seeks to generate the processing purposes for privacy policies. To this end, the paper reviews the background theory as well as proposes a method and a concrete tool. The results are demonstrated with a small case study.

[1]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[2]  Roy Fielding RFC 2068 : Hypertext Transfer Protocol-HTTP/1.1 , 1997 .

[3]  Ismail Hakki Toroslu,et al.  A Semantic-Based User Privacy Protection Framework for Web Services , 2003, ITWP.

[4]  Boualem Benatallah,et al.  A Petri Net-based Model for Web Service Composition , 2003, ADC.

[5]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[6]  Rik Van de Walle,et al.  Survey of Semantic Description of REST APIs , 2014 .

[7]  Masooda Bashir,et al.  Online privacy and informed consent: The dilemma of information asymmetry , 2015, ASIST.

[8]  José M. del Álamo,et al.  Privacy Engineering: Shaping an Emerging Field of Research and Practice , 2016, IEEE Security & Privacy.

[9]  Ruben Verborgh,et al.  The SmartAPI Ecosystem for Making Web APIs FAIR , 2017, International Semantic Web Conference.

[10]  Burkhard Schafer,et al.  Edinburgh Research Explorer Opening the black box , 2022 .

[11]  Jordi Cabot,et al.  Example-Driven Web API Specification Discovery , 2017, ECMFA.

[12]  Ruben Verborgh,et al.  smartAPI: Towards a More Intelligent Network of Web APIs , 2017, ESWC.

[13]  Armin Gerl,et al.  LPL, Towards a GDPR-Compliant Privacy Language: Formal Definition and Usage , 2018, Trans. Large Scale Data Knowl. Centered Syst..

[14]  Antonio Kung,et al.  Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[15]  Olaf Owe,et al.  A secrecy-preserving language for distributed and object-oriented systems , 2018, J. Log. Algebraic Methods Program..

[16]  Knott Nigel The General Data Protection Regulation , 2018 .

[17]  Armin Gerl Extending Layered Privacy Language to Support Privacy Icons for a Personal Privacy Policy User Interface , 2018 .

[18]  Ville Leppänen,et al.  Annotation-Based Static Analysis for Personal Data Protection , 2019, Privacy and Identity Management.

[19]  Armin Gerl,et al.  Let Users Control Their Data – Privacy Policy-Based User Interface Design , 2019 .

[20]  Ville Leppänen,et al.  The General Data Protection Regulation: Requirements, Architectures, and Constraints , 2019, 2019 IEEE 27th International Requirements Engineering Conference (RE).

[21]  Armin Gerl,et al.  Policy-based Authentication and Authorization based on the Layered Privacy Language , 2019, BTW.

[22]  Alexandra Giannopoulou,et al.  Algorithmic systems: the consent is in the detail? , 2020, Internet Policy Rev..

[23]  Piero A. Bonatti,et al.  Machine Understandable Policies and GDPR Compliance Checking , 2020, KI - Künstliche Intelligenz.