Accomplishing Transparency within the General Data Protection Regulation

Transparency is a user-centric principle proposed to empower users to hold data processors accountable for the usage and the processing of the user’s personal data. Accomplishing transparency may come with some resistance because it requires significant architectural changes, but it is mandatory by law under the recently approved General Data Protection Regulation. To help the transition, we systematically review what Transparency Enhancing Technologies can help to accomplish transparency in agreement with technical requirements that we elicited from the Regulation’s articles. We discuss our findings in the domain of medical data systems, where accomplishing transparency looks particularly controversial due to sensitivity of the personal medical data.

[1]  Ana Ferreira,et al.  Can Transparency Enhancing Tools Support Patient's Accessing Electronic Health Records? , 2015, WorldCIST.

[2]  Sourya Joyee De,et al.  Privacy Risk Analysis to Enable Informed Privacy Settings , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[3]  Axel Küpper,et al.  Designing a GDPR-Compliant and Usable Privacy Dashboard , 2017, Privacy and Identity Management.

[4]  Johanneke Siljee,et al.  Privacy transparency patterns , 2015, EuroPLoP.

[5]  Ruslan Mitkov,et al.  The Oxford handbook of computational linguistics , 2003 .

[6]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[7]  S. Fischer-Hübner,et al.  Privacy in Social Collective Intelligence Systems , 2014 .

[8]  Maritta Heisel,et al.  Computer-Aided Identification and Validation of Intervenability Requirements , 2017, Inf..

[9]  Edgar A. Whitley,et al.  Privacy and Informed Consent in Online Interactions: Evidence from Expert Focus Groups , 2010, ICIS.

[10]  Gabriele Lenzini,et al.  Transparent Medical Data Systems , 2016, Journal of Medical Systems.

[11]  Oshani Seneviratne,et al.  Enabling privacy through transparency , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[12]  Jean Everson Martina,et al.  Private Verification of Access on Medical Data: An Initial Study , 2017, DPM/CBT@ESORICS.

[13]  Rafael Accorsi,et al.  Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[14]  Tobias Pulls,et al.  How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used? , 2013, Privacy and Identity Management.

[15]  Erez Shmueli,et al.  openPDS: Protecting the Privacy of Metadata through SafeAnswers , 2014, PloS one.

[16]  Norman M. Sadeh,et al.  Identifying the Provision of Choices in Privacy Policy Text , 2017, EMNLP.

[17]  Christian Zimmermann,et al.  A Categorization of Transparency-Enhancing Technologies , 2015, ArXiv.

[18]  Sören Auer,et al.  Semantic Similarity based Clustering of License Excerpts for Improved End-User Interpretation , 2017, SEMANTiCS.

[19]  Gabriele Lenzini,et al.  Modelling Metrics for Transparency in Medical Systems , 2017, TrustBus.

[20]  Stefan Berthold,et al.  Crime and Punishment in the Cloud Accountability, Transparency, and Privacy , 2013 .

[21]  Livio Robaldo,et al.  A Framework to Reason about the Legal Compliance of Security Standards , 2016 .

[22]  Jürgen Beyerer,et al.  PrivacyInsight: The Next Generation Privacy Dashboard , 2016, APF.

[23]  Tobias Pulls,et al.  Transparency, Privacy and Trust - Technology for Tracking and Controlling My Data Disclosures: Does This Work? , 2016, IFIPTM.