The collection and processing of personal data offers great opportunities for technological advances, but the accumulation of vast amounts of personal data also increases the risk of misuse for malicious intentions, especially in health care. Therefore, personal data are legally protected, e.g., by the European General Data Protection Regulation (GDPR), which states that individuals must be transparently informed and have the right to take control over the processing of their personal data. In real applications privacy policies are used to fulfill these requirements which can be negotiated via user interfaces. The literature proposes privacy languages as an electronic format for privacy policies while the users privacy preferences are represented by preference languages. However, this is only the beginning of the personal data life-cycle, which also includes the processing of personal data and its transfer to various stakeholders. In this work we define a personal privacy workflow, considering the negotiation of privacy policies, privacy-preserving processing and secondary use of personal data, in context of health care data processing to survey applicable Privacy Enhancing Technologies (PETs) to ensure the individuals’ privacy. Based on a broad literature review we identify open research questions for each step of the workflow.
The LPL Personal Privacy Policy User Interface (LPL PPP UI) is designed to allow for informed and free consent. An extension for the Layered Privacy Language and the Privacy Icons Overview is introduced here. The capabilities of the LPL PPP UI consist of informing the Data Subject about the contents of a privacy policy in a structured way, personal privacy interactions, and giving the Data Subject an overview utilising privacy icons are presented. The impact of the Privacy Icons Overview is further evaluated, taking into consideration both speed and accuracy. Furthermore, additional challenges for the creation of a privacy policy user interface as well as privacy icons are presented.
On the 25th May 2018 the General Data Protection Regulation (GDPR) will enter into force implying new challenges to both legal and computer sciences.e Layered Privacy Language (LPL) is intended to model privacy policies to enforce policy-based, privacypreserving processing. In this paper, we identify requirements for privacy policies based on Art. 12 -14 of the GDPR, analyze LPL according to the derived requirements, and propose improvements for LPL accordingly.
CCS CONCEPTS•Security and privacy → Domain-speci c security and privacy architectures; Privacy protections; •Social and professional topics → Privacy policies;
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.