Consent Verification Under Evolving Privacy Policies

Marco Robol, Travis D. Breaux, Elda Paja, Paolo Giorgini

Publikation: Konference artikel i Proceeding eller bog/rapport kapitelKonferencebidrag i proceedingsForskningpeer review


Personal data provides important business value, for example, in the personalization of services. In addition, companies are moving toward new business models, in which products and services are offered without charge to users, but in exchange for targeted advertising revenue. New privacy regulations require organizations to explicitly state their data practices in privacy policies, including which data types will be collected. By consenting to data collections described in a policy, the user acknowledges that he or she is granting the company the authorizations needed to access their data. When data practices change, a new version of the policy is released. This release can occur a few times a year, when requirements are rapidly changing for the collection and processing of personal data. Furthermore, the user may change his or her privacy consent by opting in or out of the policy. We propose a formal framework to support companies and users in their understanding of policies evolution under consent regime that supports both retroactive and non-retroactive consent and consent revocation. Preliminary results include an ontology for policy evolution, expressed in Description Logic, that can be used to formalize consent and data collection logs and then query for which data types can be legally accessed.
TitelProceedings of the IEEE 27th International Requirements Engineering Conference (RE'19)
Antal sider6
UdgivelsesstedConf. Location: Jeju Island, Korea (South)
Publikationsdato23 sep. 2019
ISBN (Trykt)978-1-7281-3913-5
ISBN (Elektronisk)978-1-7281-3912-8
StatusUdgivet - 23 sep. 2019


Dyk ned i forskningsemnerne om 'Consent Verification Under Evolving Privacy Policies'. Sammen danner de et unikt fingeraftryk.