Consent Verification Under Evolving Privacy Policies

Marco Robol, Travis D. Breaux, Elda Paja, Paolo Giorgini

Research output: Conference Article in Proceeding or Book/Report chapterArticle in proceedingsResearchpeer-review


Personal data provides important business value, for example, in the personalization of services. In addition, companies are moving toward new business models, in which products and services are offered without charge to users, but in exchange for targeted advertising revenue. New privacy regulations require organizations to explicitly state their data practices in privacy policies, including which data types will be collected. By consenting to data collections described in a policy, the user acknowledges that he or she is granting the company the authorizations needed to access their data. When data practices change, a new version of the policy is released. This release can occur a few times a year, when requirements are rapidly changing for the collection and processing of personal data. Furthermore, the user may change his or her privacy consent by opting in or out of the policy. We propose a formal framework to support companies and users in their understanding of policies evolution under consent regime that supports both retroactive and non-retroactive consent and consent revocation. Preliminary results include an ontology for policy evolution, expressed in Description Logic, that can be used to formalize consent and data collection logs and then query for which data types can be legally accessed.
Original languageEnglish
Title of host publicationProceedings of the IEEE 27th International Requirements Engineering Conference (RE'19)
Number of pages6
Place of PublicationConf. Location: Jeju Island, Korea (South)
Publication date23 Sept 2019
ISBN (Print)978-1-7281-3913-5
ISBN (Electronic)978-1-7281-3912-8
Publication statusPublished - 23 Sept 2019


  • Privacy
  • Consent
  • Policies
  • Evolution
  • Formal Framework
  • Description Logics


Dive into the research topics of 'Consent Verification Under Evolving Privacy Policies'. Together they form a unique fingerprint.

Cite this