-
How to Drill Into Silos: Creating a Free-to-Use Dataset of Data Subject Access Packages
Authors:
Nicola Leschke,
Daniela Pöhn,
Frank Pallas
Abstract:
The European Union's General Data Protection Regulation (GDPR) strengthened several rights for individuals (data subjects). One of these is the data subjects' right to access their personal data being collected by services (data controllers), complemented with a new right to data portability. Based on these, data controllers are obliged to provide respective data and allow data subjects to use the…
▽ More
The European Union's General Data Protection Regulation (GDPR) strengthened several rights for individuals (data subjects). One of these is the data subjects' right to access their personal data being collected by services (data controllers), complemented with a new right to data portability. Based on these, data controllers are obliged to provide respective data and allow data subjects to use them at their own discretion.
However, the subjects' possibilities for actually using and harnessing said data are severely limited so far. Among other reasons, this can be attributed to a lack of research dedicated to the actual use of controller-provided subject access request packages (SARPs). To open up and facilitate such research, we outline a general, high-level method for generating, pre-processing, publishing, and finally using SARPs of different providers. Furthermore, we establish a realistic dataset comprising two users' SARPs from five services. This dataset is publicly provided and shall, in the future, serve as a starting and reference point for researching and comparing novel approaches for the practically viable use of SARPs.
△ Less
Submitted 5 July, 2024;
originally announced July 2024.
-
Silencing the Risk, Not the Whistle: A Semi-automated Text Sanitization Tool for Mitigating the Risk of Whistleblower Re-Identification
Authors:
Dimitri Staufer,
Frank Pallas,
Bettina Berendt
Abstract:
Whistleblowing is essential for ensuring transparency and accountability in both public and private sectors. However, (potential) whistleblowers often fear or face retaliation, even when reporting anonymously. The specific content of their disclosures and their distinct writing style may re-identify them as the source. Legal measures, such as the EU WBD, are limited in their scope and effectivenes…
▽ More
Whistleblowing is essential for ensuring transparency and accountability in both public and private sectors. However, (potential) whistleblowers often fear or face retaliation, even when reporting anonymously. The specific content of their disclosures and their distinct writing style may re-identify them as the source. Legal measures, such as the EU WBD, are limited in their scope and effectiveness. Therefore, computational methods to prevent re-identification are important complementary tools for encouraging whistleblowers to come forward. However, current text sanitization tools follow a one-size-fits-all approach and take an overly limited view of anonymity. They aim to mitigate identification risk by replacing typical high-risk words (such as person names and other NE labels) and combinations thereof with placeholders. Such an approach, however, is inadequate for the whistleblowing scenario since it neglects further re-identification potential in textual features, including writing style. Therefore, we propose, implement, and evaluate a novel classification and mitigation strategy for rewriting texts that involves the whistleblower in the assessment of the risk and utility. Our prototypical tool semi-automatically evaluates risk at the word/term level and applies risk-adapted anonymization techniques to produce a grammatically disjointed yet appropriately sanitized text. We then use a LLM that we fine-tuned for paraphrasing to render this text coherent and style-neutral. We evaluate our tool's effectiveness using court cases from the ECHR and excerpts from a real-world whistleblower testimony and measure the protection against authorship attribution (AA) attacks and utility loss statistically using the popular IMDb62 movie reviews dataset. Our method can significantly reduce AA accuracy from 98.81% to 31.22%, while preserving up to 73.1% of the original content's semantics.
△ Less
Submitted 2 May, 2024;
originally announced May 2024.
-
Hook-in Privacy Techniques for gRPC-based Microservice Communication
Authors:
Louis Loechel,
Siar-Remzi Akbayin,
Elias Grünewald,
Jannis Kiesel,
Inga Strelnikova,
Thomas Janke,
Frank Pallas
Abstract:
gRPC is at the heart of modern distributed system architectures. Based on HTTP/2 and Protocol Buffers, it provides highly performant, standardized, and polyglot communication across loosely coupled microservices and is increasingly preferred over REST- or GraphQL-based service APIs in practice. Despite its widespread adoption, gRPC lacks any advanced privacy techniques beyond transport encryption…
▽ More
gRPC is at the heart of modern distributed system architectures. Based on HTTP/2 and Protocol Buffers, it provides highly performant, standardized, and polyglot communication across loosely coupled microservices and is increasingly preferred over REST- or GraphQL-based service APIs in practice. Despite its widespread adoption, gRPC lacks any advanced privacy techniques beyond transport encryption and basic token-based authentication. Such advanced techniques are, however, increasingly important for fulfilling regulatory requirements. For instance, anonymizing or otherwise minimizing (personal) data before responding to requests, or pre-processing data based on the purpose of the access may be crucial in certain usecases. In this paper, we therefore propose a novel approach for integrating such advanced privacy techniques into the gRPC framework in a practically viable way. Specifically, we present a general approach along with a working prototype that implements privacy techniques, such as data minimization and purpose limitation, in a configurable, extensible, and gRPC-native way utilizing a gRPC interceptor. We also showcase how to integrate this contribution into a realistic example of a food delivery use case. Alongside these implementations, a preliminary performance evaluation shows practical applicability with reasonable overheads. Altogether, we present a viable solution for integrating advanced privacy techniques into real-world gRPC-based microservice architectures, thereby facilitating regulatory compliance ``by design''.
△ Less
Submitted 8 April, 2024;
originally announced April 2024.
-
Privacy Engineering From Principles to Practice: A Roadmap
Authors:
Frank Pallas,
Katharina Koerner,
Isabel Barberá,
Jaap-Henk Hoepman,
Meiko Jensen,
Nandita Rao Narla,
Nikita Samarin,
Max-R. Ulbricht,
Isabel Wagner,
Kim Wuyts,
Christian Zimmermann
Abstract:
Privacy engineering is gaining momentum in industry and academia alike. So far, manifold low-level primitives and higher-level methods and strategies have successfully been established. Still, fostering adoption in real-world information systems calls for additional aspects to be consciously considered in research and practice.
Privacy engineering is gaining momentum in industry and academia alike. So far, manifold low-level primitives and higher-level methods and strategies have successfully been established. Still, fostering adoption in real-world information systems calls for additional aspects to be consciously considered in research and practice.
△ Less
Submitted 4 April, 2024;
originally announced April 2024.
-
Towards Cross-Provider Analysis of Transparency Information for Data Protection
Authors:
Elias Grünewald,
Johannes M. Halkenhäußer,
Nicola Leschke,
Frank Pallas
Abstract:
Transparency and accountability are indispensable principles for modern data protection, from both, legal and technical viewpoints. Regulations such as the GDPR, therefore, require specific transparency information to be provided including, e.g., purpose specifications, storage periods, or legal bases for personal data processing. However, it has repeatedly been shown that all too often, this info…
▽ More
Transparency and accountability are indispensable principles for modern data protection, from both, legal and technical viewpoints. Regulations such as the GDPR, therefore, require specific transparency information to be provided including, e.g., purpose specifications, storage periods, or legal bases for personal data processing. However, it has repeatedly been shown that all too often, this information is practically hidden in legalese privacy policies, hindering data subjects from exercising their rights. This paper presents a novel approach to enable large-scale transparency information analysis across service providers, leveraging machine-readable formats and graph data science methods. More specifically, we propose a general approach for building a transparency analysis platform (TAP) that is used to identify data transfers empirically, provide evidence-based analyses of sharing clusters of more than 70 real-world data controllers, or even to simulate network dynamics using synthetic transparency information for large-scale data-sharing scenarios. We provide the general approach for advanced transparency information analysis, an open source architecture and implementation in the form of a queryable analysis platform, and versatile analysis examples. These contributions pave the way for more transparent data processing for data subjects, and evidence-based enforcement processes for data protection authorities. Future work can build upon our contributions to gain more insights into so-far hidden data-sharing practices.
△ Less
Submitted 5 September, 2023; v1 submitted 1 September, 2023;
originally announced September 2023.
-
Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems
Authors:
Elias Grünewald,
Jannis Kiesel,
Siar-Remzi Akbayin,
Frank Pallas
Abstract:
Transparency is one of the most important principles of modern privacy regulations, such as the GDPR or CCPA. To be compliant with such regulatory frameworks, data controllers must provide data subjects with precise information about the collection, processing, storage, and transfer of personal data. To do so, respective facts and details must be compiled and always kept up to date. In traditional…
▽ More
Transparency is one of the most important principles of modern privacy regulations, such as the GDPR or CCPA. To be compliant with such regulatory frameworks, data controllers must provide data subjects with precise information about the collection, processing, storage, and transfer of personal data. To do so, respective facts and details must be compiled and always kept up to date. In traditional, rather static system environments, this inventory (including details such as the purposes of processing or the storage duration for each system component) could be done manually. In current circumstances of agile, DevOps-driven, and cloud-native information systems engineering, however, such manual practices do not suit anymore, making it increasingly hard for data controllers to achieve regulatory compliance. To allow for proper collection and maintenance of always up-to-date transparency information smoothly integrating into DevOps practices, we herein propose a set of novel approaches explicitly tailored to specific phases of the DevOps lifecycle most relevant in matters of privacy-related transparency and accountability at runtime: Release, Operation, and Monitoring. For each of these phases, we examine the specific challenges arising in determining the details of personal data processing, develop a distinct approach and provide respective proof of concept implementations that can easily be applied in cloud native systems. We also demonstrate how these components can be integrated with each other to establish transparency information comprising design- and runtime-elements. Furthermore, our experimental evaluation indicates reasonable overheads. On this basis, data controllers can fulfill their regulatory transparency obligations in line with actual engineering practices.
△ Less
Submitted 4 June, 2023;
originally announced June 2023.
-
A Human-in-the-Loop Approach for Information Extraction from Privacy Policies under Data Scarcity
Authors:
Michael Gebauer,
Faraz Maschhur,
Nicola Leschke,
Elias Grünewald,
Frank Pallas
Abstract:
Machine-readable representations of privacy policies are door openers for a broad variety of novel privacy-enhancing and, in particular, transparency-enhancing technologies (TETs). In order to generate such representations, transparency information needs to be extracted from written privacy policies. However, respective manual annotation and extraction processes are laborious and require expert kn…
▽ More
Machine-readable representations of privacy policies are door openers for a broad variety of novel privacy-enhancing and, in particular, transparency-enhancing technologies (TETs). In order to generate such representations, transparency information needs to be extracted from written privacy policies. However, respective manual annotation and extraction processes are laborious and require expert knowledge. Approaches for fully automated annotation, in turn, have so far not succeeded due to overly high error rates in the specific domain of privacy policies. In the end, a lack of properly annotated privacy policies and respective machine-readable representations persists and enduringly hinders the development and establishment of novel technical approaches fostering policy perception and data subject informedness.
In this work, we present a prototype system for a `Human-in-the-Loop' approach to privacy policy annotation that integrates ML-generated suggestions and ultimately human annotation decisions. We propose an ML-based suggestion system specifically tailored to the constraint of data scarcity prevalent in the domain of privacy policy annotation. On this basis, we provide meaningful predictions to users thereby streamlining the annotation process. Additionally, we also evaluate our approach through a prototypical implementation to show that our ML-based extraction approach provides superior performance over other recently used extraction models for legal documents.
△ Less
Submitted 31 May, 2023; v1 submitted 24 May, 2023;
originally announced May 2023.
-
Streamlining personal data access requests: From obstructive procedures to automated web workflows
Authors:
Nicola Leschke,
Florian Kirsten,
Frank Pallas,
Elias Grünewald
Abstract:
Transparency and data portability are two core principles of modern privacy legislations such as the GDPR. From the regulatory perspective, providing individuals (data subjects) with access to their data is a main building block for implementing these. Different from other privacy principles and respective regulatory provisions, however, this right to data access has so far only seen marginal tech…
▽ More
Transparency and data portability are two core principles of modern privacy legislations such as the GDPR. From the regulatory perspective, providing individuals (data subjects) with access to their data is a main building block for implementing these. Different from other privacy principles and respective regulatory provisions, however, this right to data access has so far only seen marginal technical reflection. Processes related to performing data subject access requests (DSARs) are thus still to be executed manually, hindering the concept of data access from unfolding its full potential.
To tackle this problem, we present an automated approach to the execution of DSARs, employing modern techniques of web automation. In particular, we propose a generic DSAR workflow model, a corresponding formal language for representing the particular workflows of different service providers (controllers), a publicly accessible and extendable workflow repository, and a browser-based execution engine, altogether providing ``one-click'' DSARs. To validate our approach and technical concepts, we examine, formalize and make publicly available the DSAR workflows of 15 widely used service providers and implement the execution engine in a publicly available browser extension. Altogether, we thereby pave the way for automated data subject access requests and lay the groundwork for a broad variety of subsequent technical means hel** web users to better understand their privacy-related exposure to different service providers.
△ Less
Submitted 5 May, 2023;
originally announced May 2023.
-
Enabling Versatile Privacy Interfaces Using Machine-Readable Transparency Information
Authors:
Elias Grünewald,
Johannes M. Halkenhäußer,
Nicola Leschke,
Johanna Washington,
Cristina Paupini,
Frank Pallas
Abstract:
Transparency regarding the processing of personal data in online services is a necessary precondition for informed decisions on whether or not to share personal data. In this paper, we argue that privacy interfaces shall incorporate the context of display, personal preferences, and individual competences of data subjects following the principles of universal design and usable privacy. Doing so req…
▽ More
Transparency regarding the processing of personal data in online services is a necessary precondition for informed decisions on whether or not to share personal data. In this paper, we argue that privacy interfaces shall incorporate the context of display, personal preferences, and individual competences of data subjects following the principles of universal design and usable privacy. Doing so requires -- among others -- to consciously decouple the provision of transparency information from their ultimate presentation. To this end, we provide a general model of how transparency information can be provided from a data controller to data subjects, effectively leveraging machine-readable transparency information and facilitating versatile presentation interfaces. We contribute two actual implementations of said model: 1) a GDPR-aligned privacy dashboard and 2) a chatbot and virtual voice assistant enabled by conversational AI. We evaluate our model and implementations with a user study and find that these approaches provide effective and time-efficient transparency. Consequently, we illustrate how transparency can be enhanced using machine-readable transparency information and how data controllers can meet respective regulatory obligations.
△ Less
Submitted 17 April, 2023; v1 submitted 21 February, 2023;
originally announced February 2023.
-
Non-Disclosing Credential On-chaining for Blockchain-based Decentralized Applications
Authors:
Jonathan Heiss,
Robert Muth,
Frank Pallas,
Stefan Tai
Abstract:
Many service systems rely on verifiable identity-related information of their users. Manipulation and unwanted exposure of this privacy-relevant information, however, must at the same time be prevented and avoided. Peer-to-peer blockchain-based decentralization with a smart contract-based execution model and verifiable off-chain computations leveraging zero-knowledge proofs promise to provide the…
▽ More
Many service systems rely on verifiable identity-related information of their users. Manipulation and unwanted exposure of this privacy-relevant information, however, must at the same time be prevented and avoided. Peer-to-peer blockchain-based decentralization with a smart contract-based execution model and verifiable off-chain computations leveraging zero-knowledge proofs promise to provide the basis for next-generation, non-disclosing credential management solutions. In this paper, we propose a novel credential on-chaining system that ensures blockchain-based transparency while preserving pseudonymity. We present a general model compliant to the W3C verifiable credential recommendation and demonstrate how it can be applied to solve existing problems that require computational identity-related attribute verification. Our zkSNARKs-based reference implementation and evaluation show that, compared to related approaches based on, e.g., CL-signatures, our approach provides significant performance advantages and more flexible proof mechanisms, underpinning our vision of increasingly decentralized, transparent, and trustworthy service systems.
△ Less
Submitted 20 September, 2022;
originally announced September 2022.
-
Configurable Per-Query Data Minimization for Privacy-Compliant Web APIs
Authors:
Frank Pallas,
David Hartmann,
Paul Heinrich,
Josefine Kipke,
Elias Grünewald
Abstract:
The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing Web APIs, however, typically lack sophisticated dat…
▽ More
The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing Web APIs, however, typically lack sophisticated data minimization features, leaving the task open to manual and all too often missing implementations. In this paper, we address the problem of data minimization for data-providing, query-capable Web APIs. Based on a careful analysis of functional and non-functional requirements, we introduce Janus, an easy-to-use, highly configurable solution for implementing legally compliant data minimization in GraphQL Web APIs. Janus provides a rich set of information reduction functionalities that can be configured for different client roles accessing the API. We present a technical proof-of-concept along with experimental measurements that indicate reasonable overheads. Janus is thus a practical solution for implementing GraphQL APIs in line with the regulatory principle of data minimization.
△ Less
Submitted 18 March, 2022;
originally announced March 2022.
-
Megahertz-rate Ultrafast X-ray Scattering and Holographic Imaging at the European XFEL
Authors:
Nanna Zhou Hagström,
Michael Schneider,
Nico Kerber,
Alexander Yaroslavtsev,
Erick Burgos Parra,
Marijan Beg,
Martin Lang,
Christian M. Günther,
Boris Seng,
Fabian Kammerbauer,
Horia Popescu,
Matteo Pancaldi,
Kumar Neeraj,
Debanjan Polley,
Rahul Jangid,
Stjepan B. Hrkac,
Sheena K. K. Patel,
Sergei Ovcharenko,
Diego Turenne,
Dmitriy Ksenzov,
Christine Boeglin,
Igor Pronin,
Marina Baidakova,
Clemens von Korff Schmising,
Martin Borchert
, et al. (75 additional authors not shown)
Abstract:
The advent of X-ray free-electron lasers (XFELs) has revolutionized fundamental science, from atomic to condensed matter physics, from chemistry to biology, giving researchers access to X-rays with unprecedented brightness, coherence, and pulse duration. All XFEL facilities built until recently provided X-ray pulses at a relatively low repetition rate, with limited data statistics. Here, we presen…
▽ More
The advent of X-ray free-electron lasers (XFELs) has revolutionized fundamental science, from atomic to condensed matter physics, from chemistry to biology, giving researchers access to X-rays with unprecedented brightness, coherence, and pulse duration. All XFEL facilities built until recently provided X-ray pulses at a relatively low repetition rate, with limited data statistics. Here, we present the results from the first megahertz repetition rate X-ray scattering experiments at the Spectroscopy and Coherent Scattering (SCS) instrument of the European XFEL. We illustrate the experimental capabilities that the SCS instrument offers, resulting from the operation at MHz repetition rates and the availability of the novel DSSC 2D imaging detector. Time-resolved magnetic X-ray scattering and holographic imaging experiments in solid state samples were chosen as representative, providing an ideal test-bed for operation at megahertz rates. Our results are relevant and applicable to any other non-destructive XFEL experiments in the soft X-ray range.
△ Less
Submitted 20 January, 2022; v1 submitted 17 January, 2022;
originally announced January 2022.
-
Datensouveränität für Verbraucher:innen: Technische Ansätze durch KI-basierte Transparenz und Auskunft im Kontext der DSGVO
Authors:
Elias Grünewald,
Frank Pallas
Abstract:
A sufficient level of data sovereignty is extremely difficult for consumers in practice. The EU General Data Protection Regulation guarantees comprehensive data subject rights, which must be implemented by responsible controllers through technical and organizational measures. Traditional approaches, such as the provision of lengthy data protection declarations or the downloading of raw personal da…
▽ More
A sufficient level of data sovereignty is extremely difficult for consumers in practice. The EU General Data Protection Regulation guarantees comprehensive data subject rights, which must be implemented by responsible controllers through technical and organizational measures. Traditional approaches, such as the provision of lengthy data protection declarations or the downloading of raw personal data without further assistance, do not meet the requirements of informational self-determination. The new technical approaches outlined below, in particular AI-based transparency and access modalities, demonstrate the practicability of effective and versatile mechanisms. For this purpose, the relevant transparency information is extracted in a semi-automated way, represented in a machine-readable format, and then played out via diverse channels such as virtual assistants or the enrichment of search results.
---
Hinreichende Datensouveränität gestaltet sich für Verbraucher:innen in der Praxis als äußerst schwierig. Die Europäische Datenschutzgrundverordnung garantiert umfassende Betroffenenrechte, die von verantwortlichen Stellen durch technisch-organisatorische Maßnahmen umzusetzen sind. Traditionelle Vorgehensweisen wie die Bereitstellung länglicher Datenschutzerklärungen oder der ohne weitere Hilfestellungen angebotene Download von personenbezogenen Rohdaten werden dem Anspruch der informationellen Selbstbestimmung nicht gerecht. Die im Folgenden aufgezeigten neuen technischen Ansätze insbesondere KI-basierter Transparenz- und Auskunftsmodalitäten zeigen die Praktikabilität wirksamer und vielseitiger Mechanismen. Hierzu werden die relevanten Transparenzangaben teilautomatisiert extrahiert, maschinenlesbar repräsentiert und anschließend über diverse Kanäle wie virtuelle Assistenten oder die Anreicherung von Suchergebnissen ausgespielt.
△ Less
Submitted 7 December, 2021;
originally announced December 2021.
-
RedCASTLE: Practically Applicable $k_s$-Anonymity for IoT Streaming Data at the Edge in Node-RED
Authors:
Frank Pallas,
Julian Legler,
Niklas Amslgruber,
Elias Grünewald
Abstract:
In this paper, we present RedCASTLE, a practically applicable solution for Edge-based $k_s$-anonymization of IoT streaming data in Node-RED. RedCASTLE builds upon a pre-existing, rudimentary implementation of the CASTLE algorithm and significantly extends it with functionalities indispensable for real-world IoT scenarios. In addition, RedCASTLE provides an abstraction layer for smoothly integratin…
▽ More
In this paper, we present RedCASTLE, a practically applicable solution for Edge-based $k_s$-anonymization of IoT streaming data in Node-RED. RedCASTLE builds upon a pre-existing, rudimentary implementation of the CASTLE algorithm and significantly extends it with functionalities indispensable for real-world IoT scenarios. In addition, RedCASTLE provides an abstraction layer for smoothly integrating $k_s$-anonymization into Node-RED, a visually programmable middleware for streaming dataflows widely used in Edge-based IoT scenarios. Last but not least, RedCASTLE also provides further capabilities for basic information reduction that complement $k_s$-anonymization in the privacy-friendly implementation of usecases involving IoT streaming data. A preliminary performance assessment finds that RedCASTLE comes with reasonable overheads and demonstrates its practical viability.
△ Less
Submitted 29 October, 2021;
originally announced October 2021.
-
Messaging with Purpose Limitation -- Privacy-Compliant Publish-Subscribe Systems
Authors:
Karl Wolf,
Frank Pallas,
Stefan Tai
Abstract:
Purpose limitation is an important privacy principle to ensure that personal data may only be used for the declared purposes it was originally collected for. Ensuring compliance with respective privacy regulations like the GDPR, which codify purpose limitation as an obligation, consequently, is a major challenge in real-world enterprise systems. Technical solutions under the umbrella of purpose-ba…
▽ More
Purpose limitation is an important privacy principle to ensure that personal data may only be used for the declared purposes it was originally collected for. Ensuring compliance with respective privacy regulations like the GDPR, which codify purpose limitation as an obligation, consequently, is a major challenge in real-world enterprise systems. Technical solutions under the umbrella of purpose-based access control (PBAC), however, focus mostly on data being held at-rest in databases, while PBAC for communication and publish-subscribe messaging in particular has received only little attention. In this paper, we argue for PBAC to be also applied to data-in-transit and introduce and study a concrete proof-of-concept implementation, which extends a popular MQTT message broker with purpose limitation. On this basis, purpose limitation as a core privacy principle can be addressed in enterprise IoT and message-driven integration architectures that do not focus on databases but event-driven communication and integration instead.
△ Less
Submitted 28 October, 2021;
originally announced October 2021.
-
TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures
Authors:
Elias Grünewald,
Paul Wille,
Frank Pallas,
Maria C. Borges,
Max-R. Ulbricht
Abstract:
Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so…
▽ More
Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.
△ Less
Submitted 10 June, 2021;
originally announced June 2021.
-
TILT: A GDPR-Aligned Transparency Information Language and Toolkit for Practical Privacy Engineering
Authors:
Elias Grünewald,
Frank Pallas
Abstract:
In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do.
We provide a detailed analysis of transparency obligations from the GDPR to ide…
▽ More
In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do.
We provide a detailed analysis of transparency obligations from the GDPR to identify the expressiveness required for a formal transparency language intended to meet respective legal requirements. In addition, we identify a set of further, non-functional requirements that need to be met to foster practical adoption in real-world (web) information systems engineering. On this basis, we specify our formal language and present a respective, fully implemented toolkit around it. We then evaluate the practical applicability of our language and toolkit and demonstrate the additional prospects it unlocks through two different use cases: a) the inter-organizational analysis of personal data-related practices allowing, for instance, to uncover data sharing networks based on explicitly announced transparency information and b) the presentation of formally represented transparency information to users through novel, more comprehensible, and potentially adaptive user interfaces, heightening data subjects' actual informedness about data-related practices and, thus, their sovereignty.
Altogether, our transparency information language and toolkit allow - differently from previous work - to express transparency information in line with actual legal requirements and practices of modern (web) information systems engineering and thereby pave the way for a multitude of novel possibilities to heighten transparency and user sovereignty in practice.
△ Less
Submitted 18 December, 2020;
originally announced December 2020.
-
Fog Computing as Privacy Enabler
Authors:
Frank Pallas,
Philip Raschke,
David Bermbach
Abstract:
Despite broad discussions on privacy challenges arising from fog computing, the authors argue that privacy and security requirements might actually drive the adoption of fog computing. They present four patterns of fog computing fostering data privacy and the security of business secrets, complementing existing cryptographic approaches. Their practical application is illuminated on the basis of th…
▽ More
Despite broad discussions on privacy challenges arising from fog computing, the authors argue that privacy and security requirements might actually drive the adoption of fog computing. They present four patterns of fog computing fostering data privacy and the security of business secrets, complementing existing cryptographic approaches. Their practical application is illuminated on the basis of three case studies.
△ Less
Submitted 13 March, 2020; v1 submitted 9 October, 2019;
originally announced October 2019.