Related papers: Human-GDPR Interaction: Practical Experiences of A…
Many Android applications collect data from users. The European Union's General Data Protection Regulation (GDPR) requires vendors to faithfully disclose which data their apps collect. This task is complicated because many apps use…
Artificial intelligence (AI) has the potential to transform healthcare, but it requires access to health data. Synthetic data that is generated through machine learning models trained on real data, offers a way to share data while…
The latest data protection regulations worldwide, such as the General Data Protection Regulation (GDPR), have established the Right of Access by the Data Subject (RADS), granting users the right to access and obtain a copy of their personal…
Internet of Things (IoT) applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data…
Focusing on personal information disclosure, we apply control theory and the notion of the Order of Control to study people's understanding of the implications of information disclosure and their tendency to consent to disclosure. We…
Transparency and data portability are two core principles of modern privacy legislations such as the GDPR. From the regulatory perspective, providing individuals (data subjects) with access to their data is a main building block for…
General Data Protection Regulations (GDPR) aim to safeguard individuals' personal information from harm. While full compliance is mandatory in the European Union and the California Privacy Rights Act (CPRA), it is not in other places. GDPR…
Consent dialogues are a source of annoyance, malicious intent, dark patterns, illegal practices and a plethora of other issues. This work presents known problems based on GDPR requirements grouped into two categories: (i) UI/UX for…
Personal data related to a user's activities, preferences and services, is considered to be a valuable commodity not only for a wide range of technology-oriented companies like Google, Amazon and Apple but also for more traditional…
Modern websites frequently use and embed third-party services to facilitate web development, connect to social media, or for monetization. This often introduces privacy issues as the inclusion of third-party services on a website can allow…
Mobile apps frequently request excessive data access, raising significant privacy concerns. While regulations like GDPR emphasize data minimization, they provide limited guidance on concretely defining and enforcing necessary data access.…
The Internet of Things (IoT) raises specific issues in terms of information and consent, which makes the implementation of the General Data Protection Regulation (GDPR) challenging in this context. In this report, we propose a generic…
The General Data Protection Regulation contains a blanket prohibition on the transfer of personal data outside of the European Economic Area unless strict requirements are met. The rationale for this provision is to protect personal data…
In modern information systems different information features, about the same individual, are often collected and managed by autonomous data collection services that may have different privacy policies. Answering many end-users' legitimate…
It is well-known that most users do not read privacy policies, but almost all users tick the box to agree with them. In this paper, we analyze the 25-year history of privacy policies using methods from transparency research, machine…
Context: Consistent requirements and system specifications are essential for the compliance of software systems towards the General Data Protection Regulation (GDPR). Both artefacts need to be grounded in the original text and conjointly…
Web 2.0, social media, cloud computing, and IoT easily connect people around the globe, overcoming time and space barriers, and offering manifold benefits. However, the technological advances and increased user participation generate novel…
With the rapid development of online technologies and the widespread usage of mobile phones among children, it is crucial to protect their online safety. Some studies reported that online abuse and incidents negatively affect children's…
As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI,…
Extended Reality (XR) technology is changing online interactions, but its granular data collection sensors may be more invasive to user privacy than web, mobile, and the Internet of Things technologies. Despite an increased interest in…