Transparency Enhancing Tools and the GDPR: Do They Match? | SpringerLink
Skip to main content
Springer Nature Link
Log in

Transparency Enhancing Tools and the GDPR: Do They Match?

  • Conference paper
  • First Online:
Information Systems Security and Privacy (ICISSP 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1221))

Included in the following conference series:

Abstract

The introduction of the General Data Protection Regulation (GDPR) came to further strengthen the need for transparency—one of its main principles—and with it, the users’ empowerment to make service providers more responsible and accountable for processing of personal data. The technological infrastructures are not yet prepared to fully support the principle, but changes are bound to be implemented in the very near future. In this work (1) we comprehensively elicit the requirements one needs to implement transparency as stated in GDPR, and (2) we verify which current Transparency Enhancing Tools (TETs) can fulfil them. We found that work still needs to be done to comply with the European Regulation. However, parts of some TETs can already solve some issues. Work efforts need to be put on the development of new solutions, but also on the improvement and testing of existing ones.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    GDPR, Article 5.1.(a).

  2. 2.

    Also know as intervenability [12].

  3. 3.

    https://www.datenschutz-mv.de/static/DS/Dateien/Datenschutzmodell/SDM-Methodology_V1_EN1.pdf.

  4. 4.

    http://europa.eu/rapid/press-release_MEMO-14-186_de.htm.

  5. 5.

    https://www.mozilla.org/lightbeam.

  6. 6.

    https://disconnect.me/.

  7. 7.

    https://www.eff.org/privacybadger.

  8. 8.

    https://myshadow.org/.

  9. 9.

    https://privacyscore.org/.

  10. 10.

    https://openeffect.ca/access-my-info/.

  11. 11.

    https://www.w3.org/P3P/.

  12. 12.

    https://explore.usableprivacy.org/.

  13. 13.

    https://github.com/pylls/datatrack.

  14. 14.

    https://www.healthit.gov/topic/health-it-initiatives/blue-button.

  15. 15.

    http://hipaat.com/privacy-esuite/.

  16. 16.

    http://philip-raschke.github.io/GDPR-privacy-dashboard.

  17. 17.

    https://www.meeco.me/.

  18. 18.

    https://claudette.eui.eu/.

  19. 19.

    https://myshadow.org/lost-in-small-print.

  20. 20.

    See https://www.european-privacy-seal.eu/EPS-en/Criteria.

  21. 21.

    See Conversant, IAB Europe, and ShareThis.

  22. 22.

    GDPR Article 4 (11).

  23. 23.

    https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methodology_V1.0.pdf.

  24. 24.

    See https://www.cnil.fr/en/node/25137.

References

  1. Article 29 Working Party: Guidelines on transparency under regulation 2016/679 (April 2018). http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227. Accessed Aug 2018

  2. Bartolini, C., Giurgiu, A., Lenzini, G., Robaldo, L.: A framework to reason about the legal compliance of security standards. In: Proceedings of the 10th International Workshop on Juris-Informatics (2016)

    Google Scholar 

  3. Berthold, S., Fischer-Hübner, S., Martucci, L., Pulls, T.: Crime and punishment in the cloud: accountability, transparency, and privacy. In: International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (2013)

    Google Scholar 

  4. Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9

    Chapter  Google Scholar 

  5. De, S.J., Le Métayer, D.: Privacy risk analysis to enable informed privacy settings. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE (2018)

    Google Scholar 

  6. EuroPriSe: Europrise certification criteria (v201701) (January 2017). https://www.european-privacy-seal.eu/EPS-en/Criteria. Accessed Oct 2018

  7. Ferreira, A., Lenzini, G.: Can transparency enhancing tools support patient’s accessing electronic health records? In: Rocha, A., Correia, A.M., Costanzo, S., Reis, L.P. (eds.) New Contributions in Information Systems and Technologies. AISC, vol. 353, pp. 1121–1132. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16486-1_111

    Chapter  Google Scholar 

  8. Fischer-Hübner, S., Angulo, J., Pulls, T.: How can cloud users be supported in deciding on, tracking and controlling how their data are used? In: Hansen, M., Hoepman, J.-H., Leenes, R., Whitehouse, D. (eds.) Privacy and Identity 2013. IAICT, vol. 421, pp. 77–92. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55137-6_6

    Chapter  Google Scholar 

  9. Fischer-Hübner, S., Angulo, J., Karegar, F., Pulls, T.: Transparency, Privacy and trust – technology for tracking and controlling my data disclosures: does this work? In: Habib, S.M.M., Vassileva, J., Mauw, S., Mühlhäuser, M. (eds.) IFIPTM 2016. IAICT, vol. 473, pp. 3–14. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41354-9_1

    Chapter  Google Scholar 

  10. Fischer-Hübner, S., Martucci, L.A.: Privacy in social collective intelligence systems. In: Miorandi, D., Maltese, V., Rovatsos, M., Nijholt, A., Stewart, J. (eds.) Social Collective Intelligence. CSS, pp. 105–124. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08681-1_6

    Chapter  Google Scholar 

  11. Idalino, T.B., Spagnuelo, D., Martina, J.E.: Private verification of access on medical data: an initial study. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds.) ESORICS/DPM/CBT-2017. LNCS, vol. 10436, pp. 86–103. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67816-0_6

    Chapter  Google Scholar 

  12. Meis, R., Heisel, M.: Computer-aided identification and validation of intervenability requirements. Information 8(1), 30 (2017)

    Article  Google Scholar 

  13. Mitkov, R.: The Oxford Handbook of Computational Linguistics. Oxford University Press, Oxford (2005)

    MATH  Google Scholar 

  14. de Montjoye, Y.A., Shmueli, E., Wang, S.S., Pentland, A.S.: OpenPDS: protecting the privacy of metadata through safeanswers. PloS One 9(7), e98790 (2014)

    Article  Google Scholar 

  15. Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017)

    Article  Google Scholar 

  16. Nejad, N.M., Scerri, S., Auer, S.: Semantic similarity based clustering of license excerpts for improved end-user interpretation. In: Proceedings of the 13th International Conference on Semantic Systems, pp. 144–151. ACM (2017)

    Google Scholar 

  17. OPC: Privacy Enhancing Technologies - A Review of Tools and Techniques (November 2017). https://www.priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2017/pet_201711/. Accessed Aug 2018

  18. Murmann, P., Fischer-Hübner, S.: Usable transparency enhancing tools - a literature review (working paper). Universitetstryckeriet, Karlstad 2017 (2017)

    Google Scholar 

  19. Raschke, P., Küpper, A., Drozd, O., Kirrane, S.: Designing a GDPR-compliant and usable privacy dashboard. In: Hansen, M., Kosta, E., Nai-Fovino, I., Fischer-Hübner, S. (eds.) Privacy and Identity 2017. IAICT, vol. 526, pp. 221–236. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92925-5_14

    Chapter  Google Scholar 

  20. Sathyendra, K.M., Wilson, S., Schaub, F., Zimmeck, S., Sadeh, N.: Identifying the provision of choices in privacy policy text. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, pp. 2774–2779 (2017)

    Google Scholar 

  21. Seneviratne, O., Kagal, L.: Enabling privacy through transparency. In: 12th Annual International Conference on Privacy, Security and Trust, pp. 121–128. IEEE (2014)

    Google Scholar 

  22. Siljee, J.: Privacy transparency patterns. In: Proceedings of the 20th European Conference on Pattern Languages of Programs, p. 52. ACM (2015)

    Google Scholar 

  23. Spagnuelo, D., Bartolini, C., Lenzini, G.: Modelling metrics for transparency in medical systems. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds.) TrustBus 2017. LNCS, vol. 10442, pp. 81–95. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64483-7_6

    Chapter  Google Scholar 

  24. Spagnuelo, D., Ferreira, A., Lenzini, G.: Accomplishing transparency within the general data protection regulation (auxiliary material) (2018). http://hdl.handle.net/10993/37692

  25. Spagnuelo, D., Ferreira, A., Lenzini, G.: Accomplishing transparency within the general data protection regulation. In: 5th International Conference on Information Systems Security and Privacy (2019)

    Google Scholar 

  26. Spagnuelo, D., Lenzini, G.: Transparent medical data systems. J. Med. Syst. 41(1), 1–12 (2016). https://doi.org/10.1007/s10916-016-0653-8

    Article  Google Scholar 

  27. TrustArc: Enterprise privacy & data governance practices certification assessment criteria (September 2018). https://www.trustarc.com/products/enterprise-privacy-certification/. Accessed Oct 2018

  28. Verizon: 2018 data breach investigations report (2018). https://www.verizonenterprise.com/verizon-insights-lab/dbir/. Accessed Oct 2018

  29. Whitley, E.A., Kanellopoulou, N.: Privacy and informed consent in online interactions: evidence from expert focus groups. In: ICIS, p. 126 (2010)

    Google Scholar 

  30. Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, vol. 1, pp. 1330–1340 (2016)

    Google Scholar 

  31. Zimmermann, C.: A categorization of transparency-enhancing technologies. arXiv preprint arXiv:1507.04914 (2015)

Download references

Acknowledgments

Spagnuelo and Lenzini’s research is supported by the Luxembourg National Research Fund (FNR), AFR project 7842804 TYPAMED and CORE project 11333956 DAPRECO, respectively. Ana’s research is supported by FCT through the Project TagUBig - Taming Your Big Data (IF/00693/2015) from Researcher FCT Program funded by National Funds through FCT - Fundação para a Ciência e a Tecnologia.

Author information

Authors and Affiliations

  1. Faculty of Science, Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Dayana Spagnuelo

  2. CINTESIS, University of Porto, Porto, Portugal

    Ana Ferreira

  3. Interdisciplinary Centre for Security Reliability and Trust (SnT), University of Luxembourg, Luxembourg City, Luxembourg

    Gabriele Lenzini

Authors
  1. Dayana Spagnuelo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana Ferreira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gabriele Lenzini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dayana Spagnuelo .

Editor information

Editors and Affiliations

  1. IIT-CNR, Pisa, Italy

    Paolo Mori

  2. Plymouth University, Plymouth, UK

    Steven Furnell

  3. MODESTE/ESEO, Angers Cedex 2, France

    Olivier Camp

Appendices

A Transparency Requirements

(See Table 4).

Table 4. Transparency requirements as originally presented in [26]. IDs refer to the original numbering, those indexed 1** are ex ante, those 2** are ex post.
Full size table

B Transparency Enhancing Tools (TETs)

(See Table 5).

Table 5. Transparency Enhancing Tools (TETs) classified according to their characteristics. (T)TP = (Trusted) Third Party; C = Collection; U = Usage; M = Modification; D = Deletion; A = Analysis; 2ndU = Second Usage.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Spagnuelo, D., Ferreira, A., Lenzini, G. (2020). Transparency Enhancing Tools and the GDPR: Do They Match?. In: Mori, P., Furnell, S., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2019. Communications in Computer and Information Science, vol 1221. Springer, Cham. https://doi.org/10.1007/978-3-030-49443-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-49443-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-49442-1

  • Online ISBN: 978-3-030-49443-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation