TILT: A GDPR-Aligned Transparency Information Language and Toolkit for Practical Privacy Engineering
Saved in:
| Title: | TILT: A GDPR-Aligned Transparency Information Language and Toolkit for Practical Privacy Engineering |
|---|---|
| Authors: | Grünewald, Elias, Pallas, Frank |
| Publisher Information: | ACM |
| Publication Year: | 2024 |
| Collection: | TU Berlin: Deposit Once |
| Subject Terms: | 000 Informatik, Informationswissenschaft, allgemeine Werke::000 Informatik, Wissen, Systeme::000 Informatik, allgemeine Werke, data transparency, GDPR, data protection, privacy, privacy by design, legal tech, privacy engineering, web privacy, privacy law |
| Description: | In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do. We provide a detailed analysis of transparency obligations from the GDPR to identify the expressiveness required for a formal transparency language intended to meet respective legal requirements. In addition, we identify a set of further, non-functional requirements that need to be met to foster practical adoption in real-world (web) information systems engineering. On this basis, we specify our formal language and present a respective, fully implemented toolkit around it. We then evaluate the practical applicability of our language and toolkit and demonstrate the additional prospects it unlocks through two different use cases: a) the inter-organizational analysis of personal data-related practices allowing, for instance, to uncover data sharing networks based on explicitly announced transparency information and b) the presentation of formally represented transparency information to users through novel, more comprehensible, and potentially adaptive user interfaces, heightening data subjects' actual informedness about data-related practices and, thus, their sovereignty. Altogether, our transparency information language and toolkit allow - differently from previous work - to express transparency information in line with actual legal requirements and practices of modern (web) information systems engineering and thereby pave the way for a multitude of novel possibilities to heighten transparency and user sovereignty in practice. ; BMVU, 28V2307A19, Verbundprojekt: Datensouveränität durch KI-basierte Transparenz und Auskunft (DaSKITA) - Teilprojekt 1 |
| Document Type: | conference object |
| File Description: | application/pdf |
| Language: | English |
| DOI: | 10.14279/depositonce-20404 |
| Availability: | https://depositonce.tu-berlin.de/handle/11303/21603 https://doi.org/10.14279/depositonce-20404 |
| Rights: | https://creativecommons.org/licenses/by-nd/4.0/ |
| Accession Number: | edsbas.A0585A1D |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do. We provide a detailed analysis of transparency obligations from the GDPR to identify the expressiveness required for a formal transparency language intended to meet respective legal requirements. In addition, we identify a set of further, non-functional requirements that need to be met to foster practical adoption in real-world (web) information systems engineering. On this basis, we specify our formal language and present a respective, fully implemented toolkit around it. We then evaluate the practical applicability of our language and toolkit and demonstrate the additional prospects it unlocks through two different use cases: a) the inter-organizational analysis of personal data-related practices allowing, for instance, to uncover data sharing networks based on explicitly announced transparency information and b) the presentation of formally represented transparency information to users through novel, more comprehensible, and potentially adaptive user interfaces, heightening data subjects' actual informedness about data-related practices and, thus, their sovereignty. Altogether, our transparency information language and toolkit allow - differently from previous work - to express transparency information in line with actual legal requirements and practices of modern (web) information systems engineering and thereby pave the way for a multitude of novel possibilities to heighten transparency and user sovereignty in practice. ; BMVU, 28V2307A19, Verbundprojekt: Datensouveränität durch KI-basierte Transparenz und Auskunft (DaSKITA) - Teilprojekt 1 |
|---|---|
| DOI: | 10.14279/depositonce-20404 |