Log In Sign Up

Consent verification monitoring

by   Marco Robol, et al.

Advances in service personalization are driven by low-cost data collection and processing, in addition to the wide variety of third-party frameworks for authentication, storage, and marketing. New privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), increasingly require organizations to explicitly state their data practices in privacy policies. When data practices change, a new version of the policy is released. This can occur a few times a year, when data collection or processing requirements are rapidly changing. Consent evolution raises specific challenges to ensuring GDPR compliance. We propose a formal consent framework to support organizations, data users and data subjects in their understanding of policy evolution under a consent regime that supports both the retroactive and non-retroactive granting and withdrawal of consent. The contributions include: (i) a formal framework to reason about data collection and access under multiple consent granting and revocation scenarios; (ii) a scripting language that implements the consent framework for encoding and executing different scenarios; (iii) five consent evolution use cases that illustrate how organizations would evolve their policies using this framework; and (iv) a scalability evaluation of the reasoning framework. The framework models are used to verify when user consent prevents or detects unauthorized data collection and access. The framework can be integrated into a runtime architecture to monitor policy violations as data practices evolve in real-time. The framework was evaluated using the five use cases and a simulation to measure the framework scalability. The simulation results show that the approach is computationally scalable for use in runtime consent monitoring under a standard model of data collection and access, and practice and policy evolution.


An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies

A dominant regulatory model for web privacy is "notice and choice". In t...

PrivFramework: A System for Configurable and Automated Privacy Policy Compliance

Today's massive scale of data collection coupled with recent surges of c...

Towards a Cost vs. Quality Sweet Spot for Monitoring Networks

Continuously monitoring a wide variety of performance and fault metrics ...

Simulation Framework for Realistic Large-scale Individual-level Health Data Generation

We propose a general framework for realistic data generation and simulat...

Data Readiness Levels

Application of models to data is fraught. Data-generating collaborators ...

Data Capsule: A New Paradigm for Automatic Compliance with Data Privacy Regulations

The increasing pace of data collection has led to increasing awareness o...

Real Time Reasoning in OWL2 for GDPR Compliance

This paper shows how knowledge representation and reasoning techniques c...