Consent verification monitoring

06/13/2022
by   Marco Robol, et al.
0

Advances in service personalization are driven by low-cost data collection and processing, in addition to the wide variety of third-party frameworks for authentication, storage, and marketing. New privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), increasingly require organizations to explicitly state their data practices in privacy policies. When data practices change, a new version of the policy is released. This can occur a few times a year, when data collection or processing requirements are rapidly changing. Consent evolution raises specific challenges to ensuring GDPR compliance. We propose a formal consent framework to support organizations, data users and data subjects in their understanding of policy evolution under a consent regime that supports both the retroactive and non-retroactive granting and withdrawal of consent. The contributions include: (i) a formal framework to reason about data collection and access under multiple consent granting and revocation scenarios; (ii) a scripting language that implements the consent framework for encoding and executing different scenarios; (iii) five consent evolution use cases that illustrate how organizations would evolve their policies using this framework; and (iv) a scalability evaluation of the reasoning framework. The framework models are used to verify when user consent prevents or detects unauthorized data collection and access. The framework can be integrated into a runtime architecture to monitor policy violations as data practices evolve in real-time. The framework was evaluated using the five use cases and a simulation to measure the framework scalability. The simulation results show that the approach is computationally scalable for use in runtime consent monitoring under a standard model of data collection and access, and practice and policy evolution.

READ FULL TEXT
research
05/03/2018

An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies

A dominant regulatory model for web privacy is "notice and choice". In t...
research
12/09/2020

PrivFramework: A System for Configurable and Automated Privacy Policy Compliance

Today's massive scale of data collection coupled with recent surges of c...
research
10/11/2021

Towards a Cost vs. Quality Sweet Spot for Monitoring Networks

Continuously monitoring a wide variety of performance and fault metrics ...
research
08/31/2020

Simulation Framework for Realistic Large-scale Individual-level Health Data Generation

We propose a general framework for realistic data generation and simulat...
research
05/05/2017

Data Readiness Levels

Application of models to data is fraught. Data-generating collaborators ...
research
03/30/2023

A CI-based Auditing Framework for Data Collection Practices

Apps and devices (mobile devices, web browsers, IoT, VR, voice assistant...
research
01/15/2020

Real Time Reasoning in OWL2 for GDPR Compliance

This paper shows how knowledge representation and reasoning techniques c...

Please sign up or login with your details

Forgot password? Click here to reset