Automating the GDPR Compliance Assessment for Cross-border Personal Data Transfers in Android Applications

• URL: http://arxiv.org/abs/2103.07297v1
• Date: Fri, 12 Mar 2021 14:13:26 GMT
• Title: Automating the GDPR Compliance Assessment for Cross-border Personal Data Transfers in Android Applications
• Authors: Danny S. Guam\'an, Xavier Ferrer, Jose M. del Alamo, Jose Such
• Abstract summary: General European Union Data Protection Regulation (EU) aims to ensure that all personal processing activities are fair and transparent. To end this, it sets strict requirements to transfer personal data outside of the EU. A substantial 56% of analysed apps are potentially non-compliant with cross-border data transfer requirements.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The General Data Protection Regulation (GDPR) aims to ensure that all personal data processing activities are fair and transparent for the European Union (EU) citizens, regardless of whether these are carried out within the EU or anywhere else. To this end, it sets strict requirements to transfer personal data outside the EU. However, checking these requirements is a daunting task for supervisory authorities, particularly in the mobile app domain due to the huge number of apps available and their dynamic nature. In this paper, we propose a fully automated method to assess the compliance of mobile apps with the GDPR requirements for cross-border personal data transfers. We have applied the method to the top-free 10,080 apps from the Google Play Store. The results reveal that there is still a very significant gap between what app providers and third-party recipients do in practice and what is intended by the GDPR. A substantial 56% of analysed apps are potentially non-compliant with the GDPR cross-border transfer requirements.

Related papers

• Advancing Android Privacy Assessments with Automation [5.863391019411233]
  This paper motivates the need for an automated approach that enhances understanding of data protection in Android apps. We propose Assessor View, a tool designed to bridge the knowledge gap between these parties facilitating more effective privacy assessments of Android applications.
  arXiv  Detail & Related papers  (2024-09-10T14:56:51Z)
• Unlocking the Potential of Binding Corporate Rules (BCRs) in Health Data Transfers [0.0]
  This chapter explores the essential role of Corporate Rules (BCRs) in managing and secure health data. The chapter situates BCRs within broader spectrum of transferring sensitive international data. The chapter calls for proactive measures to BCR adoption streamline approval processes, and promote innovative approaches.
  arXiv  Detail & Related papers  (2024-07-31T02:09:52Z)
• Universal representations for financial transactional data: embracing local, global, and external contexts [95.7760348824795]
  We present a representation learning framework that addresses diverse business challenges. We also suggest novel generative models that account for data specifics, and a way to integrate external information into a client's representation.
  arXiv  Detail & Related papers  (2024-04-02T15:39:14Z)
• Towards an Enforceable GDPR Specification [49.1574468325115]
  Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's. One emerging technique to realize PbD is enforcement (RE) We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
  arXiv  Detail & Related papers  (2024-02-27T09:38:51Z)
• Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the Implementation [0.0]
  Article 15 of the European Union's General Data Protection Regulation (Article 15) was implemented in 2018 to strengthen data protection for Europeans. This study aims to explore the challenges faced by individuals who request their data. A few exceptions did not respond with any data or deliver machine-readable data. The findings reveal ten patterns individuals face when requesting and accessing their data.
  arXiv  Detail & Related papers  (2023-08-29T09:49:15Z)
• Privacy Adhering Machine Un-learning in NLP [66.17039929803933]
  In real world industry use Machine Learning to build models on user data. Such mandates require effort both in terms of data as well as model retraining. continuous removal of data and model retraining steps do not scale. We propose textitMachine Unlearning to tackle this challenge.
  arXiv  Detail & Related papers  (2022-12-19T16:06:45Z)
• NLP-based Automated Compliance Checking of Data Processing Agreements against GDPR [9.022562906627991]
  We propose an automated solution to check compliance of a given DPA against the "shall" requirements. Our approach correctly finds 618 out of 750 genuine violations while raising 76 false violations, and further correctly identifies 524 satisfied requirements.
  arXiv  Detail & Related papers  (2022-09-20T13:50:58Z)
• Data Protection Impact Assessment for the Corona App [0.0]
  SARS-CoV-2 started spreading in Europe in early 2020 and there has been a strong call for technical solutions to combat or contain the pandemic. There has been a strong call for technical solutions with contact tracing apps at the heart of debates. The EU's General Daten Protection Regulation (DPIA) requires controllers to carry out a data protection assessment. We present a scientific DPIA which thoroughly examines three published contact tracing app designs that are considered to be the most "privacy-friendly"
  arXiv  Detail & Related papers  (2021-01-18T19:23:30Z)
• Second layer data governance for permissioned blockchains: the privacy management challenge [58.720142291102135]
  In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths. In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
  arXiv  Detail & Related papers  (2020-10-22T13:19:38Z)
• GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
  We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
  arXiv  Detail & Related papers  (2020-05-04T22:01:46Z)
• Beyond privacy regulations: an ethical approach to data usage in transportation [64.86110095869176]
  We describe how Federated Machine Learning can be applied to the transportation sector. We see Federated Learning as a method that enables us to process privacy-sensitive data, while respecting customer's privacy.
  arXiv  Detail & Related papers  (2020-04-01T15:10:12Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.