Automating the GDPR Compliance Assessment for Cross-border Personal Data
Transfers in Android Applications
- URL: http://arxiv.org/abs/2103.07297v1
- Date: Fri, 12 Mar 2021 14:13:26 GMT
- Title: Automating the GDPR Compliance Assessment for Cross-border Personal Data
Transfers in Android Applications
- Authors: Danny S. Guam\'an, Xavier Ferrer, Jose M. del Alamo, Jose Such
- Abstract summary: General European Union Data Protection Regulation (EU) aims to ensure that all personal processing activities are fair and transparent.
To end this, it sets strict requirements to transfer personal data outside of the EU.
A substantial 56% of analysed apps are potentially non-compliant with cross-border data transfer requirements.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The General Data Protection Regulation (GDPR) aims to ensure that all
personal data processing activities are fair and transparent for the European
Union (EU) citizens, regardless of whether these are carried out within the EU
or anywhere else. To this end, it sets strict requirements to transfer personal
data outside the EU. However, checking these requirements is a daunting task
for supervisory authorities, particularly in the mobile app domain due to the
huge number of apps available and their dynamic nature. In this paper, we
propose a fully automated method to assess the compliance of mobile apps with
the GDPR requirements for cross-border personal data transfers. We have applied
the method to the top-free 10,080 apps from the Google Play Store. The results
reveal that there is still a very significant gap between what app providers
and third-party recipients do in practice and what is intended by the GDPR. A
substantial 56% of analysed apps are potentially non-compliant with the GDPR
cross-border transfer requirements.
Related papers
- Privacy-Preserving Federated Embedding Learning for Localized Retrieval-Augmented Generation [60.81109086640437]
We propose a novel framework called Federated Retrieval-Augmented Generation (FedE4RAG)
FedE4RAG facilitates collaborative training of client-side RAG retrieval models.
We apply homomorphic encryption within federated learning to safeguard model parameters.
arXiv Detail & Related papers (2025-04-27T04:26:02Z) - The Processing goes far beyond "the app" -- Privacy issues of decentralized Digital Contact Tracing using the example of the German Corona-Warn-App (CWA) [0.0]
We present the results of a scientific and methodologically clear DPIA of the German German Corona-Warn-App.
It shows that even a decentralized architecture involves numerous serious weaknesses and risks.
It also found that none of the proposed designs operates on anonymous data or ensures proper anonymisation.
arXiv Detail & Related papers (2025-03-30T13:48:15Z) - Modelling Privacy Compliance in Cross-border Data Transfers with Bigraphs [0.0]
We propose a privacy framework based on Milner's Bigraphical Reactive Systems.
We demonstrate the framework's applicability by modelling WhatsApp's privacy policies.
arXiv Detail & Related papers (2025-03-26T11:50:55Z) - AgentDAM: Privacy Leakage Evaluation for Autonomous Web Agents [75.85554113398626]
We develop a benchmark called AgentDAM to evaluate how well existing and future AI agents can limit processing of potentially private information.
Our benchmark simulates realistic web interaction scenarios and is adaptable to all existing web navigation agents.
arXiv Detail & Related papers (2025-03-12T19:30:31Z) - Lawful and Accountable Personal Data Processing with GDPR-based Access and Usage Control in Distributed Systems [0.0]
This paper proposes a case-generic method for automated normative reasoning that establishes legal arguments for the lawfulness of data processing activities.
The arguments are established on the basis of case-specific legal qualifications made by privacy experts, bringing the human in the loop.
The resulting system is designed and critically assessed in reference to requirements extracted from the GPDR.
arXiv Detail & Related papers (2025-03-10T10:49:34Z) - Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services [0.0]
It is unclear whether online services comply with individual requirements if privacy policies are sparse.
The study concludes that quality of data access responses varies among analyzed services, and none all requirements completely.
arXiv Detail & Related papers (2025-03-06T09:41:58Z) - GDPR-Relevant Privacy Concerns in Mobile Apps Research: A Systematic Literature Review [3.5294997953439426]
Data subject rights are fundamental to data rights individuals over their personal data.
Some concepts such as data subject rights individuals over their personal data are fundamental, yet under-explored in the landscape.
arXiv Detail & Related papers (2024-11-28T13:42:46Z) - Advancing Android Privacy Assessments with Automation [5.863391019411233]
This paper motivates the need for an automated approach that enhances understanding of data protection in Android apps.
We propose Assessor View, a tool designed to bridge the knowledge gap between these parties facilitating more effective privacy assessments of Android applications.
arXiv Detail & Related papers (2024-09-10T14:56:51Z) - Unlocking the Potential of Binding Corporate Rules (BCRs) in Health Data Transfers [0.0]
This chapter explores the essential role of Corporate Rules (BCRs) in managing and secure health data.
The chapter situates BCRs within broader spectrum of transferring sensitive international data.
The chapter calls for proactive measures to BCR adoption streamline approval processes, and promote innovative approaches.
arXiv Detail & Related papers (2024-07-31T02:09:52Z) - Universal representations for financial transactional data: embracing local, global, and external contexts [95.7760348824795]
We present a representation learning framework that addresses diverse business challenges.
We also suggest novel generative models that account for data specifics, and a way to integrate external information into a client's representation.
arXiv Detail & Related papers (2024-04-02T15:39:14Z) - Towards an Enforceable GDPR Specification [49.1574468325115]
Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's.
One emerging technique to realize PbD is enforcement (RE)
We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
arXiv Detail & Related papers (2024-02-27T09:38:51Z) - Needle in the Haystack: Analyzing the Right of Access According to GDPR
Article 15 Five Years after the Implementation [0.0]
Article 15 of the European Union's General Data Protection Regulation (Article 15) was implemented in 2018 to strengthen data protection for Europeans.
This study aims to explore the challenges faced by individuals who request their data.
A few exceptions did not respond with any data or deliver machine-readable data.
The findings reveal ten patterns individuals face when requesting and accessing their data.
arXiv Detail & Related papers (2023-08-29T09:49:15Z) - Privacy Adhering Machine Un-learning in NLP [66.17039929803933]
In real world industry use Machine Learning to build models on user data.
Such mandates require effort both in terms of data as well as model retraining.
continuous removal of data and model retraining steps do not scale.
We propose textitMachine Unlearning to tackle this challenge.
arXiv Detail & Related papers (2022-12-19T16:06:45Z) - NLP-based Automated Compliance Checking of Data Processing Agreements
against GDPR [9.022562906627991]
We propose an automated solution to check compliance of a given DPA against the "shall" requirements.
Our approach correctly finds 618 out of 750 genuine violations while raising 76 false violations, and further correctly identifies 524 satisfied requirements.
arXiv Detail & Related papers (2022-09-20T13:50:58Z) - Data Protection Impact Assessment for the Corona App [0.0]
SARS-CoV-2 started spreading in Europe in early 2020 and there has been a strong call for technical solutions to combat or contain the pandemic.
There has been a strong call for technical solutions with contact tracing apps at the heart of debates.
The EU's General Daten Protection Regulation (DPIA) requires controllers to carry out a data protection assessment.
We present a scientific DPIA which thoroughly examines three published contact tracing app designs that are considered to be the most "privacy-friendly"
arXiv Detail & Related papers (2021-01-18T19:23:30Z) - Second layer data governance for permissioned blockchains: the privacy
management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths.
In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z) - GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
We examine more than 300 data controllers performing for each of them a request to access personal data.
We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users.
With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
arXiv Detail & Related papers (2020-05-04T22:01:46Z) - Beyond privacy regulations: an ethical approach to data usage in
transportation [64.86110095869176]
We describe how Federated Machine Learning can be applied to the transportation sector.
We see Federated Learning as a method that enables us to process privacy-sensitive data, while respecting customer's privacy.
arXiv Detail & Related papers (2020-04-01T15:10:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.