Streamlining personal data access requests: From obstructive procedures to automated web workflows

• URL: http://arxiv.org/abs/2305.03471v1
• Date: Fri, 5 May 2023 12:27:47 GMT
• Title: Streamlining personal data access requests: From obstructive procedures to automated web workflows
• Authors: Nicola Leschke and Florian Kirsten and Frank Pallas and Elias Gr\"unewald
• Abstract summary: right to data access has so far only seen marginal technical reflection. Process related to performing data subject access requests (DSARs) are thus still to be executed manually. We present an automated approach to the execution of DSARs, employing modern techniques of web automation.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Transparency and data portability are two core principles of modern privacy legislations such as the GDPR. From the regulatory perspective, providing individuals (data subjects) with access to their data is a main building block for implementing these. Different from other privacy principles and respective regulatory provisions, however, this right to data access has so far only seen marginal technical reflection. Processes related to performing data subject access requests (DSARs) are thus still to be executed manually, hindering the concept of data access from unfolding its full potential. To tackle this problem, we present an automated approach to the execution of DSARs, employing modern techniques of web automation. In particular, we propose a generic DSAR workflow model, a corresponding formal language for representing the particular workflows of different service providers (controllers), a publicly accessible and extendable workflow repository, and a browser-based execution engine, altogether providing ``one-click'' DSARs. To validate our approach and technical concepts, we examine, formalize and make publicly available the DSAR workflows of 15 widely used service providers and implement the execution engine in a publicly available browser extension. Altogether, we thereby pave the way for automated data subject access requests and lay the groundwork for a broad variety of subsequent technical means helping web users to better understand their privacy-related exposure to different service providers.

Related papers

• D5RL: Diverse Datasets for Data-Driven Deep Reinforcement Learning [99.33607114541861]
  We propose a new benchmark for offline RL that focuses on realistic simulations of robotic manipulation and locomotion environments. Our proposed benchmark covers state-based and image-based domains, and supports both offline RL and online fine-tuning evaluation.
  arXiv  Detail & Related papers  (2024-08-15T22:27:00Z)
• How to Drill Into Silos: Creating a Free-to-Use Dataset of Data Subject Access Packages [0.0]
  European Union's General Data Protection Regulation strengthened data subjects' right to access personal data. Subjects' possibilities for actually using controller-provided subject access request packages (SARPs) are severely limited so far. This dataset is publicly provided and shall, in the future, serve as a starting point for researching and comparing novel approaches for practically viable use of SARPs.
  arXiv  Detail & Related papers  (2024-07-05T12:39:51Z)
• Collection, usage and privacy of mobility data in the enterprise and public administrations [55.2480439325792]
  Security measures such as anonymization are needed to protect individuals' privacy. Within our study, we conducted expert interviews to gain insights into practices in the field. We survey privacy-enhancing methods in use, which generally do not comply with state-of-the-art standards of differential privacy.
  arXiv  Detail & Related papers  (2024-07-04T08:29:27Z)
• Hook-in Privacy Techniques for gRPC-based Microservice Communication [0.0]
  gRPC is at the heart of modern distributed system architectures. Despite its widespread adoption, gRPC lacks any advanced privacy techniques beyond transport and basic token-based authentication. We propose a novel approach for integrating such advanced privacy techniques into the gRPC framework in a practically viable way.
  arXiv  Detail & Related papers  (2024-04-08T15:18:42Z)
• Provable Privacy with Non-Private Pre-Processing [56.770023668379615]
  We propose a general framework to evaluate the additional privacy cost incurred by non-private data-dependent pre-processing algorithms. Our framework establishes upper bounds on the overall privacy guarantees by utilising two new technical notions.
  arXiv  Detail & Related papers  (2024-03-19T17:54:49Z)
• Towards an Enforceable GDPR Specification [49.1574468325115]
  Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's. One emerging technique to realize PbD is enforcement (RE) We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
  arXiv  Detail & Related papers  (2024-02-27T09:38:51Z)
• A Unified View of Differentially Private Deep Generative Modeling [60.72161965018005]
  Data with privacy concerns comes with stringent regulations that frequently prohibited data access and data sharing. Overcoming these obstacles is key for technological progress in many real-world application scenarios that involve privacy sensitive data. Differentially private (DP) data publishing provides a compelling solution, where only a sanitized form of the data is publicly released.
  arXiv  Detail & Related papers  (2023-09-27T14:38:16Z)
• Sparsity-Aware Intelligent Massive Random Access Control in Open RAN: A Reinforcement Learning Based Approach [61.74489383629319]
  Massive random access of devices in the emerging Open Radio Access Network (O-RAN) brings great challenge to the access control and management. reinforcement-learning (RL)-assisted scheme of closed-loop access control is proposed to preserve sparsity of access requests. Deep-RL-assisted SAUD is proposed to resolve highly complex environments with continuous and high-dimensional state and action spaces.
  arXiv  Detail & Related papers  (2023-03-05T12:25:49Z)
• Scalable Discovery and Continuous Inventory of Personal Data at Rest in Cloud Native Systems [0.0]
  Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores. From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored. We present Teiresias, comprising i) a workflow pattern for scalable discovery of personal data at rest, and ii) a cloud native system architecture and open source prototype implementation of said workflow pattern.
  arXiv  Detail & Related papers  (2022-09-09T10:45:34Z)
• Datensouver\"anit\"at f\"ur Verbraucher:innen: Technische Ans\"atze durch KI-basierte Transparenz und Auskunft im Kontext der DSGVO [0.0]
  The EU General Data Protection Regulation guarantees comprehensive data subject rights. Traditional approaches, such as the provision of lengthy data protection declarations, do not meet the requirements of informational self-determination. For this purpose, the relevant transparency information is extracted in a semi-automated way, represented in a machine-readable format, and then played out via diverse channels such as virtual assistants.
  arXiv  Detail & Related papers  (2021-12-07T18:18:19Z)
• TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures [0.0]
  Transparency provides information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred. Technical approaches for implementing transparency in practice are, however, only rarely considered. We introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines.
  arXiv  Detail & Related papers  (2021-06-10T18:42:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.