Authors:
Jens Leicht
and
Maritta Heisel
Affiliation:
Paluno - The Ruhr Institute for Software Technology, University of Duisburg-Essen, Germany
Keyword(s):
Privacy Policy Management, Consent Management, Privacy Policy Customization, Privacy Policy Storage, Data Value Chain, Data Protection Legislation, Data Accountability.
Abstract:
While privacy policies are well established to express data processing practices, customizable privacy policies are a researched but not established practice to empower data subjects. One of the hurdles, hindering the acceptance of customizable policies, is the management of large amounts of privacy policies, when each data subject has their own policy. We propose a Privacy Policy Management (PPM) system, which handles customized policies and distributes them to all data processors. In addition, our PPM keeps track of where and why data are being transferred. This information can be provided to the data subjects, so that they can see that the data controller complies to the policy agreed upon. The log of data transfers can also be used by data protection authorities, to check the GDPR-compliance of the data controller or for investigations in case of a data breach. We discuss the architecture of our PPM, how it operates, and integrate it into the Privacy Policy Compliance Guidance fr
amework.
(More)