Skip to main content
SpringerLink
Log in

PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13582))

Included in the following conference series:

Abstract

The General Data Protection Regulation (GDPR) makes the creation of compliant privacy policies a complex process. Our goal is to support policy authors during the creation of privacy policies, by providing them feedback on the privacy policy they are creating. We present the Privacy Policy Compliance Guidance (PriPoCoG) framework supporting policy authors as well as data protection authorities in checking the compliance of privacy policies. To this end we formalize the Layered Privacy Language (LPL) and parts of the GDPR using Prolog. Our formalization, ‘Prolog-LPL’ (P-LPL), points out inconsistencies in a privacy policy and problematic parts of a policy regarding GDPR-compliance. To evaluate P-LPL we translate the Amazon.de privacy policy into P-LPL and perform a compliance analysis on this policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.swi-prolog.org/.

  2. 2.

    Available at: https://github.com/jensLeicht/PriPoCoG.

References

  1. Amazon Europe Core: Amazon.de privacy policy (2020). https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010 &language=en_GB, Accessed 11 Jan 2022

  2. Bhatia, J., Evans, M.C., Breaux, T.D.: Identifying incompleteness in privacy policy goals using semantic frames. Requirements Eng. 24(3), 291–313 (2019). https://doi.org/10.1007/s00766-019-00315-y

    Article  Google Scholar 

  3. Caramujo, J., Rodrigues da Silva, A., Monfared, S., Ribeiro, A., Calado, P., Breaux, T.: RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies. Requirements Eng. 24(1), 1–26 (2018). https://doi.org/10.1007/s00766-018-0305-2

    Article  Google Scholar 

  4. European Parliament, Council of the European Union: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119, 1–88 (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC

  5. Gerl, A.: Modelling of a Privacy Language and Efficient Policy-based De-identification. Ph.D. thesis, Universität Passau (2020). https://nbn-resolving.org/urn:nbn:de:bvb:739-opus4-7674

  6. Gol Mohammadi, N., Pampus, J., Heisel, M.: Pattern-based incorporation of privacy preferences into privacy policies: negotiating the conflicting needs of service providers and end-users. In: Proceedings of the 24th European Conference on Pattern Languages of Programs, pp. 1–12 (2019)

    Google Scholar 

  7. ISO 13221–1:1995: Information technology - Programming languages - Prolog - Part 1: General core. Standard, International Organization for Standardization, Geneva, CH (1995)

    Google Scholar 

  8. Kiyomoto, S., Nakamura, T., Takasaki, H., Watanabe, R., Miyake, Y.: PPM: privacy policy manager for personalized services. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 377–392. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40588-4_26

    Chapter  Google Scholar 

  9. Leicht, J., Gerl, A., Heisel, M.: Technical report on the extension of the layered privacy language. University Duisburg-Essen (2021). https://doi.org/10.17185/duepublico/74569

  10. Pandit, H.J.: Data privacy vocabulary (DPV). Draft, Data Privacy Vocabularies and Controls Community Group (2021). https://dpvcg.github.io/dpv/

  11. Slavin, R., et al.: Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the 38th International Conference on Software Engineering, pp. 25–36 (2016)

    Google Scholar 

  12. Torre, D., et al.: An AI-assisted approach for checking the completeness of privacy policies against GDPR. In: 2020 IEEE 28th International Requirements Engineering Conference (RE), pp. 136–146. IEEE (2020)

    Google Scholar 

  13. Yang, L., Chen, X., Luo, Y., Lan, X., Chen, L.: PurExt: automated extraction of the purpose-aware rule from the natural language privacy policy in IoT. Secur. Commun. Netw. 2021, 1–11 (2021)

    Google Scholar 

Download references

Acknowledgement

We thank Thomas Santen for his useful comments.

Author information

Authors and Affiliations

  1. paluno - The Ruhr Institute for Software Technology, University of Duisburg-Essen, Duisburg, Germany

    Jens Leicht & Maritta Heisel

  2. University of Passau, Innstrasse 41, 94032, Passau, Germany

    Armin Gerl

Authors
  1. Jens Leicht
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maritta Heisel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Armin Gerl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jens Leicht .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. University of Nottingham, Nottingham, UK

    Steven Furnell

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Leicht, J., Heisel, M., Gerl, A. (2022). PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies. In: Katsikas, S., Furnell, S. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2022. Lecture Notes in Computer Science, vol 13582. Springer, Cham. https://doi.org/10.1007/978-3-031-17926-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17926-6_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17925-9

  • Online ISBN: 978-3-031-17926-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation