Critical Analysis of LPL according to Articles 12 - 14 of the GDPR

Gerl, Armin; Pohl, Dirk

doi:10.1145/3230833.3233267

Cited by 6 publications

(2 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First and foremost, TIRA is based on an exhaustive analysis of legal transparency requirements and explicitly tailored to these from ground up. Insofar, it significantly distinguishes from other approaches (e.g., [29,30]) which often lack the explicit alignment to legally mandatory transparency requirements [31,32]. Second, we consciously follow an annotationbased approach instead of employing, for instance, information flow control [33] or static code analysis [34] for determining what personal data a service consumes or exposes, how long it is stored, etc.…”

Section: Discussionmentioning

confidence: 99%

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Grünewald,

Wille,

Pallas

et al. 2021

Preprint

View full text Add to dashboard Cite

Transparency -the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred -is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottomup fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.

show abstract

Section: Discussionmentioning

confidence: 99%

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Grünewald,

Wille,

Pallas

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…LPL [43], implemented by Gerl et al, is a human and machine-readable privacy language which aims to promote the expression and enforcement of GDPR's legal requirements related to data subject's consent, personal data provenance and retention and also to implement privacy-preserving processing activities based on the application of state-of-the-art anonymization techniques. Further work by Gerl and Pohl [45] focused on improving LPL to be able to fully represent the requirements derived from Articles 12 to 14 of the GDPR, the so-called data subject's 'Right to be informed'. LPL's policy structure is purpose-based, i.e., its core architecture is composed by a set of purposes and each purpose has associated a set of data types being processed and also the recipients of said data.…”

Section: Layered Privacy Language (Lpl)mentioning

confidence: 99%

Analysis of ontologies and policy languages to represent information flows in GDPR

Esteves

Rodrı́guez-Doncel

2024

View full text Add to dashboard Cite

This article surveys existing vocabularies, ontologies and policy languages that can be used to represent informational items referenced in GDPR rights and obligations, such as the ‘notification of a data breach’, the ‘controller’s identity’ or a ‘DPIA’. Rights and obligations in GDPR are analyzed in terms of information flows between different stakeholders, and a complete collection of 57 different informational items that are mentioned by GDPR is described. 13 privacy-related policy languages and 9 data protection vocabularies and ontologies are studied in relation to this list of informational items. ODRL and LegalRuleML emerge as the languages that can respond positively to a greater number of the defined comparison criteria if complemented with DPV and GDPRtEXT, since 39 out of the 57 informational items can be modelled. Online supplementary material is provided, including a simple search application and a taxonomy of the identified entities.

show abstract

The Layered Privacy Language Art. 12 – 14 GDPR Extension – Privacy Enhancing User Interfaces

Gerl

Meier²

2019

Datenschutz Datensich

View full text Add to dashboard Cite

Critical Analysis of LPL according to Articles 12 - 14 of the GDPR

Cited by 6 publications

References 11 publications

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Analysis of ontologies and policy languages to represent information flows in GDPR

The Layered Privacy Language Art. 12 – 14 GDPR Extension – Privacy Enhancing User Interfaces

Contact Info

Product

Resources

About