GDPR Compliance Assessment for Cross-Border Personal Data Transfers in Android Apps

Guamán, Danny S.; Álamo, José M. Del; Caiza, Julio C.

doi:10.1109/access.2021.3053130

Cited by 28 publications

(24 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Governance: About the governance, we listed questions concern the good practices, polices, communication, roles and involvement at a strategic level. This dimension contained eleven questions (7)(8)(9)(10)(11)(12)(13)(14)(15)(16)(17). Dimension 3…”

Section: Methodsmentioning

confidence: 99%

“…Guamán et al [16] presented a method for systematically assessing the compliance of Android mobile apps with GDPR requirements for international transfers in accordance with the data protection regulation. However, data protection laws generally require that all participants in a personal flow ensure an equivalent level of protection for personal data, regardless of location.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

et al. 2021

View full text Add to dashboard Cite

In order to guarantee the privacy of users’ data, the Brazilian government created the Brazilian General Data Protection Law (LGPD). This article made a diagnostic of Brazilian organizations in relation to their suitability for LGPD, based on the perception of Information Technology (IT) practitioners who work in these organizations. We used a survey with 41 questions to diagnose different Brazilian organizations, both public and private. The diagnostic questionnaire was answered by 105 IT practitioners. The results show that 27% of organizations process personal data of public access based on good faith and LGPD principles. In addition, our findings also revealed that 16.3% of organizations have not established a procedure or methodology to verify that the LGPD principles are being respected during the development of services that will handle personal data from the product or service design phase to its execution and 20% of the organizations did not establish a communication process to the personal data holders, regarding the possible data breaches. The result of the diagnostic allows organizations and data users to have an overview of how the treatment of personal data of their customers is being treated and which points of attention are in relation to the principles of LGPD.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

et al. 2021

View full text Add to dashboard Cite

show abstract

“…However, this approach requires compiled bytecode, which may not always be readily available during the development process. Arfelt et al provide a formal logic for monitoring GDPR compliance [2] and a functional tool was developed by [6] for analyzing cross-border data transmission in Android applications, which is limited in scope to a specific platform.…”

Section: Related Workmentioning

confidence: 99%

Identifying Personal Data Processing for Code Review

Feiyang

Østvold

Bruntink

2023

Proceedings of the 9th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Ensuring compliance with the General Data Protection Regulation (GDPR) is a crucial aspect of software development. This task, due to its time-consuming nature and requirement for specialized knowledge, is often deferred or delegated to specialized code reviewers. These reviewers, particularly when external to the development organization, may lack detailed knowledge of the software under review, necessitating the prioritization of their resources. To address this, we have designed two specialized views of a codebase to help code reviewers in prioritizing their work related to personal data: one view displays the types of personal data representation, while the other provides an abstract depiction of personal data processing, complemented by an optional detailed exploration of specific code snippets. Leveraging static analysis, our method identifies personal data-related code segments, thereby expediting the review process. Our approach, evaluated on four open-source GitHub applications, demonstrated a precision rate of 0.87 in identifying personal data flows. Additionally, we fact-checked the privacy statements of 15 Android applications. This solution, designed to augment the efficiency of GDPRrelated privacy analysis tasks such as the Record of Processing Activities (ROPA), aims to conserve resources, thereby saving time and enhancing productivity for code reviewers.

show abstract

“…Supervised machine learning requires a dataset of annotated policies to train policy models. Generating such annotated dataset is a human-intensive process, thus some approaches focus on extending datasets already available [40]. Once the new dataset is ready, the Sklearn library is usually employed to generate and train the models.…”

Section: From Policy Compliance To Legal Compliancementioning

confidence: 99%

Privacy Assessment in Android Apps: A Systematic Mapping Study

et al. 2021

Self Cite

View full text Add to dashboard Cite

Android apps are daily installed by billions of users worldwide, who grant access to an extensive set of sensitive personal data. Different techniques have been developed over the years to understand how apps protect or harm their users’ privacy. However, these results have been produced in different research domains and addressing privacy from different perspectives, resulting in a growing but scattered body of knowledge. To bridge this gap, we have carried out a systematic mapping study to provide practitioners and researchers with an overview of the state-of-the-art technique, published between 2016 and 2020, to assess privacy in Android apps. In this paper, we highlight the most relevant findings, identify and analyse the most pressing gaps, and discuss the promising research directions.

show abstract

GDPR Compliance Assessment for Cross-Border Personal Data Transfers in Android Apps

Cited by 28 publications

References 46 publications

Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

Identifying Personal Data Processing for Code Review

Privacy Assessment in Android Apps: A Systematic Mapping Study

Contact Info

Product

Resources

About