2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA) 2018
DOI: 10.1109/cybersa.2018.8551442
|View full text |Cite
|
Sign up to set email alerts
|

How to Make Privacy Policies both GDPR-Compliant and Usable

Abstract: It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notificat… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

1
19
0

Year Published

2019
2019
2021
2021

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 36 publications
(20 citation statements)
references
References 61 publications
1
19
0
Order By: Relevance
“…Study 1 also exposes that a data subject’s ability to act upon the information provided in the privacy policies is diminished by the opaque language commonly deployed. This finding echoes Renaud and Shepherd (2018) who critiqued the complex formulations of such notices. Policies also lack specificity.…”
Section: Study 1: Privacy Policy Reviewsupporting
confidence: 62%
See 1 more Smart Citation
“…Study 1 also exposes that a data subject’s ability to act upon the information provided in the privacy policies is diminished by the opaque language commonly deployed. This finding echoes Renaud and Shepherd (2018) who critiqued the complex formulations of such notices. Policies also lack specificity.…”
Section: Study 1: Privacy Policy Reviewsupporting
confidence: 62%
“…Some privacy policies state that data subjects have rights ‘in certain circumstances’, or that one ‘may be entitled’ to exercise the right. Insufficient information about how to contact a person (rather than a department) at a data controller also makes the application of the RtDP harder (Renaud and Shepherd, 2018). The most common means of exercising the right was through email.…”
Section: Study 1: Privacy Policy Reviewmentioning
confidence: 99%
“…In particular, a study on the impact of GDPR from the London Chamber of Commerce and Industry revealed that in 2018 companies were still not prepared to abide by the privacy preservation issues prescribed by GDPR [8]. Moreover, due to the necessity to motivate users to approach GDPR-based privacy issues, some recent works deal with the problem of making friendlier the management of such issues [9,10]. In [9], authors analysed the state of the art of usability design for privacy notifications, by highlighting how approaches defined in the literature correlate to GDPR recitals, summarising them in terms of guidelines.…”
Section: Related Workmentioning
confidence: 99%
“…Moreover, due to the necessity to motivate users to approach GDPR-based privacy issues, some recent works deal with the problem of making friendlier the management of such issues [9,10]. In [9], authors analysed the state of the art of usability design for privacy notifications, by highlighting how approaches defined in the literature correlate to GDPR recitals, summarising them in terms of guidelines. Instead, in [10], a tool named privacyTracker is presented, which aims to support basic GDPR principles, including data traceability, allowing a user to get a cryptographically verifiable snapshot of his/her data trails.…”
Section: Related Workmentioning
confidence: 99%
“…Renaud and Shepherd [22] make an exhaustive state-ofthe-art research and a synthesis of GDPR requirements to provide a guide to write privacy policies. They focus on usability.…”
Section: B Research Backgroundmentioning
confidence: 99%