TY - GEN
T1 - I Agree: Customize your Personal Data Processing with the CoRe User Interface
AU - Drozd, Olha
AU - Kirrane, Sabrina
PY - 2019
Y1 - 2019
N2 - The General Data Protection Regulation (GDPR) requires, except for some predefined scenarios (e.g., contract performance, legal obligations, vital interests, etc.), obtaining consent from the data subjects for the processing of their personal data. Companies that want to process personal data of the European Union (EU) citizens but are located outside the EU also have to comply with the GDPR. Existing mechanisms for obtaining consent involve presenting the data subject with a document where all possible data processing, done by the entire service, is described in very general terms. Such consent is neither specific nor informed. In order to address this challenge, we introduce a consent request (CoRe) user interface (UI) with maximum control over the data processing and a simplified CoRe UI with reduced control options. Our CoRe UI not only gives users more control over the processing of their personal data but also, according to the usability evaluations reported in the paper, improves their comprehension of consent requests.
AB - The General Data Protection Regulation (GDPR) requires, except for some predefined scenarios (e.g., contract performance, legal obligations, vital interests, etc.), obtaining consent from the data subjects for the processing of their personal data. Companies that want to process personal data of the European Union (EU) citizens but are located outside the EU also have to comply with the GDPR. Existing mechanisms for obtaining consent involve presenting the data subject with a document where all possible data processing, done by the entire service, is described in very general terms. Such consent is neither specific nor informed. In order to address this challenge, we introduce a consent request (CoRe) user interface (UI) with maximum control over the data processing and a simplified CoRe UI with reduced control options. Our CoRe UI not only gives users more control over the processing of their personal data but also, according to the usability evaluations reported in the paper, improves their comprehension of consent requests.
U2 - 10.1007/978-3-030-27813-7_2
DO - 10.1007/978-3-030-27813-7_2
M3 - Contribution to conference proceedings
SN - 978-3-030-27812-0
T3 - Lecture Notes in Computer Science (LNCS)
SP - 17
EP - 32
BT - Trust, Privacy and Security in Digital Business
A2 - Gritzalis, Stefanos
A2 - Weippl, Edgar R.
A2 - Katsikas, Sokratis K.
A2 - Anderst-Kotsis, Gabriele
A2 - Tjoa, A Min
A2 - Khalil, Ismail
PB - Springer
CY - Cham
ER -