Really Enforceable Solution to Protect End-users Consent & Tracking Decisions

Publication: Book/Editorship/ReportResearch report, expert opinion

146 Downloads (Pure)

Abstract

The Advanced Data Protection Control (ADPC) is a technical specification — and a set of sociotechnical mechanisms surrounding it — that can change the current practice of Internet-based personal data protection and consenting by providing novel and standardized means for the communication of privacy and consenting data, meta-data, information, requests, preferences, and decisions. ADPC supports humans in practicing their rights to privacy and agency by giving them more human-centric control over the processing of their personal data and consent. It helps the data controllers to improve their users’ experiences and provides them with easy-to-adopt means to comply with the relevant legal and ethical requirements and expectations.
This technical report introduces the ADPC and describes the project that led to the development of the ADPC, i.e. the „Really Enforceable Solution to Protect End-user Consent & Tracking Decisions“ (RESPECTeD) project, jointly conducted by the Sustainable Computing Lab at the Vienna University of Economics and Business (WU Wien) and the NOYB – European Center for Digital Rights. The project was led by Soheil Human and Max Schrems and was partially funded by the netidee funding program of Internet Privatstiftung Austria – Internet Foundation Austria under the grant number prj4625.
Original languageEnglish
Number of pages18
DOIs
Publication statusPublished - 2022

Publication series

SeriesSustainable Computing Reports and Specifications
Number2
Volume2022

Bibliographical note

[1] Gloria Gonzalez Fuster. The emergence of personal data protection as a fundamental right of the EU, volume 16. Springer Science & Business, 2014.

[2] Stefano Rodota. Data protection as a fundamental right. In Reinventing data protection?, pages 77–82. Springer, 2009.

[3] Rainer Alt, Soheil Human, and Gustaf Neumann. End-user empowerment in the digital age. In Proceedings of the 53rd Hawaii International Conference on System Sciences, Hawaii, United States, 2020.

[4] Soheil Human, Rita Gsenger, and Gustaf Neumann. End-user empowerment: An interdisciplinary perspective. pages 4102–4111, Hawaii, United States, 2020.

[5] Fabian Burmeister, Paul Drews, and Ingrid Schirmer. A Privacy-driven Enterprise Architecture Meta-Model for Supporting Compliance with the General Data Protection Regulation. Hawaii International Conference on System Sciences 2019 (HICSS-52), January 2019.

[6] Soheil Human. THE HALE WHALE: A Framework for the Co-creation of Sustainable, Human- centric, Accountable, Lawful, and Ethical Digital Sociotechnical Systems. Sustainable Computing Paper Series, (2022/01), 2022.

[7] Soheil Human, Rainer Alt, Hooman Habibnia, and Gustaf Neumann. Human-centric Personal Data Protection and Consenting Assistant Systems: Towards a Sustainable Digital Economy. In Proceedings of the 55th Hawaii International Conference on System Sciences, pages 4727–4736, Hawaii, USA, 2022. University of Hawaii.

[8] Celestin Matte, Nataliia Bielova, and Cristiana Santos. Do cookie banners respect my choice?: Measuring legal compliance of banners from iab europe’s transparency and consent framework. In 2020 IEEE Symposium on Security and Privacy (SP), pages 791–809. IEEE, 2020.

[9] Shoshana Zuboff. Big other: surveillance capitalism and the prospects of an information civilization. Journal of information technology, 30(1):75–89, 2015.

[10] Jim Isaak and Mina J Hanna. User data privacy: Facebook, cambridge analytica, and privacy protection. Computer, 51(8):56–59, 2018.

[11] Soheil Human, Gustaf Neumann, and Markus F. Peschl. [How] can pluralist approaches to computational cognitive modeling of human needs and values save our democracies? Intellectica, 70:165–180, 2019.

[12] Soheil Human, Gustaf Neumann, and Rainer Alt. Human-centricity in a Sustainable Digital Economy. In Hawaii International Conference on System Sciences (HICSS-54), Hawaii, USA, 2021.

[13] Soheil Human, Max Schrems, Alan Toner, Gerben, and Ben Wagner. Advanced Data Protection Control (ADPC). Sustainable Computing Reports and Specifications 2021/01, Vienna University of Economics and Business (WU Wien), Vienna, 2021.

[14] Soheil Human. Data protection and consenting communication mechanisms. Sustainable Computing Paper Series, (2022/01), 2022.

[15] Thorhildur Jetzek, Michel Avital, and Niels Bjorn-Andersen. Data-driven innovation through open government data. Journal of theoretical and ap- plied electronic commerce research, 9(2):100–120, 2014.

[16] James Manyika, Michael Chui, Brad Brown, Jacques Bughin, Richard Dobbs, Charles Roxburgh, Angela Hung Byers, et al. Big data: The next frontier for innovation, competition, and productivity. McKinsey Global Institute, 2011.

[17] Alina Sorescu. Data-driven business model innovation. Journal of Product Innovation Management, 34(5):691–696, 2017.

[18] Soheil Human, Gustaf Neumann, and Rainer Alt. A Call for Interdisciplinary Research on Applied Human-centricity in a Sustainable Digital Economy. pages 4695–4696, Hawaii, USA, 2022.

[19] Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, and Thorsten Holz. We value your privacy... now take some cookies: Measuring the gdpr’s impact on web privacy. arXiv preprint arXiv:1808.05096, 2018.

[20] Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. (un) informed consent: Studying gdpr consent notices in the field. In Proceedings of the 2019 acm sigsac conference on computer and communications security, pages 973–990, 2019.

[21] Soheil Human and Florian Cech. A Human-Centric Perspective on Digital Consenting: The Case of GAFAM. In Alfred Zimmermann, Robert J. Howlett, and Lakhmi C. Jain, editors, Human Centred Intelligent Systems, Smart Innovation, Systems and Technologies, pages 139–159, Singapore, 2021. Springer.

[22] Cristiana Santos, Nataliia Bielova, and Celestin Matte. Are cookie ban- ners indeed compliant with the law? deciphering eu legal requirements on consent and technical means to verify compliance of cookie banners. arXiv preprint arXiv:1912.07144, 2019.

[23] Vitor Jesus. Towards an accountable web of personal information: The web-of-receipts. 8:25383–25394, 2020.

[24] Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal. Dark patterns after the gdpr: Scraping consent pop-ups and demon- strating their influence. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pages 1–13, 2020.

[25] Daniel Mikkelsen, Henning Soller, Malin Strandell-Jansson, and Marie Wahlers. Gdpr compliance since may 2018: a continuing challenge. McK- insey & Company, 22, 2019.

[26] Monika Tsaneva et al. Challenges of gdpr compliance in consumer financing companies. In Conferences of the department Informatics, number 1, pages 103–115. Publishing house Science and Economics Varna, 2019.

[27] Flavia Salutari, Diego Da Hora, Matteo Varvello, Renata Teixeira, Vas- silis Christophides, and Dario Rossi. Implications of the multi-modality of user perceived page load time. In 2020 Mediterranean Communication and Computer Networking Conference (MedComNet), pages 1–8. IEEE, 2020.

[28] Soheil Human, Gustaf Neumann, and Markus F. Peschl. [How] can pluralist approaches to computational cognitive modeling of human needs and values save our democracies? Intellectica, 70:165–180, 2019.

[29] Sebastian Zimmeck and Kuba Alicki. Standardizing and implementing do not sell. In Proceedings of the 19th Workshop on Privacy in the Electronic Society, pages 15–20, 2020.

[30] Harshvardhan J Pandit, Axel Polleres, Bert Bos, Rob Brennan, Bud Brueg- ger, Fajar J Ekaputra, Javier D Fern´andez, Roghaiyeh Gachpaz Hamed, El- mar Kiesling, Mark Lizar, et al. Creating a vocabulary for data privacy. In OTM Confederated International Conferences” On the Move to Meaningful Internet Systems”, pages 714–730. Springer, 2019.

[31] Niklas Kirchner, Soheil Human, and Gustaf Neumann. Context-sensitivity of informed consent: The emergence of genetic data markets. In Workshop on Engineering Accountable Information Systems. European Conference on Information Systems-ECIS, 2019.

[32] Soheil Human and Mandan Kazzazi. Contextuality and intersectionality of e-consent: A human- centric reflection on digital consenting in the emerging genetic data markets. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroSPW), pages 307–311, 2021.

[33] Howard Simkevitz. Why privacy matters in health care delivery: a value proposition. In 2009 World Congress on Privacy, Security, Trust and the Management of e-Business, pages 193–201. IEEE, 2009.

WU Working Paper Series

  • Sustainable Computing Reports and Specifications

Keywords

  • Data Protection
  • Privacy
  • Consenting
  • ADPC
  • Advanced Data Protection Control
  • Automation
  • Human-centricity
  • DPCCM

Cite this