Work Package 1: Privacy Paradigm
Objectives:
-
Develop a set of standard form privacy policies consistent with GDPR requirements, to reduce the effort that service providers need to annotate and enforce policies and users need to select digital service offerings matching their preferences;
-
Validate the consistency of machine-readable renderings of standard form policies against human readable and legal codification versions and the completeness of that rendering in compliance technical platform;
-
Assess the ethical impact of proposed standard form policies against shifting user expectations.
Expected Results:
Input to the design of standard forms developed for privacy paradigm policies based on assessing their accessibility and usefulness to users and data controllers who will use them day-to-day. Provision of a set of digital service use cases for use in assessing different forms of privacy policy in service selection and usage scenarios, for different user demographics, e.g. by age, gender, income. Results in a repeatable methodology for assessing privacy policy notification that integrates probes for usability assessments with assessing legal sufficiency of the policy.
The project will deliver a systematic ethical assessment of the diversity of privacy issues that are associated with the collection and storage of various personal information by websites. The ethical assessment will focus on similarities and differences in the privacy expectations regarding different types of personal information (from browser behaviour to video selfies), modes of collecting and storage them, and purposes for which they are or could be used. This will be based in part on consultations of stakeholders and their values and preferences regarding privacy, as well as responsible innovation, such as open source and gender issues. This will provide an analysis of the proper division of labour between privacy policies and technological protections offered by the Privacy Paradigm approach.
Individuals cannot cope with the high number of privacy consent terms they have to agree with as Internet users. Currently, there are no tools and services supporting the management of these documents, and the user lacks the means to effectively track to which consent has been given and for which purposes. This situation may be improved if consent forms and privacy terms were represented in an explicit data vocabulary that can be automatically processed and is capable of being reasoned over to assist with data protection compliance and risk assessments.