Extracting Layered Privacy Language Purposes from Web Services
This addresses the issue of unclear data processing for users, though it appears incremental as it builds on existing privacy language frameworks.
The paper tackles the problem of web services failing to provide enough information for informed consent under data protection regulations by coupling the Layered Privacy Language (LPL) with web services to formally generate processing purposes for privacy policies, with results demonstrated in a small case study.
Web services are important in the processing of personal data in the World Wide Web. In light of recent data protection regulations, this processing raises a question about consent or other basis of legal processing. While a consent must be informed, many web services fail to provide enough information for users to make informed decisions. Privacy policies and privacy languages are one way for addressing this problem; the former document how personal data is processed, while the latter describe this processing formally. In this paper, the socalled Layered Privacy Language (LPL) is coupled with web services in order to express personal data processing with a formal analysis method that seeks to generate the processing purposes for privacy policies. To this end, the paper reviews the background theory as well as proposes a method and a concrete tool. The results are demonstrated with a small case study.