The Layered Privacy Language Art. 12 – 14 GDPR Extension – Privacy Enhancing User Interfaces

• Published in: Datenschutz und Datensicherheit Vol. 43; no. 12; pp. 747 - 752
• Main Authors: Gerl, Armin, Meier, Bianca
• Format: Magazine Article
• Language: German
• Published: Wiesbaden Springer Fachmedien Wiesbaden 01.12.2019; Springer Nature B.V
• Subjects: Coding and Information Theory; Computer privacy; Computer Science; Cryptology; Data Structures and Information Theory; General Data Protection Regulation; Policies; Privacy; Schwerpunkt; User interfaces
• ISSN: 1614-0702; 1862-2607
• DOI: 10.1007/s11623-019-1200-9

Zusammenfassung Since 25th May 2018, the EU-wide General Data Protection Regulation (GDPR) applies in order to strengthen the rights of Data Subjects. Although the GDPR specifies the required information, which has to be presented to a Data Subject, it can still be argued for a lack of transparency due to unfavourable presentation of the privacy policy. Furthermore, no systematic approach for the enforcement of privacy policies in technical systems is deployed. These issues are tackled by the both human- and machine-readable Layered Privacy Language (LPL), which models legal privacy policies. This work introduces an extension for LPL to comply with Art. 12 – 14 GDPR. Additionally, user interface prototypes will be introduced to allow the creation of LPL privacy policies by the Data Protection Officer as well as a structured presentation of the LPL privacy policy for web-applications.