Privacy CURE: Consent Comprehension Made Easy

Although the General Data Protection Regulation (GDPR) defines several potential legal bases for personal data processing, in many cases data controllers, even when they are located outside the European Union (EU), will need to obtain consent from EU citizens for the processing of their personal data. Unfortunately, existing approaches for obtaining consent, such as pages of text followed by an agreement/disagreement mechanism, are neither specific nor informed. In order to address this challenge, we introduce our Consent reqUest useR intErface (CURE) prototype, which is based on the GDPR requirements and the interpretation of those requirements by the Article 29 Working Party (i.e., the predecessor of the European Data Protection Board). The CURE prototype provides transparency regarding personal data processing, more control via a customization, and, based on the results of our usability evaluation, improves user comprehension with respect to what data subjects actually consent to. Although the CURE prototype is based on the GDPR requirements, it could potentially be used in other jurisdictions also

I Agree: Customize your Personal Data Processing with the CoRe User Interface

The General Data Protection Regulation (GDPR) requires, except for some predefined scenarios (e.g., contract performance, legal obligations, vital interests, etc.), obtaining consent from the data subjects for the processing of their personal data. Companies that want to process personal data of the European Union (EU) citizens but are located outside the EU also have to comply with the GDPR. Existing mechanisms for obtaining consent involve presenting the data subject with a document where all possible data processing, done by the entire service, is described in very general terms. Such consent is neither specific nor informed. In order to address this challenge, we introduce a consent request (CoRe) user interface (UI) with maximum control over the data processing and a simplified CoRe UI with reduced control options. Our CoRe UI not only gives users more control over the processing of their personal data but also, according to the usability evaluations reported in the paper, improves their comprehension of consent requests

I Agree: Customize your Personal Data Processing with the CoRe User Interface

The General Data Protection Regulation (GDPR) requires, except for some predefined scenarios (e.g., contract performance, legal obligations, vital interests, etc.), obtaining consent from the data subjects for the processing of their personal data. Companies that want to process personal data of the European Union (EU) citizens but are located outside the EU also have to comply with the GDPR. Existing mechanisms for obtaining consent involve presenting the data subject with a document where all possible data processing, done by the entire service, is described in very general terms. Such consent is neither specific nor informed. In order to address this challenge, we introduce a consent request (CoRe) user interface (UI) with maximum control over the data processing and a simplified CoRe UI with reduced control options. Our CoRe UI not only gives users more control over the processing of their personal data but also, according to the usability evaluations reported in the paper, improves their comprehension of consent requests

High Anti-Corruption Court of Ukraine: the peculiarities of establishment and the first results

The purpose of the article is to analyze the peculiarities of establishment of the High Anti-Corruption Court of Ukraine (HACC) and to consider the first results of its work. Methodology. Thus, the analysis and synthesis method as well as the logical method were used to formulate a holistic view on corruption and its features, as well as the ways, in which it can be manifested. The logical-semantic method was used to establish the meaning of the term “corruption”. The historical method was useful in studying the history of the establishment of the HACC. The comparative method was used when analyzing Ukrainian legal acts, which regulate the issue under consideration, as well as scientific views on the topic. The system and structural method was applied to determine the institutional features of the HACC. The method of systematic analysis made it possible to identify the operational characteristics of this agency. The legal modeling method was helpful in drawing conclusions of the research. The results of the study. The high level of corruption of Ukraine has led to the need to find the ways to counteract it. To that end, the system of bodies of pre-trial investigation and prosecution of high-ranking officials for corruption offenses has been created over the last three years. The establishment of the HACC was the final stage of this reform. Practical implications. Since the international experience in establishing anti-corruption courts is quite controversial, it was found that many scholars are skeptical about the ability of the HACC to reduce corruption in Ukraine. So, the list of arguments for and against the operation of HACC in Ukraine was comprehensively reviewed. Value / originality. As a result of the research, the authors identified both the shortcomings and the benefits of the work of Ukrainian anti-corruption court

Towards an Interactive Privacy Pattern Catalog

A privacy pattern catalog provides guidance with respect to data protection requirements, to both technical and non-technical personnel that are involved in the development of software that processes personally identifiable information. This paper describes a privacy pattern catalog that was compiled with the help of the structured-case methodology. The proposed privacy pattern catalog is an interactive online tool that classifies privacy patterns according to the privacy principle requirements of the ISO/IEC 29100. In addition to the ability to browse through the classification, the tool provides an option to export selected information into a Microsoft Word document for further use. A classification of patterns, based on usage context, application permissions and hierarchical relations of patterns in terms of their level of generality is proposed. While, category, permission and granularity filters are highlighted as a future implementation of the proposed pattern classification scheme

A Scalable Consent, Transparency and Compliance Architecture

In this demo we present the SPECIAL consent, transparency and compliance system. The objective of the system is to afford data subjects more control over personal data processing and sharing, while at the same time enabling data controllers and processors to comply with consent and transparency obligations mandated by the European General Data Protection Regulation. A short promotional video can be found at https://purl.com/specialprivacy/demos/ESWC2018

A Conceptual Consent Request Framework for Mobile Devices

The General Data Protection Regulation (GDPR) identifies consent as one of the legal bases for personal data processing and requires that it should be freely given, specific, informed, unambiguous, understandable, and easily revocable. Unfortunately, current technical mechanisms for obtaining consent often do not comply with these requirements. The conceptual consent request framework for mobile devices that is presented in this paper, addresses this issue by following the GDPR requirements on consent and offering a unified user interface for mobile apps. The proposed conceptual framework is evaluated via the development of a City Explorer app with four consent request approaches (custom, functionality-based, app-based, and usage-based) integrated into it. The evaluation shows that the functionality-based consent, which was integrated into the City Explorer app, achieved the best evaluation results and the highest average system usability scale (SUS) score. The functionality-based consent also scored the highest number of SUS points among the four consent templates when evaluated separately from the app. Additionally, we discuss the framework’s reusability and its integration into other mobile apps of different contexts

Storage and Quality of Apples ‘Reinette Simirenko’, Depending on the Dose of Post-Harvest Treatment with Ethylene Inhibitor 1-MCP

Natural weight losses, flesh and core browning, senescent breakdown and fruit rot, ethylene-production, firmness, soluble solids content, titratable acidity and taste of apple ‘Reinette Simirenko’ during storage, depending on the dose of postharvest treatment with 1-methylcyclopropene (1-MCP) were studied. Fruits were collected in harvesting maturity and treated with 1-MCP at the recommended dose of 1000 ppb (SmartFreshTM 0.068 g·m−3) and experimental doses of 750 ppb (75% of the recommended dose) and 500 ppb (50%). Apples were stored at 2 ± 1 °C and air humidity 85–90%. After seven months of cold storage, irrespective of dose of 1-MCP, on the 20th day of shelf-life, ethylene production from the treated apples was 3.9–5.3 times lower than that of the untreated ones. During the seven months of storage, fruits with post-harvest treatment had high firmness – 8.8–9.0 kg without a significant difference in range of 500–1000 ppb 1-MCP. 1-MCP treatment provides 0.6–1.0% higher content of soluble solids (highest level is for the treatment of 750 and 1000 ppb). Content of titratable acidity was higher by 1.4–1.7 times (the highest acidity was at 1000 ppb and, respectively, 1.1 and 1.2 times lower when treated with doses of 750 and 500 ppb). There was no skin browning and senescent breakdown and no flesh browning at 750 and 1000 ppb, and no fruit rot at 1000 ppb. When smaller doses (as recommended) are applied, a more harmonious taste of apples without reducing storage ability is achieved

Organizing design patterns for privacy: a taxonomy of types of relationships

There has recently been an upsurge of legislative, technical and organizational frameworks in the field of privacy which recommend, and even mandate the need to consider privacy issues in the design of information systems. Privacy design patterns have been acknowledged as a useful tool to support engineers in this complex task, as they leverage best-practices which are already available in the engineering community. There are currently different privacy pattern catalogs coexisting, however, an ongoing effort is being made to unify these scattered contributions into one comprehensive system of patterns. To this end, the relationships between the privacy patterns must be expressed consistently. However, the catalogs available describe pattern relationships at different, incompatible levels of detail, or do not describe them at all. To solve this problem, this paper presents a taxonomy of types of relationships that can be used to describe the relationships between privacy patterns. This taxonomy has been validated against each individual catalog to ensure its applicability in the unified privacy pattern system