TILT: A GDPR-Aligned Transparency Information Language and Toolkit for Practical Privacy Engineering

In this paper, we present TILT, a transparency information language and toolkit explicitly designed to represent and process transparency information in line with the requirements of the GDPR and allowing for a more automated and adaptive use of such information than established, legalese data protection policies do. We provide a detailed analysis of transparency obligations from the GDPR to identify the expressiveness required for a formal transparency language intended to meet respective legal requirements. In addition, we identify a set of further, non-functional requirements that need to be met to foster practical adoption in real-world (web) information systems engineering. On this basis, we specify our formal language and present a respective, fully implemented toolkit around it. We then evaluate the practical applicability of our language and toolkit and demonstrate the additional prospects it unlocks through two different use cases: a) the inter-organizational analysis of personal data-related practices allowing, for instance, to uncover data sharing networks based on explicitly announced transparency information and b) the presentation of formally represented transparency information to users through novel, more comprehensible, and potentially adaptive user interfaces, heightening data subjects' actual informedness about data-related practices and, thus, their sovereignty. Altogether, our transparency information language and toolkit allow - differently from previous work - to express transparency information in line with actual legal requirements and practices of modern (web) information systems engineering and thereby pave the way for a multitude of novel possibilities to heighten transparency and user sovereignty in practice.Comment: Accepted for publication at the ACM Conference on Fairness, Accountability, and Transparency 2021 (ACM FAccT'21). This is a preprint manuscript (authors' own version before final copy-editing

Scalable Discovery and Continuous Inventory of Personal Data at Rest in Cloud Native Systems

Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores (e.g., relational and non-relational databases). From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored, as required by regulatory frameworks such as the European General Data Protection Regulation. In this paper, we present Teiresias, comprising i) a workflow pattern for scalable discovery of personal data at rest, and ii) a cloud native system architecture and open source prototype implementation of said workflow pattern. To this end, we enable a continuous inventory of personal data featuring transparency and accountability following DevOps/DevPrivOps practices. In particular, we scope version-controlled Infrastructure as Code definitions, cloud-based storages, and how to integrate the process into CI/CD pipelines. Thereafter, we provide iii) a comparative performance evaluation demonstrating both appropriate execution times for real-world settings, and a promising personal data detection accuracy outperforming existing proprietary tools in public clouds.Comment: Preprint of 2022-09-09 before final copy-editing of an accepted peer-reviewed paper to appear in the Proceedings of the 20th International Conference on Service-Oriented Computing ICSOC 202

Towards Cross-Provider Analysis of Transparency Information for Data Protection

Transparency and accountability are indispensable principles for modern data protection, from both, legal and technical viewpoints. Regulations such as the GDPR, therefore, require specific transparency information to be provided including, e.g., purpose specifications, storage periods, or legal bases for personal data processing. However, it has repeatedly been shown that all too often, this information is practically hidden in legalese privacy policies, hindering data subjects from exercising their rights. This paper presents a novel approach to enable large-scale transparency information analysis across service providers, leveraging machine-readable formats and graph data science methods. More specifically, we propose a general approach for building a transparency analysis platform (TAP) that is used to identify data transfers empirically, provide evidence-based analyses of sharing clusters of more than 70 real-world data controllers, or even to simulate network dynamics using synthetic transparency information for large-scale data-sharing scenarios. We provide the general approach for advanced transparency information analysis, an open source architecture and implementation in the form of a queryable analysis platform, and versatile analysis examples. These contributions pave the way for more transparent data processing for data subjects, and evidence-based enforcement processes for data protection authorities. Future work can build upon our contributions to gain more insights into so-far hidden data-sharing practices.Comment: technical repor

Configurable Per-Query Data Minimization for Privacy-Compliant Web APIs

The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing Web APIs, however, typically lack sophisticated data minimization features, leaving the task open to manual and all too often missing implementations. In this paper, we address the problem of data minimization for data-providing, query-capable Web APIs. Based on a careful analysis of functional and non-functional requirements, we introduce Janus, an easy-to-use, highly configurable solution for implementing legally compliant data minimization in GraphQL Web APIs. Janus provides a rich set of information reduction functionalities that can be configured for different client roles accessing the API. We present a technical proof-of-concept along with experimental measurements that indicate reasonable overheads. Janus is thus a practical solution for implementing GraphQL APIs in line with the regulatory principle of data minimization.Comment: Preprint version (2022-03-18) This version of the contribution has been accepted for publication at the 22nd International Conference on Web Engineering (ICWE 2022), Bari, Ital

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.Comment: Accepted for publication at the 2021 International Workshop on Privacy Engineering (IWPE'21). This is a preprint manuscript (authors' own version before final copy-editing

UAV-getragenes laserinduziertes Fluoreszenzspektroskopie-System zur aktiven Ferndetektion von Gefahrstoffen auf Oberflächen

LUCS ist ein innovatives drohnengestütztes Ferndetektionssystem, welches im Rahmen der DLR Sicherheitsforschung am DLR Institut für Technische Physik entwickelt wurde. Basierend auf einer laserspektroskopischen Technik ist das UAV-gestützte System insbesondere für den Einsatz zur berührungslosen Erkennung und Klassifizierung von chemischen und biologischen Gefahrstoffen auf Oberflächen ausgelegt. Mit einer Messzeit von ca. 100 ms können aus einer Detektionsdistanz zwischen 8 – 10 m innerhalb kürzester Zeit die Fluoreszenzeigenschaften des Probenmaterial untersucht werden

A Practical, Accurate, Information Criterion for Nth Order Markov Processes

The recent increase in the breath of computational methodologies has been matched with a corresponding increase in the difficulty of comparing the relative explanatory power of models from different methodological lineages. In order to help address this problem a Markovian information criterion (MIC) is developed that is analogous to the Akaike information criterion (AIC) in its theoretical derivation and yet can be applied to any model able to generate simulated or predicted data, regardless of its methodology. Both the AIC and proposed MIC rely on the Kullback–Leibler (KL) distance between model predictions and real data as a measure of prediction accuracy. Instead of using the maximum likelihood approach like the AIC, the proposed MIC relies instead on the literal interpretation of the KL distance as the inefficiency of compressing real data using modelled probabilities, and therefore uses the output of a universal compression algorithm to obtain an estimate of the KL distance. Several Monte Carlo tests are carried out in order to (a) confirm the performance of the algorithm and (b) evaluate the ability of the MIC to identify the true data-generating process from a set of alternative models

Datensouveränität für Verbraucher:innen: Technische Ansätze durch KI-basierte Transparenz und Auskunft im Kontext der DSGVO

Hinreichende Datensouveränität gestaltet sich für Verbraucher:innen in der Praxis als äußerst schwierig. Die Europäische Datenschutzgrundverordnung garantiert umfassende Betroffenenrechte, die von verwantwortlichen Stellen durch technisch-organisatorische Maßnahmen umzusetzen sind. Traditionelle Vorgehensweisen wie die Bereitstellung länglicher Datenschutzerklärungen oder der ohne weitere Hilfestellungen angebotene Download von personenbezogenen Rohdaten werden dem Anspruch der informationellen Selbstbestimmung nicht gerecht. Die im Folgenden aufgezeigten neuen technischen Ansätze insbesondere KI-basierter Transparenz- und Auskunftsmodalitäten zeigen die Praktikabilität wirksamer und vielseitiger Mechanismen. Hierzu werden die relevanten Transparenzangaben teilautomatisiert extrahiert, maschinenlesbar repräsentiert und anschließend über diverse Kanäle wie virtuelle Assistenten oder die Anreicherung von Suchergebnissen ausgespielt. Ergänzt werden außerdem automatisierte und leicht zugängliche Methoden für Auskunftsersuchen und deren Aufbereitung nach Art. 15 DSGVO. Abschließend werden konkrete Regulierungsimplikationen diskutiert