TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.Comment: Accepted for publication at the 2021 International Workshop on Privacy Engineering (IWPE'21). This is a preprint manuscript (authors' own version before final copy-editing

Participatory sensing and wearable technologies as tools to support citizen and open science: Technical and organizational challenges and possible solutions

Wenn BürgerInnen aktiv am Datengewinnungsprozess als zentralem Baustein empirisch ausgerichteter wissenschaftlicher Projekte teilhaben, kann dies als Beitrag zu einer offenen und bürgernahen Wissenschaft angesehen werden. Eine solche Teilhabe kann durch die Bereitstellung von technischen Werkzeugen erheblich erleichtert werden. Daher sollen Participatory Sensing als Bereitstellung von günstigen Sensoren zur Messung von Umweltparametern sowie Wearable Technologies zur Aufnahme von quantifizierten Vitaldaten und physiologischen Zuständen vorgestellt werden. Konzeptionell kann die Bereitstellung von Daten, die mit diesen Werkzeugen erhoben wurden, als Allmende verstanden werden – mit allen damit verbundenen Chancen und Risiken. Nach der Beschreibung von Beispielen aus den Bereichen von Participatory Sensing und Wearable Technologies werden zu erwartende Herausforderungen identifiziert und technisch-organisatorische Ansätze zu deren Lösung skizziert.If citizens actively participate in the process of collecting empirical data, as a key element of empirically oriented scientific projects, this can be seen as a contribution to an open and citizen-oriented science. Such participation can be supported by providing technical tools. The paper therefore presents examples of participatory sensing as the provision of affordable sensors for measuring environmental parameters as well as wearable technologies for recording quantified vital data and physiological states. Conceptually, the provision of data collected with these tools can be understood as a commons – with all opportunities and risks associated with such goods. After describing examples of participatory sensing and wearable technologies, the authors identify potential challenges and outline technical and organizational approaches to solve them