PRIVATICS - 2019 - Annual activity report

PRIVATICS

PRIVATICS - 2019

Project-Team Privatics

Team, Visitors, External Collaborators

Overall Objectives

Context

Application Domains

Highlights of the Year

New Software and Platforms

New Results

Differential Inference Testing
Analyse des impacts de la reconnaissance faciale - Quelques éléments de méthode (in French)
Towards a generic framework for black-box explanation methods
A generic information and consent framework for the IoT
Analysis of privacy policies to enhance informed consent
Understanding algorithmic decision-making: Opportunities and challenges, Study for the European Parliament (STOA)
Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism
Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile
Privacy implications of switching ON a light bulb in the IoT world
Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data
Plausible Deniability for Practical Privacy-Preserving Live Streaming
Protecting motion sensor data against sensitive inferences through an adversarial network approach
Inria white book on Cybersecurity: Current challenges and Inria's research directions
Inspect what your location history reveals about you - Raising user awareness on privacy threats associated with disclosing his location data
Pseudonymisation techniques and best practices

Partnerships and Cooperations

Dissemination

Bibliography

Publications of the year

Previous |

Home | Next next

Section: New Results

Analysis of privacy policies to enhance informed consent

Participant : Daniel Le Métayer.

A privacy policy language must meet a number of requirements to be able to express the valid consent of the data subject for the processing of their personal data. For example, under the GDPR, valid consent must be freely given, specific, informed and unambiguous. Therefore, the language must be endowed with a formal semantics in order to avoid any ambiguity about the meaning of a privacy policy. However, the mere existence of a semantics does not imply that DSs properly understand the meaning of a policy and its potential consequences. One way to enhance the understanding of the data subjects is to provide them information about the potential risks related to a privacy policy. This is in line with Recital 39 of the GDPR which stipulates that data subjects should be “made aware of the risks, rules, safeguards and rights in relation to the processing of personal data and how to exercise their rights in relation to such processing”. To address this need, we have defined a language in [11], called PILOT, meeting these requirements and shown its benefits to define precise privacy policies and to highlight the associated privacy risks. In order to automatically answer questions related to privacy risks, we use the verification tool SPIN and the modeling language PROMELA. Risk properties are encoded in Linear Temporal Logic properties that can be automatically checked by SPIN.

Previous |

Home | Next next