Victor Morel, a member of the Privatics team at Inria, will give a talk his work on studying the different means of expression for privacy policies. Details below.
Victor Morel, PhD, Inria.
SoK: Three Facets of Privacy Policies
Privacy policies are the main way to obtain information related to personal data collection and processing. Originally, privacy policies were presented as textual documents. However, the unsuitability of this format for the needs of today’s society gave birth to other means of expression. In this paper, we systematically study the different means of expression of privacy policies. In doing so, we have explored the three main categories, which we call facets, i.e., natural language, graphical and machine-readable privacy policies. Each of these facets focuses on the particular needs of the communities they come from, i.e., law experts, organizations and privacy advocates, and academics, respectively. We then analyze the benefits and limitations of each facet, and explain why solutions based on a single facet do not cover the needs of other communities. Finally, we set guidelines and discuss challenges of an approach to expressing privacy policies which brings together the benefits of each facet as an attempt to overcome their limitations.
This work has been published as a systemization of knowledge (SoK: Three Facets of Privacy Policies) at the Workshop on Privacy in the Electronic Society WPES 2020 (colocated with CCS).