The Way to Optimize the Right to Personal Data Portability in Chinese Practice——Based on Empirical Analysis of the Privacy Policies of 66 Mobile Apps

Although the existing legal norms and judicial practic-es can provide basic guidance for the right to personal data portabili-ty, it can be concluded that there are obstacles to the realization of this right through empirical research of the privacy policies of 66 mobile apps, such as whether they have stipulations on the right to personal data portability, whether they are able to derive copies of personal in-formation automatically, whether there are textual examples, whether ID verification is required, whether the copied documents are encrypt-ed, and whether the scope of personal information involved is consis-tent. This gap in practice, on the one hand, reflects the misunderstand-ing of the right to personal data portability, and on the other hand, is a result of the negative externalities, practical costs and technical lim-itations of the right to personal data portability. Based on rethinking the right to data portability, we can somehow solve practical problems concerning the right to personal data portability through multiple measures such as promoting the fulfillment of this right by legislation, optimizing technology-oriented operations, refining response process mechanisms, and enhancing system interoperability.

A GDPR Compliant Approach to Assign Risk Levels to Privacy Policies

Data privacy laws require service providers to inform their customers on how user data is gathered,used,protected,and shared.The General Data ProtectionRegulation(GDPR)is a legal framework that provides guidelines for collecting and processing personal information from individuals.Service providers use privacy policies to outline the ways an organization captures,retains,analyzes,and shares customers’data with other parties.These policies are complex and written using legal jargon;therefore,users rarely read them before accepting them.There exist a number of approaches to automating the task of summarizing privacy policies and assigning risk levels.Most of the existing approaches are not GDPR compliant and use manual annotation/labeling of the privacy text to assign risk level,which is time-consuming and costly.We present a framework that helps users see not only data practice policy compliance with GDPR but also the risk levels to privacy associated with accepting that policy.The main contribution of our approach is eliminating the overhead cost of manual annotation by using the most frequent words in each category to create word-bags,which are used with Regular Expressions and Pointwise Mutual Information scores to assign risk levels that comply with the GDPR guidelines for data protection.We have also developed a web-based application to graphically display risk level reports for any given online privacy policy.Results show that our approach is not only consistent with GDPR but performs better than existing approaches by successfully assigning risk levels with 95.1%accuracy after assigning data practice categories with an accuracy rate of 79%.

Personalized Privacy Protecting Model in Mobile Social Network

With the rapid development of the new generation of information technology,the analysis of mobile social network big data is getting deeper and deeper.At the same time,the risk of privacy disclosure in social network is also very obvious.In this paper,we summarize the main access control model in mobile social network,analyze their contribution and point out their disadvantages.On this basis,a practical privacy policy is defined through authorization model supporting personalized privacy preferences.Experiments have been conducted on synthetic data sets.The result shows that the proposed privacy protecting model could improve the security of the mobile social network while keeping high execution efficiency.

A user requirements-oriented privacy policy self-adaption scheme in cloud computing

In an ever-changing environment,Software as a Service(SaaS)can rarely protect users'privacy.Being able to manage and control the privacy is therefore an important goal for SaaS.Once the participant of composite service is substituted,it is unclear whether the composite service satisfy user privacy requirement or not.In this paper,we propose a privacy policies automatic update method to enhance user privacy when a service participant change in the composite service.Firstly,we model the privacy policies and service variation rules.Secondly,according to the service variation rules,the privacy policies are automatically generated through the negotiation between user and service composer.Thirdly,we prove the feasibility and applicability of our method with the experiments.When the service quantity is 50,ratio that the services variations are successfully checked by monitor is 81%.Moreover,ratio that the privacy policies are correctly updated is 93.6%.

APPCorp:a corpus for Android privacy policy document structure analysis

With the increasing popularity of mobile devices and the wide adoption of mobile Apps,an increasing concern of privacy issues is raised.Privacy policy is identified as a proper medium to indicate the legal terms,such as the general data protection regulation(GDPR),and to bind legal agreement between service providers and users.However,privacy policies are usually long and vague for end users to read and understand.It is thus important to be able to automatically analyze the document structures of privacy policies to assist user understanding.In this work we create a manually labelled corpus containing 231 privacy policies(of more than 566,000 words and 7,748 annotated paragraphs).We benchmark our data corpus with 3 document classification models and achieve more than 82%on F1-score.