Abstract
Transparency – the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred – is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.
Original language | English |
---|---|
Title of host publication | 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) |
Publisher | IEEE |
Pages | 312-319 |
Number of pages | 8 |
ISBN (Print) | 978-1-6654-1013-7 |
DOIs | |
Publication status | Published - 10 Sept 2021 |
Event | 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) - Vienna, Austria Duration: 6 Sept 2021 → 10 Sept 2021 |
Conference
Conference | 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) |
---|---|
Period | 6/09/21 → 10/09/21 |
Fields of Science and Technology Classification 2012
- 102 Computer Sciences
- 505 Law