Review on recent privacy policy languages

1. Privacy Languages: Are we there yet
to enable user controls?
Jun Zhao, Reuben Binns, Max Van
Kleek and Nigel Shadbolt
Personal Data and Privacy Lab
Department of Computer Science
University of Oxford
Dominic Difranzo
ECS, Faculty of Physical
Sciences and Engineering
University of Southampton

2. Outline
● Motivation
● Methodology
● Preliminary results
● Future work

3. Motivation
Personal data is one of the most valuable commodities
● The revenue of digital advertising in the EU in 2014 is estimated to be
€30.7bn1
However,
● Users have limited knowledge about how their data are used
● Users have no control of how they expect their data to be used
1. Interactive Advertising Bureau AdEx Benchmark research, http://www.iabuk.net/about/press/archive/eu-online-advertising-reaches-landmark-307bn

4. Tracking is ubiquitous
● There is 99.5% chance
that a user will become
tracked by all top 10
trackers within 30 clicks
on top search results.
(Gomer et al 2013)
● Users have little
awareness and control
https://www.mozilla.org/en-US/lightbeam/
http://research.microsoft.com/apps/pubs/default.aspx?
id=201586

5. Beyond the web
Web browsing is just part of a wider sphere of potential privacy harms, including:
- Employment
- Health
- Finance
- Consumer spending
How can people express their wishes about the use of their personal data in these
domains?

6. An example scenario: sharing of medical data
Users
- Want controls
E.g, no commercial use
- Limited time + capacity
to read and process
notifications
Information controller
- Show commitment
E.g research purpose only
- Act according to socially
and/or legally binding
agreements

7. Existing privacy enhancement approaches
● Organisation-centric approaches
○ Structured privacy policy from information controllers, like P3P
(https://www.w3.org/P3P/)
○ Standardisation effort: Do Not Track, and P3P
● User-centric approaches
○ More usable privacy notifications, like privacy nutrition labels
○ Browser plug-in developments, e.g. Mozilla Privacy Icons,
ToS;DR
○ Privacy preference languages
Credit of privacy nutrition label to: https://cups.cs.cmu.edu/privacyLabel/files/CHI-privacyFinal2010

8. Users remain the weak points
Users
Control remains a weak
point
- A lot of past efforts
- But little uptake
- Why?
Information controller
- Show commitment
- Act on social and legal
binding

9. Our privacy language review
Privacy languages
● A declarative language for specifying both users’ privacy preferences and information
controllers’ privacy policies in a machine-readable way+
Existing reviews
● Kumaraguru et al 2007 and Kolter 2009: focused on the purpose of languages only
● Belanger and Crossler 2011: a review of privacy in Management Information Systems
● Kasem-Madani and Meier 2015: more focus on security
Our goal
● A user-centric review: focusing on the support for users, instead of organisations
● Gaining insights on design a user-centric language that is easy-to-use
+
Becker et al. Practical Generic Privacy Language. Information Systems Security. Springer Berlin Heidelberg, 2010. 125-139.

10. Methodology of the review
● 18 privacy languages from existing review literature
● Limited to academic efforts
● Eliminated those languages that describe access control only
● 10 languages in the review
● Assessment through 3 dimensions
○ Their design purpose
○ Their user-facing tooling support
○ Their consideration of interoperability

11. Preliminary results

12. Purpose of the languages

13. Purpose of the languages
● More emphasis on information controllers (i.e. through policy
languages), than users (i.e. through preference languages)
● Some preference languages are too simple, and with limited
expressivity
● Other preference languages are way too complicated to be used by
end users
● Nothing we can use off-the-shelf

14. Tooling support
● Motivation
○ Easy-to-use user facing tool is critical for adoptions of any proposed languages
○ Been shown as a critical barrier to the adoptions of standards like P3P
● Observations
○ Very few languages come with a user-facing tool (3 out of 10)
○ Very limited usability studies (except one tool) to ensure that these tools are
truly usable for the end users
●

15. Interoperability
● Motivation
○ Privacy is a ubiquitous issue, given the fast
development of mobile devices and IoTs
○ Privacy languages from different devices, users and
platforms must be interchangeable
● Observations
○ Pros: Languages are defined in standard formats,
like XML or RDF
○ Cons: standardisation efforts (like P3P) have failed,
with the lack of social agreements and legal
enforcements

16. Reflections
● Strengths
○ Extensive understanding on privacy scenarios and challenges
● Weaknesses
○ Existing languages are either too complicated for normal web users or too
simplistic to cope with the diverse requirements
○ Limited tooling development for end users

17. Future work
● A first-step towards user-centric privacy ---
enabling users to gain control
● Easy-to-use privacy preference language
● Easy-to-use user-facing tools
● Tracking breakage of terms on a
decentralised Web (of Things)

18. Thank you!