TY - JOUR
T1 - Complying with privacy legislation
T2 - from legal text to implementation of privacy-aware location-based services
AU - Ataei, Mehrnaz
AU - Degbelo, Auriol
AU - Kray, Christian
AU - Santos, Vitor
N1 - Ataei, M., Degbelo, A., Kray, C., & Santos, V. (2018). Complying with privacy legislation: from legal text to implementation of privacy-aware location-based services. ISPRS International Journal of Geo-Information, 7(11), [442]. DOI: 10.3390/ijgi7110442
PY - 2018/11/1
Y1 - 2018/11/1
N2 - An individual’s location data is very sensitive geoinformation. While its disclosure is necessary, e.g., to provide location-based services (LBS), it also facilitates deep insights into the lives of LBS users as well as various attacks on these users. Location privacy threats can be mitigated through privacy regulations such as the General Data Protection Regulation (GDPR), which was introduced recently and harmonises data privacy laws across Europe. While the GDPR is meant to protect users’ privacy, the main problem is that it does not provide explicit guidelines for designers and developers about how to build systems that comply with it. In order to bridge this gap, we systematically analysed the legal text, carried out expert interviews, and ran a nine-week-long take-home study with four developers. We particularly focused on user-facing issues, as these have received little attention compared to technical issues. Our main contributions are a list of aspects from the legal text of the GDPR that can be tackled at the user interface level and a set of guidelines on how to realise this. Our results can help service providers, designers and developers of applications dealing with location information from human users to comply with the GDPR.
AB - An individual’s location data is very sensitive geoinformation. While its disclosure is necessary, e.g., to provide location-based services (LBS), it also facilitates deep insights into the lives of LBS users as well as various attacks on these users. Location privacy threats can be mitigated through privacy regulations such as the General Data Protection Regulation (GDPR), which was introduced recently and harmonises data privacy laws across Europe. While the GDPR is meant to protect users’ privacy, the main problem is that it does not provide explicit guidelines for designers and developers about how to build systems that comply with it. In order to bridge this gap, we systematically analysed the legal text, carried out expert interviews, and ran a nine-week-long take-home study with four developers. We particularly focused on user-facing issues, as these have received little attention compared to technical issues. Our main contributions are a list of aspects from the legal text of the GDPR that can be tackled at the user interface level and a set of guidelines on how to realise this. Our results can help service providers, designers and developers of applications dealing with location information from human users to comply with the GDPR.
KW - General data protection regulation (GDPR)
KW - Geographical information
KW - Geoprivacy
KW - Location privacy
KW - Location-based services
KW - Privacy-aware systems
UR - http://www.scopus.com/inward/record.url?scp=85058030581&partnerID=8YFLogxK
UR - http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcAuth=Alerting&SrcApp=Alerting&DestApp=WOS_CPL&DestLinkType=FullRecord&UT=WOS:000451313900029
U2 - 10.3390/ijgi7110442
DO - 10.3390/ijgi7110442
M3 - Article
AN - SCOPUS:85058030581
SN - 2220-9964
VL - 7
JO - ISPRS International Journal of Geo-Information
JF - ISPRS International Journal of Geo-Information
IS - 11
M1 - 442
ER -