Enhancing the Transparency of Personal Data Access through Semantic Web Technologies
Citation:Gachpaz Hamed, Roghaiyeh, Enhancing the Transparency of Personal Data Access through Semantic Web Technologies, Trinity College Dublin.School of Computer Science & Statistics, 2021
Nowadays, as the application of data-driven technologies and their influence in our lives grow exponentially, the amount of users information collected, stored, and exchanged increases accordingly. Therefore, it is practically impossible for individuals to keep track of all the traces of their information. Consequently, users have a concern about the protection of their personal data. On the other hand, if people make their data strictly private, it could be depriving them of all of the advantages and benefits of these online services and facilities. There is a tremendous advantage to users in sharing the right information with the right people in the right ways; scientists can use data unexpectedly and discover ground-breaking results that can cure diseases, predict disasters, improve human behaviour and facilitate their lives. Access control mechanisms alone have been proven ineffective at addressing modern privacy problems, and transparency plays a crucial role in enriching individuals with control over their data by providing them with sufficient knowledge regarding their personal data processing and helping them make well-informed decisions at the moment of data disclosure. Accordingly, worldwide data protection laws and regulations, such as the European General Data Protection Regulation (GDPR), explicitly include transparency rules to oblige data processing parties to reveal respective information to the data subjects. These obligations are typically fulfilled through respective transparency parts of written privacy policies. However, such privacy policies exhibit several shortcomings that severely limit their actual reception and comprehension on the side of data subjects: First of all, privacy policies are often long, complex, and written in legalese language, making it hard for data subjects to locate transparency-related information and understand them correctly. Second, different privacy policies employ different logical structures and vocabularies for factually similar statements, causing significant reading efforts for every new policy to be understood. These drawbacks lead to a state where privacy policies are not read anymore before using a particular service and consenting to a specific collection and use of personal data. Under such conditions, transparency statements increasingly degenerate into rather self-serving formal compliance exercises instead of supporting data subjects informed decisions and privacy-preserving conduct. This thesis introduces the conceptual design of a novel service, named eXplainable Personal Data Access (XPDA), to enhance the control of individuals over their personal data access by leveraging Semantic Web technologies. The service has adopted the best practice of the existing access control model to exploit context-awareness and policy specification. Meanwhile, the service enhances the transparency of the privacy rules implications on access decisions by revealing the data access, explaining its reason and representing all of this information in a way that individuals could understand. Finally, a prototypical implementation of this service on a motivating scenario in the health domain demonstrates its adequacy to fulfil all the above-mentioned design goals. In this research, a comprehensive user study is designed to evaluate the extent to which non-expert people can perceive the practical advantage of an explanation generated through the XPDA. The user study experiment deploys a quantitative approach to assess three well-agreed concepts of measurement for evaluating the interpretability of generated explanations. Experimental design for evaluating the usability of explanations and satisfaction of users adopts standard questionnaires and approaches. Moreover, a novel method is proposed to design the experiment to assess the understandability of the explanations considering different aspects of understanding. Finally, the impact of different evaluation factors is investigated through the statistical analysis of the results. The user study results show that the XPDA service can generate sufficiently usable explanations perceived with a high level of understanding and satisfaction for most participants. Therefore, the service proposed in this thesis can benefit data subjects to obtain their right to the protection of their personal data and allow them to avail their right to be informed about the collection and use of their personal data. Meanwhile, the research community can deploy and advance it in other domains, and data controllers and service providers could advance it for auditing and assessing personal data access.
Science Foundation Ireland (SFI)
Author: Gachpaz Hamed, Roghaiyeh
Publisher:Trinity College Dublin. School of Computer Science & Statistics. Discipline of Computer Science
Type of material:Thesis
Availability:Full text available