RESPECTeD
Förderjahr 2019 / Project Call #14 / ProjectID: 4625
Who we are? We are an international group of researchers, engineers & activists with a multidisciplinary background in computer science, law, social sciences and cognitive sciences who aim to contribute towards tackling one of the most significant issues of our time: Invasion of Personal Digital Privacy.
For whom is the project? Almost everyone on Internet: 1) end-users will finally have a mechanism to express their consent and tracking decisions in a manner, which not only is human-cetnric, user-friendly and easy-to-use, but also lawfully and technically enforceable; 2) service providers will be provided by a clearly defined technical mechanism and supporting codes to gain and respect user consents.
What is it? We tackle a wide range of privacy-related issues on internet, among others: providing consents on the Internet is a time and expertise-demanding task which cannot correctly be performed by most of the users, withdrawing consents is normally a sophisticated task, the existing anti-tracking mechanisms (e.g. W3C's Tracking Preference Expression - DNT) are not legally enforceable and are in many cases ignored by the service providers.
We aim to develop a mechanism to address these issues.
How does it work? Based on an extensive study of existing patterns of tracking, we develop a detailed standard mechanism for communicating users consent and tracking decisions via HTTP headers. A set of client-side and server-side software (e.g. web-browser plugins) support the legal enforcement of the expressed consents, e.g. by sending the required identifiers (e.g. cookies) or legally binding emails.
Summary
Projektteam
Projektergebnisse
This document is the final project report of the RESPECTeD project.
Several documents to support the developers are developed. This includes:
Readme on the ADPC specification github: https://github.com/Data-Protection-Control/ADPC
Readme on the browser-extension github: https://github.com/Data-Protection-Control/browser-extension
Readme on the website-helper-software github: https://github.com/Data-Protection-Control/website-helper-software
Webpage on our website, describing how the ADPC works: https://www.dataprotectioncontrol.org/about/
The FAQ page on our website: https://www.dataprotectioncontrol.org/faq_contact/
Furthermore, the ADPC specification itself including an easy-to-understand introduction and explains different functionalities to the developers in an accessible language throughout the specification: https://www.dataprotectioncontrol.org/adpc-spec/
Several documents and resources to support the users, NGOs, or non-technical experts to understand the basics of the ADPC were developed. This includes:
The ADPC website: https://www.dataprotectioncontrol.org
A video that describes the concept of the ADPC and how it works, that can be found on the first page of the ADPC website: https://www.dataprotectioncontrol.org
How does the ADPC work? https://www.dataprotectioncontrol.org/about/
The ADPC FAQ: https://www.dataprotectioncontrol.org/faq_contact/
The ADPC prototype webpage: https://www.dataprotectioncontrol.org/prototype/
This document provides a summary of the RESPECTeD project.
Title of the deliverable: A specification for communication of the end-users online privacy decisions
As a part of this project, we developed the Advanced Data Protection Control (ADPC) which is a novel mechanism for the communication of privacy and consenting data and decisions.
The technical specification is available here: https://github.com/Data-Protection-Control/ADPC
Title of the deliverable: A browser plugin which works based on the developed standard (PoC for the data subjects)
As a proof of concept, we developed a functional prototype that works based on the ADPC.
The code is available here: https://github.com/Data-Protection-Control/browser-extension
A demonstration can be found here: https://www.dataprotectioncontrol.org/prototype/
Title of the deliverable: A server side software (plugin) that works based on the developed standard (PoC for the data controllers)
To support an easier adoption of the ADPC by data controllers, we developed a functional prototype of a server-side software that can communicate privacy and consenting requests and decisions between the server and users' clients.
We have been continuously working on different publications regarding the ADPC. Among others, our paper on ``Data Protection and Consenting Communication Mechanisms: Current Open Proposals and Challenges'' which compares the ADPC and the GPC won the best paper presentation award of the 2022 International Workshop on Privacy Engineering (IWPE’22), Co-located with the 7th IEEE European Symposium on Security and Privacy (EuroS&P), in Genoa, Italy. A preprint can be found here: https://research.wu.ac.at/de/publications/data-protection-and-consenting-communication-mechanisms-current-o-4
This presentation won the best paper presentation award of the 2022 International Workshop on Privacy Engineering (IWPE’22), Co-located with the 7th IEEE European Symposium on Security and Privacy (EuroS&P), in Genoa, Italy.
