RESPECTeD
Really Enforceable Solution to Protect End-users Consent & Tracking Decisions

RESPECTeD

Förderjahr 2019 / Project Call #14 / ProjectID: 4625

Who we are? We are an international group of researchers, engineers & activists with a multidisciplinary background in computer science, law, social sciences and cognitive sciences who aim to contribute towards tackling one of the most significant issues of our time: Invasion of Personal Digital Privacy.

For whom is the project? Almost everyone on Internet: 1) end-users will finally have a mechanism to express their consent and tracking decisions in a manner, which not only is human-cetnric, user-friendly and easy-to-use, but also lawfully and technically enforceable; 2) service providers will be provided by a clearly defined technical mechanism and supporting codes to gain and respect user consents.

What is it? We tackle a wide range of privacy-related issues on internet, among others: providing consents on the Internet is a time and expertise-demanding task which cannot correctly be performed by most of the users, withdrawing consents is normally a sophisticated task, the existing anti-tracking mechanisms (e.g. W3C's Tracking Preference Expression - DNT) are not legally enforceable and are in many cases ignored by the service providers.

We aim to develop a mechanism to address these issues.

How does it work? Based on an extensive study of existing patterns of tracking, we develop a detailed standard mechanism for communicating users consent and tracking decisions via HTTP headers. A set of client-side and server-side software (e.g. web-browser plugins) support the legal enforcement of the expressed consents, e.g. by sending the required identifiers (e.g. cookies) or legally binding emails.

Projektteam

Projektergebnisse

Endbericht CC-BY-SA

This document is the final project report of the RESPECTeD project.

Entwicklerdoku CC-BY-SA

Several documents to support the developers are developed. This includes:

Readme on the ADPC specification github: https://github.com/Data-Protection-Control/ADPC

Readme on the browser-extension github: https://github.com/Data-Protection-Control/browser-extension

Readme on the website-helper-software github: https://github.com/Data-Protection-Control/website-helper-software

Webpage on our website, describing how the ADPC works: https://www.dataprotectioncontrol.org/about/

The FAQ page on our website: https://www.dataprotectioncontrol.org/faq_contact/

Furthermore, the ADPC specification itself including an easy-to-understand introduction and explains different functionalities to the developers in an accessible language throughout the specification: https://www.dataprotectioncontrol.org/adpc-spec/

Anwenderdoku CC-BY-SA

Several documents and resources to support the users, NGOs, or non-technical experts to understand the basics of the ADPC were developed. This includes:

The ADPC website: https://www.dataprotectioncontrol.org

A video that describes the concept of the ADPC and how it works, that can be found on the first page of the ADPC website: https://www.dataprotectioncontrol.org

How does the ADPC work? https://www.dataprotectioncontrol.org/about/

The ADPC FAQ: https://www.dataprotectioncontrol.org/faq_contact/

The ADPC prototype webpage: https://www.dataprotectioncontrol.org/prototype/

Summary CC-BY-SA

This document provides a summary of the RESPECTeD project.

Code Mozilla Public License 2.0

Title of the deliverable: A specification for communication of the end-users online privacy decisions

As a part of this project, we developed the Advanced Data Protection Control (ADPC) which is a novel mechanism for the communication of privacy and consenting data and decisions.

The technical specification is available here: https://github.com/Data-Protection-Control/ADPC

Code Mozilla Public License 2.0

Title of the deliverable: A browser plugin which works based on the developed standard (PoC for the data subjects)

As a proof of concept, we developed a functional prototype that works based on the ADPC.

The code is available here: https://github.com/Data-Protection-Control/browser-extension

A demonstration can be found here: https://www.dataprotectioncontrol.org/prototype/

Code Mozilla Public License 2.0

Title of the deliverable: A server side software (plugin) that works based on the developed standard (PoC for the data controllers)

To support an easier adoption of the ADPC by data controllers, we developed a functional prototype of a server-side software that can communicate privacy and consenting requests and decisions between the server and users' clients.

Veröffentlichung CC-BY-SA

We have been continuously working on different publications regarding the ADPC. Among others, our paper on ``Data Protection and Consenting Communication Mechanisms: Current Open Proposals and Challenges'' which compares the ADPC and the GPC won the best paper presentation award of the 2022 International Workshop on Privacy Engineering (IWPE’22), Co-located with the 7th IEEE European Symposium on Security and Privacy (EuroS&P), in Genoa, Italy. A preprint can be found here: https://research.wu.ac.at/de/publications/data-protection-and-consenting-communication-mechanisms-current-o-4

Präsentation CC-BY-NC

This presentation won the best paper presentation award of the 2022 International Workshop on Privacy Engineering (IWPE’22), Co-located with the 7th IEEE European Symposium on Security and Privacy (EuroS&P), in Genoa, Italy.