Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.6.1477

A Study on the Methods for Ensuring the Transparency of the Privacy Policies in Android Environment: Based on General Data Protection Regulation  

Paek, Inju (Graduate School of Information Security, Korea University)
Oh, Junhyoung (Graduate School of Information Security, Korea University)
Lee, Kyung-ho (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.6, 2019 , pp. 1477-1489 More about this Journal
Abstract
In this study, we analyzed the privacy policies of 50 Android applications that are on the top chart in EU members to present the methods for enhancing transparency based on GDPR (General Data Protection Regulation). Based on the guidelines in relation to transparency stipulated in WP29, this study extracted factors of transparency in order to ensure transparency of privacy data processing and carried out the verification procedures for each factor. The results revealed that the privacy policies provided in Google Play Store and applications need to be matched, the descriptions of the privacy policies need to be written in clear and plain language for readers to understand easily. and that it is necessary to provide information quickly and improve the descriptions of information which the data controller discloses. The research findings of this study could be used as a preliminary data for proactive responses to the EU's GDPR by substantially complying with the transparency of GDPR.
Keywords
privacy policy; transparency; security; GDPR; Android application;
Citations & Related Records
연도 인용수 순위
  • Reference
1 statcounter, https://gs.statcounter.com/os-market-share/mobile/worldwide, 2019
2 Son, Young Hoa and SooJin Son, "Korean Companies' Response to the EU General Data Protection Regulations (GDPR)," The Journal of Comparative Private Law, 26(1), pp. 413-452, 2019.
3 Noyb, Plainte au titre de l'article 77(1) du RGPD, https://noyb.eu/4complaints, 2019
4 CNIL, "The CNIL's restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC", 2019.
5 General Data Protection Regulation, Regulation (2016) 2016/679 of the European Parliament and of the Council, Regulation (EU) (2016, 679)
6 Choi, Hanbyul, Jonghwa Park, and Yoonhyuk Jung. "The role of privacy fatigue in online privacy behavior," Computers in Human Behavior, vol.81, pp. 42-51, 2018.   DOI
7 Tesfay, Welderufael B., et al. "Privacy Guide: towards an implementation of the EU GDPR on internet privacy policy evaluation," Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics. ACM, 2018.
8 WP29. Guidelines on transparency under Regulation 2016/679, December 2017.
9 Oltramari, Alessandro, et al. "PrivOnto: A semantic framework for the analysis of privacy policies," Semantic Web, vol.9, no.2, pp. 185-203, 2018.   DOI
10 Tesfay, Welderufael B., et al. "Privacy Guide: towards an implementation of the EU GDPR on internet privacy policy evaluation," Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics. ACM, 2018.
11 Liu, Fei, Nicole Lee Fella, and Kexin Liao. "Modeling language vagueness in privacy policies using deep neural networks," 2016 AAAI Fall Symposium Series, 2016.
12 Lee, Goo Yeon, Bang, Jun Il, Cha, Kyung Jin and Kim Hwa Jong, "GDPR Compliant Consent Procedure for Personal Information Collection in the IoT Environment," Journal of Korean Institute Of Information Technology, 17(5), pp. 129-136, 2019.   DOI
13 Bhatia and Jaspreet, "Ambiguity in Privacy Policies and Perceived Privacy Risk," Diss. figshare, 2019.
14 Mohan, Jayashree, Melissa Wasserman, and Vijay Chidambaram. "Analyzing gdpr compliance through the lens of privacy policy," arXiv preprint arXiv, 2019.
15 Singh, Ravi Inder, Manasa Sumeeth, and James Miller. "Evaluating the readability of privacy policies in mobile environments," International Journal of Mobile Human Computer Interaction (IJMHCI, vol.3, no.1, pp. 55-78, 2011.   DOI
16 Yu, Le, et al. "Autoppg: Towards automatic generation of privacy policy for android applications," Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2015.
17 Reidenberg, Joel R., et al. "Ambiguity in Privacy Policies and the Impact of Regulation," The Journal of Legal Studies, vol.45, no.S2, 2016.
18 Papageorgiou, Achilleas, et al. "Security and privacy analysis of mobile health applications: the alarming state of practice," IEEE Access, vol.6, pp. 9390-9403, 2018.   DOI
19 Mangset and Peder Lind, "Analysis of Mobile Application's Compliance with the General Data Protection Regulation (GDPR)," MS thesis. NTNU, 2018.
20 KISA, https://www.kisa.or.kr/business/gdpr/gdpr_tab1.jsp
21 Schaub, Florian, Rebecca Balebako, and Lorrie Faith Cranor. "Designing effective privacy notices and controls," IEEE Internet Computing, 2017.
22 Spache and George, "A new readability formula for primary-grade reading materials," The Elementary School Journal, 53.7, pp. 410-413, 1953.   DOI
23 Kincaid, J. Peter, et al. "Derivation of new readability formulas (automated readability index, fog count and flesch reading ease formula) for navyenlisted personnel," 1975.
24 Milne, George R, Mary J. Culnan, and Henry Greene. "A longitudinal assessment of online privacy notice readability," Journal of Public Policy & Marketing, vol.25, no.2, pp. 238-249, 2006.   DOI
25 Kummer, Michael, and Patrick Schulte, "When private information settles the bill: Money and privacy in Google's market for smartphone applications." Management Science, 2019.
26 appannie.com, https://www.appannie.com/kr/, 2019
27 Simon and Jean Paul, "How Europe missed the mobile wave." vol.18, no.4, pp. 12-32, 2016   DOI