As a result of the progressive digitalization and the companion simplification of transformation, administration, evaluation and transmission of data, the data privacy becomes increasingly relevant. New risks, abuse possibilities and consequently more challenges, in context with the protection of personal data, arise. To meet this changes the compulsory regulations for the companies have to be adapted to the changing conditions.
As a result, on the 27th of April 2016 the General Data Protection Regulation (GDPR) came into effect. It regulates the data protection and privacy for all companies operating in the European Union. Every private company and public places had two years time to implement this rules. In case of violation, fines up to 20 milion euro or 4% of the worldwide annual turnover of the previous financial year, depending which sum is greater, can be imposed. This fact emphasizes the importance of this regulation.
In order to fullfil the GDPR, companies need to publish their respective privacy policies. Unfortunately, privacy policies tend to be very complicated while hampering the understandability. This research aims to support end consumers in understanding privacy policies, but also the issuing company. Therefore, we want to investigate into the compliance of privacy policies.
The goal of this project is a software tool, which is able to analyze privacy policies on a semantic level. At the first stage, the different dimension required by GDPR, such as including the data subject rights, are checked. This provides already a first indiciation, whether a privacy policy fulfills all legal requirements. The second stage of this project will then investigate in the specific dimensions, to ensure that all relevant information is provided. For example, it will be checked if all data subject rights are explained.