Search papers, labs, and topics across Lattice.
The paper introduces APLiance, a novel Attribute-Based Access Control (ABAC) framework, to efficiently check organizational privacy policies against legal requirements. It models privacy law sections as ABAC rules and policy clauses as implied access requests, deeming a policy compliant if the requests are permitted by the rules. The effectiveness of APLiance is demonstrated in the context of India's Digital Personal Data Protection Act, with a browser plugin developed for real-time compliance checking.
Stop guessing if your privacy policy complies with the law: APLiance offers a formal, ABAC-based verification framework and a browser plugin to check compliance in real-time.
In recent years, many countries have started enacting laws to safeguard privacy of personal data of their citizens collected and maintained by various enterprises through websites, mobile apps, and other means. It is imperative that the privacy policies of these enterprises respect the provisions of the applicable law. In this paper, we show how such organizational privacy policies can be efficiently checked against a prevalent law. Our novel approach named APLiance (\underline{A}BAC framework for \underline{P}olicy-\underline{L}aw Compl\underline{iance}) models the requirements of the different sections of a privacy law in the form of Attribute-based Access Control (ABAC) rules and the clauses of a privacy policy as a sequence of implied access requests. A policy is considered to be compliant with the law if these access requests are permitted by the corresponding ABAC rules. Although APLiance can be used in any policy-law setting, we demonstrate its effectiveness in the context of the recently introduced Digital Personal Data Protection Act of India. A browser plugin has been developed and publicly released for real time compliance checking using APLiance whenever a user visits the privacy policy page of a website.