10 February 2020 - Rui Zhao Speaker Rui Zhao Title Machine-actionable models of data-use policies Abstract Nowadays, people face a challenge of data usage and data-use rules: on the one hand, people are aware that it might be a problem that their data (especially personal private data) are stored and processed by the companies; on the other hand, "I have read and understood the Privacy Policy / Terms & Conditions / EULA" is a generally known lie. Therefore, this becomes polarised: people seek strict laws or protest to prohibit data from being used, as they lack trust in the data processors; companies design excessive data-use policies to collect as much information as possible, as a way to protect themselves by saying "look, the user has given consent". We see this as a problem of information communication: the T&C/EULA are long and tedious and sometimes deliberately written in a hard-to-understand way, which makes people lose interest in reading. Therefore, we try to provide a method to model the data-use policies to improve this situation: the modelled data-use policies are computer-interpretable and actionable, so that software can reason about the compliance of rules given the data-flow graph. In this talk, I'll describe our model and the technologies it builds on, and then present our current progress, including an approach to logicalise it and the user-interviews conducted recently. Feb 10 2020 14.00 - 15.00 10 February 2020 - Rui Zhao Machine-actionable models of data-use policies G.03, IF
10 February 2020 - Rui Zhao Speaker Rui Zhao Title Machine-actionable models of data-use policies Abstract Nowadays, people face a challenge of data usage and data-use rules: on the one hand, people are aware that it might be a problem that their data (especially personal private data) are stored and processed by the companies; on the other hand, "I have read and understood the Privacy Policy / Terms & Conditions / EULA" is a generally known lie. Therefore, this becomes polarised: people seek strict laws or protest to prohibit data from being used, as they lack trust in the data processors; companies design excessive data-use policies to collect as much information as possible, as a way to protect themselves by saying "look, the user has given consent". We see this as a problem of information communication: the T&C/EULA are long and tedious and sometimes deliberately written in a hard-to-understand way, which makes people lose interest in reading. Therefore, we try to provide a method to model the data-use policies to improve this situation: the modelled data-use policies are computer-interpretable and actionable, so that software can reason about the compliance of rules given the data-flow graph. In this talk, I'll describe our model and the technologies it builds on, and then present our current progress, including an approach to logicalise it and the user-interviews conducted recently. Feb 10 2020 14.00 - 15.00 10 February 2020 - Rui Zhao Machine-actionable models of data-use policies G.03, IF
