Regresar

Automated GDPR compliance assessment for cross-border personal data transfers in android applications

Abstract:

The General Data Protection Regulation (GDPR) aims to ensure that all personal data processing activities are fair and transparent for the European Union (EU) citizens, regardless of whether these are carried out within the EU or anywhere else. To this end, it sets strict requirements to transfer personal data outside the EU. However, checking these requirements is a daunting task for supervisory authorities, particularly in the mobile app domain due to the huge number of apps available and their dynamic nature. In this paper, we propose a fully automated method for assessing the compliance of Android apps with the GDPR requirements for cross-border personal data transfers. We have applied the method to 4593 apps from the Google Play Store discovering that nearly half of the ones sending personal data are potentially non-compliant with GDPR requirements. These results reveal that there is still a very significant gap between what app providers do in practice and what is intended by the GDPR.

Año de publicación:

2023

Keywords:

  • D.4.6 security and privacy protection
  • k.4.1.h transborder data flow
  • K.4.1.f privacy
  • K.4.1.g regulation
  • J.9 mobile applications

Fuente:

scopusscopus
googlegoogle

Tipo de documento:

Article

Estado:

Acceso abierto

Áreas de conocimiento:

  • Ingeniería de software
  • Ciencias de la computación

Áreas temáticas:

  • Ciencias de la computación

Contribuidores:

Such J.Such J.
del Álamo J.M.del Álamo J.M.
Danny S. GuamánDanny S. Guamán
Rodriguez D.Rodriguez D.