Automating privacy decisions – where to draw the line?


Users are often overwhelmed by privacy decisions to manage their personal data, which can happen on the web, in mobile, and in IoT environments. These decisions can take various forms – such as decisions for setting privacy permissions or privacy preferences, decisions responding to consent requests, or to intervene and ‘‘reject’’ processing of one’s personal data –, and each can have different legal impacts. In all cases and for all types of decisions, scholars and industry have been proposing tools to better automate the process of privacy decisions at different levels, in order to enhance usability. We provide in this paper an overview of the main challenges raised by the automation of privacy decisions, together with a classification scheme of the existing and envisioned work and proposals addressing automation of privacy decisions.

International Workshop on Privacy Engineering – IWPE'23