ArXiv Preprint
Informed consent has become increasingly salient for data privacy and its
regulation. Entities from governments to for-profit companies have addressed
concerns about data privacy with policies that enumerate the conditions for
personal data storage and transfer. However, increased enumeration of and
transparency in data privacy policies has not improved end-users' comprehension
of how their data might be used: not only are privacy policies written in legal
language that users may struggle to understand, but elements of these policies
may compose in such a way that the consequences of the policy are not
immediately apparent.
We present a framework that uses Answer Set Programming (ASP) -- a type of
logic programming -- to formalize privacy policies. Privacy policies thus
become constraints on a narrative planning space, allowing end-users to
forward-simulate possible consequences of the policy in terms of actors having
roles and taking actions in a domain. We demonstrate through the example of the
Health Insurance Portability and Accountability Act (HIPAA) how to use the
system in various ways, including asking questions about possibilities and
identifying which clauses of the law are broken by a given sequence of events.
Chinmaya Dabral, Emma Tosch, Chris Martens
2022-12-13
