Privacy in the Future of Integrated Health Care Services – Are Privacy Languages the Key?

Abstract

In out data-driven society more and more personal and sensitive data is processed and stored making it virtually impossible for end-users to comprehend what happens to their data. Although in health care strict regulations for the processing of personal data already existed, the General Data Protection Regulation (GDPR) provides a EU-wide regulation. Despite these regulations, it still exists a lack of transparency due to high complexity and missing details of privacy policies. The lack of transparency increases when various services are integrated sharing their data and forming virtual data marketplaces with various stakeholders. We argue for the strategic usage of privacy languages, i.e. the Layered Privacy Language (LPL), to formalize and present privacy policies transparently to users, enable consent management, and personalization of privacy requirements. Therefore, LPL policies are intended to fill the gap between the statement of privacy and its realization. Although LPL has been designed with the requirements of privacy policies considering GDPR, real-life privacy policies are required to be expressible with its vocabulary. Therefore, LPL will be validated against a meaningful real-life privacy policy example, that can reflect the future of integrated health care services to demonstrate capabilities, compliance and limitations of privacy languages.