{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T10:20:50Z","timestamp":1779358850977,"version":"3.51.4"},"reference-count":54,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,1,31]],"date-time":"2023-01-31T00:00:00Z","timestamp":1675123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2023,1,31]]},"abstract":"<jats:p>Advances in personalization of digital services are driven by low-cost data collection and processing, in addition to the wide variety of third-party frameworks for authentication, storage, and marketing. New privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, increasingly require organizations to explicitly state their data practices in privacy policies. When data practices change, a new version of the policy is released. This can occur a few times a year, when data collection or processing requirements are rapidly changing. Consent evolution raises specific challenges to ensuring GDPR compliance. We propose a formal consent framework to support organizations, data users, and data subjects in their understanding of policy evolution under a consent regime that supports both the retroactive and non-retroactive granting and withdrawal of consent. The contributions include (i) a formal framework to reason about data collection and access under multiple consent granting and revocation scenarios, (ii) a scripting language that implements the consent framework for encoding and executing different scenarios, (iii) five consent evolution use cases that illustrate how organizations would evolve their policies using this framework, and (iv) a scalability evaluation of the reasoning framework. The framework models are used to verify when user consent prevents or detects unauthorized data collection and access. The framework can be integrated into a runtime architecture to monitor policy violations as data practices evolve in real time. The framework was evaluated using the five use cases and a simulation to measure the framework scalability. The simulation results show that the approach is computationally scalable for use in runtime consent monitoring under a standard model of data collection and access and practice and policy evolution.<\/jats:p>","DOI":"10.1145\/3490754","type":"journal-article","created":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T12:37:26Z","timestamp":1656506246000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Consent Verification Monitoring"],"prefix":"10.1145","volume":"32","author":[{"given":"Marco","family":"Robol","sequence":"first","affiliation":[{"name":"DISI, University of Trento, Trento, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Travis D.","family":"Breaux","sequence":"additional","affiliation":[{"name":"Institute of Software Research, Carnegie Mellon University, Pittsburgh, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elda","family":"Paja","sequence":"additional","affiliation":[{"name":"Computer Science Department, IT University of Copenhagen, Copenhagen, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paolo","family":"Giorgini","sequence":"additional","affiliation":[{"name":"DISI, University of Trento, Trento, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,2,22]]},"reference":[{"key":"e_1_3_2_2_2","volume-title":"Proceedings of the 1st ACM Conference on Electronic Commerce","author":"Ackerman M. S.","year":"1999","unstructured":"M. S. Ackerman, L. F. Cranor, and J. Reagle. 1999. Privacy in e-commerce: Examining user scenarios and privacy preferences. In Proceedings of the 1st ACM Conference on Electronic Commerce. ACM."},{"key":"e_1_3_2_3_2","doi-asserted-by":"crossref","first-page":"6221","DOI":"10.1126\/science.aaa1465","article-title":"Privacy and human behavior in the age of information","volume":"347","author":"Acquisti A.","year":"2015","unstructured":"A. Acquisti, L. Brandimarte, and G. Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (2015), 509\u2013514.","journal-title":"Science"},{"issue":"11","key":"e_1_3_2_4_2","doi-asserted-by":"crossref","first-page":"832","DOI":"10.1145\/182.358434","article-title":"Maintaining knowledge about temporal intervals","volume":"26","author":"Allen J. F.","year":"1983","unstructured":"J. F. Allen. 1983. Maintaining knowledge about temporal intervals. Commun. ACM 26, 11 (1983), 832\u2013843.","journal-title":"Commun. ACM"},{"key":"e_1_3_2_5_2","doi-asserted-by":"crossref","first-page":"363","DOI":"10.1509\/jmkr.37.3.363.18779","article-title":"Internet recommender systems","volume":"37","author":"Ansari A.","year":"2000","unstructured":"A. Ansari, S. Essegaier, and R. Kohli. 2000. Internet recommender systems. J. Market. Res. 37 (2000), 363\u2013375.","journal-title":"J. Market. Res."},{"key":"e_1_3_2_6_2","first-page":"20","volume-title":"Proceedings of the 13th ACM International Conference on Pervasive Technologies Related to Assistive Environments","author":"Appenzeller A.","year":"2020","unstructured":"A. Appenzeller, E. Rode, E. Krempel, and J. Beyerer. 2020. Enabling data sovereignty for patients through digital consent enforcement. In Proceedings of the 13th ACM International Conference on Pervasive Technologies Related to Assistive Environments (2020), 20."},{"key":"e_1_3_2_7_2","first-page":"681","volume-title":"Proceedings of the European Symposium on Research in Computer Security (ESORICS\u201919), Lecture Notes in Computer Science","volume":"11735","author":"Arfelt E.","year":"2019","unstructured":"E. Arfelt, D. Basin, and S. Debois. 2019. Monitoring the GDPR. In Proceedings of the European Symposium on Research in Computer Security (ESORICS\u201919), Lecture Notes in Computer Science, Vol. 11735, 681\u2013699."},{"issue":"1","key":"e_1_3_2_8_2","first-page":"171","article-title":"A survey of temporal extensions of description logic","volume":"30","author":"Artale A.","year":"2000","unstructured":"A. Artale and E. Franconi. 2000. A survey of temporal extensions of description logic. Ann. Math AI 30, (1-4) (2000), 171\u2013210.","journal-title":"Ann. Math AI"},{"key":"e_1_3_2_9_2","first-page":"1417","article-title":"Tractable interval temporal propositional and description logics","author":"Artale A.","year":"2015","unstructured":"A. Artale, R. Kontchakov, V. Ryzhivok, and M. Zakharyaschev. 2015. Tractable interval temporal propositional and description logics. In Proceedings of 29th AAAI Conference on Artificial Intelligence, 1417\u20131423.","journal-title":"Proceedings of 29th AAAI Conference on Artificial Intelligence"},{"key":"e_1_3_2_10_2","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1007\/978-3-319-66167-4_4","volume-title":"Proceedings of International Symposium on Frontiers of Combining Systems","author":"Baader F.","year":"2017","unstructured":"F. Baader, S. Borgwardt, P. Koopmann, A. Ozaki, and V. Thost. 2017. Metric temporal description logics with interval-rigid names. In Proceedings of International Symposium on Frontiers of Combining Systems, 60\u201376."},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-540-24750-0_1","volume-title":"Handbook on Ontologies","author":"Baader F.","year":"2004","unstructured":"F. Baader, I. Horrocks, and U. Sattler. 2004. Description logics. In Handbook on Ontologies. Springer, 3\u201328."},{"key":"e_1_3_2_12_2","first-page":"133","article-title":"Developing GDPR compliant user data policies for internet of things","author":"Barati M.","year":"2019","unstructured":"M. Barati, I. Petri, and O. F. Rana. 2019. Developing GDPR compliant user data policies for internet of things. In Proceedings of 12th IEEE\/ACM International Conference on Utility and Cloud Computing, 133\u2013141.","journal-title":"Proceedings of 12th IEEE\/ACM International Conference on Utility and Cloud Computing"},{"key":"e_1_3_2_13_2","first-page":"184","volume-title":"Proceedings of IEEE Symposium on Security & Privacy","author":"Barth A.","year":"2006","unstructured":"A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. 2006. Privacy and contextual integrity. In Proceedings of IEEE Symposium on Security & Privacy, 184\u2013198."},{"key":"e_1_3_2_14_2","volume-title":"Data Mining Techniques: For Marketing, Sales, and Customer Relationship Management","author":"Berry M.","year":"1997","unstructured":"M. Berry and G. Linoff. 1997. Data Mining Techniques: For Marketing, Sales, and Customer Relationship Management. Wiley, New York, NY."},{"issue":"6","key":"e_1_3_2_15_2","first-page":"34:1\u201334:47","article-title":"Empirical measurement of perceived privacy risk","volume":"25","author":"Bhatia J.","year":"2019","unstructured":"J. Bhatia and T. D. Breaux. 2019. Empirical measurement of perceived privacy risk. ACM Trans. Hum. Comput. Interact. 25, 6 (2019), 34:1\u201334:47.","journal-title":"ACM Trans. Hum. Comput. Interact."},{"key":"e_1_3_2_16_2","first-page":"394","volume-title":"Proceedings of the IEEE 25th International Requirements Engineering Conference, (RE\u201917)","author":"Bhatia J.","year":"2017","unstructured":"J. Bhatia and T. D. Breaux. 2017. A data purpose case study of privacy policies. In Proceedings of the IEEE 25th International Requirements Engineering Conference, (RE\u201917), 394\u2013399."},{"key":"e_1_3_2_17_2","first-page":"159","volume-title":"Proceedings of the IEEE 26th International Requirements Engineering Conference (RE\u201918)","author":"Bhatia J.","year":"2018","unstructured":"J. Bhatia and T. D. Breaux. 2018. Semantic incompleteness in privacy policy goals. In Proceedings of the IEEE 26th International Requirements Engineering Conference (RE\u201918), 159\u2013169."},{"issue":"3","key":"e_1_3_2_18_2","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1007\/s13218-020-00677-4","article-title":"Machine understandable policies and GDPR compliance checking","volume":"34","author":"Bonatti P. A.","year":"2020","unstructured":"P. A. Bonatti, S. Kirrane, I. M. Petrova, and L. Sauro. 2020. Machine understandable policies and GDPR compliance checking. Kunstl. Intell. 34, 3 (2020), 303\u2013315.","journal-title":"Kunstl. Intell."},{"issue":"3","key":"e_1_3_2_19_2","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1007\/s00766-013-0190-7","article-title":"Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements","volume":"19","author":"Breaux T. D.","year":"2014","unstructured":"T. D. Breaux, H. Hibshi, and A. Rao. 2014. Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Require. Eng. J. 19, 3 (2014), 281\u2013307.","journal-title":"Require. Eng. J."},{"key":"e_1_3_2_20_2","first-page":"166","volume-title":"Proceedings of the 23rd IEEE International Requirements Engineering Conference","author":"Breaux T. D.","year":"2015","unstructured":"T. D. Breaux, D. Smullen, and H. Hibshi. 2015. Detecting repurposing and over-collection in multi-party privacy requirements specifications. In Proceedings of the 23rd IEEE International Requirements Engineering Conference, 166\u2013175."},{"key":"e_1_3_2_21_2","first-page":"87","volume-title":"Proceedings of International Conference on Foundations of Software Technology and Theoretical Computer Science","author":"Buneman P.","year":"2000","unstructured":"P. Buneman, S. Khanna, and W. C. Tan. 2000. Data provenance: Some basic issues. In Proceedings of International Conference on Foundations of Software Technology and Theoretical Computer Science, 87\u201393."},{"key":"e_1_3_2_22_2","first-page":"102","volume-title":"Proceedings of 10th ACM Symposium on Access Control Models and Technologies","author":"Byun J. W.","year":"2005","unstructured":"J. W. Byun, E. Bertino, and N. Li. 2005. Purpose based access control of complex data for privacy protection. In Proceedings of 10th ACM Symposium on Access Control Models and Technologies, 102\u2013110."},{"key":"e_1_3_2_23_2","first-page":"6","article-title":"The cambridge analytica files","volume":"21","author":"Cadwalladr C.","year":"2018","unstructured":"C. Cadwalladr and E. Graham-Harrison. 2018. The cambridge analytica files. The Guardian 21 (2018), 6\u20137.","journal-title":"The Guardian"},{"key":"e_1_3_2_24_2","first-page":"1","author":"Cranor L. F.","year":"2002","unstructured":"L. F. Cranor. 2002. Web Privacy with P3P. O'Reilly, 1\u2013321.","journal-title":"Web Privacy with P3P"},{"key":"e_1_3_2_25_2","first-page":"4017","volume-title":"Proceedings of the IEEE International Conference on Big Data (Big Data\u201919)","author":"Davari M.","year":"2019","unstructured":"M. Davari and E. Bertino. 2019. Access control model extensions to support data privacy protection based on GDPR. In Proceedings of the IEEE International Conference on Big Data (Big Data\u201919), 4017\u20134024."},{"key":"e_1_3_2_26_2","volume-title":"Informatik Spektrum","author":"Degeling M.","year":"2019","unstructured":"M. Degeling, C. Utz, C. Lentzsch, H. Hosseini, F. Schaub, and T. Holz. 2019. We value your privacy\u2026 now take some cookies: Measuring the GDPR's impact on web privacy. In Informatik Spektrum."},{"key":"e_1_3_2_27_2","first-page":"312","volume-title":"Proceedings of 25th IEEE International Requirements Engineering Conference","author":"Evans M. C.","year":"2017","unstructured":"M. C. Evans, J. Bhatia, S. Wadkar, and T. D. Breaux. 2017. An evaluation of constituency-based hyponymy extraction from privacy policies. In Proceedings of 25th IEEE International Requirements Engineering Conference, 312\u2013321."},{"key":"e_1_3_2_28_2","first-page":"512","article-title":"Proximity based access control in smart-emergency departments","author":"Gupta S. K.","year":"2006","unstructured":"S. K. Gupta, T. Mukheriee, K. Venkatasubramanian, and T. B. Taylor. 2006. Proximity based access control in smart-emergency departments. In Proceedings of 4th IEEE International Conference on Pervasive Computing and Communications Workshops. IEEE, 512\u2013516.","journal-title":"Proceedings of 4th IEEE International Conference on Pervasive Computing and Communications Workshops."},{"key":"e_1_3_2_29_2","first-page":"133","article-title":"Time ontology in OWL","volume":"27","author":"Hobbs J. R.","year":"2006","unstructured":"J. R. Hobbs and F. Pan. 2006. Time ontology in OWL. W3C Working Draft 27, 133 (2006).","journal-title":"W3C Working Draft"},{"key":"e_1_3_2_30_2","first-page":"75","volume-title":"Proceedings of International Semantic Web Working Symposium","author":"Klein M.","year":"2001","unstructured":"M. Klein and D. Fensel. 2001. Ontology versioning on the semantic web. In Proceedings of International Semantic Web Working Symposium, 75\u201391."},{"key":"e_1_3_2_31_2","first-page":"199","volume-title":"Proceedings of 10th Symposium on Usable Privacy and Security","author":"Lin J.","year":"2014","unstructured":"J. Lin et al. 2014. Modeling users\u2019 mobile app privacy preferences: Restoring usability in a sea of permission settings. In Proceedings of 10th Symposium on Usable Privacy and Security, 199\u2013212."},{"issue":"1","key":"e_1_3_2_32_2","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1111\/j.1467-8640.1987.tb00176.x","article-title":"Expressiveness and tractability in knowledge representation and reasoning 1","volume":"3","author":"Levesque H. J.","year":"1987","unstructured":"H. J. Levesque and R. J. Brachman. 1987. Expressiveness and tractability in knowledge representation and reasoning 1. Comput. Intell. 3, 1 (1987), 78\u201393.","journal-title":"Comput. Intell."},{"key":"e_1_3_2_33_2","first-page":"3","volume-title":"Proceedings of 15th International Symposium on Temporal Representations and Reasoning","author":"Lutz C.","year":"2008","unstructured":"C. Lutz, F. Wolter, and M. Zakharyaschev. 2008. Temporal description logics: A survey. In Proceedings of 15th International Symposium on Temporal Representations and Reasoning, 3\u201314."},{"key":"e_1_3_2_34_2","volume-title":"Proceedings of the CHI Conference on Human Factors in Computing Systems","author":"Nouwens M.","year":"2020","unstructured":"M. Nouwens, I. Liccardi, M. Veale, D. Karger, and L. Kagal. 2020. Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence. In Proceedings of the CHI Conference on Human Factors in Computing Systems."},{"key":"e_1_3_2_35_2","article-title":"Defining n-ary relations on the semantic web","volume":"12","author":"Noy N.","year":"2006","unstructured":"N. Noy, A. Rector, P. Hayes, and C. Welty. 2006. Defining n-ary relations on the semantic web. W3C W\u2019 Group Note 12, (2006).","journal-title":"W3C W\u2019 Group Note"},{"key":"e_1_3_2_36_2","article-title":"Dependency path patterns as the foundation of access control in provenance-aware systems","author":"Nguyen D.","year":"2012","unstructured":"D. Nguyen, J. Park, and R. Sandhu. 2012. Dependency path patterns as the foundation of access control in provenance-aware systems. In Proceedings of 4th USENIX Conference on Theory and Practice of Provenance.","journal-title":"Proceedings of 4th USENIX Conference on Theory and Practice of Provenance"},{"key":"e_1_3_2_37_2","first-page":"57","volume-title":"Proceedings of 7th ACM Symposium on Access Control Models and Technologies","author":"Park J.","year":"2002","unstructured":"J. Park and R. Sandhu. 2002. Towards usage control models: beyond traditional access control. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, 57\u201364."},{"key":"e_1_3_2_38_2","first-page":"279","article-title":"Verifiable and revocable expression of consent to processing of aggregated personal data","volume":"5308","author":"P\u00f6hls H. C.","year":"2008","unstructured":"H. C. P\u00f6hls. 2008. Verifiable and revocable expression of consent to processing of aggregated personal data. In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 5308, 279\u2013293.","journal-title":"Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)"},{"key":"e_1_3_2_39_2","first-page":"422","article-title":"Consent verification under evolving privacy policies","author":"Robol M.","year":"2019","unstructured":"M. Robol, T. D. Breaux, E. Paja, and P. Giorgini. 2019. Consent verification under evolving privacy policies. In Proceedings of 27th IEEE International Requirements Engineering Conference, 422\u2013427.","journal-title":"Proceedings of 27th IEEE International Requirements Engineering Conference"},{"issue":"1","key":"e_1_3_2_40_2","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1145\/1866739.1866751","article-title":"Cloud computing privacy concerns on our doorstep","volume":"54","author":"Ryan M. D.","year":"2011","unstructured":"M. D. Ryan. 2011. Cloud computing privacy concerns on our doorstep. Commun. ACM 54, 1 (2011), 36\u201338.","journal-title":"Commun. ACM"},{"key":"e_1_3_2_41_2","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1016\/S0065-2458(08)60206-5","article-title":"Role-based access control","volume":"46","author":"Sandhu R.","year":"1998","unstructured":"R. Sandhu. 1998. Role-based access control. Adv. Comput. 46 (1998), 237\u2013286.","journal-title":"Adv. Comput."},{"issue":"2","key":"e_1_3_2_42_2","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Role-based access control models","volume":"29","author":"Sandhu R.","year":"1996","unstructured":"R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. 1996. Role-based access control models. Computer 29, 2 (1996), 38\u201347.","journal-title":"Computer"},{"key":"e_1_3_2_43_2","first-page":"1","volume-title":"Proceedings of Symposium on Usable Privacy and Security","author":"Schaub F.","year":"2015","unstructured":"F. Schaub, R. Balebako, A. L. Durity, and L. F. Cranor. 2015. A design space for effective privacy notices. In Proceedings of Symposium on Usable Privacy and Security, 1\u201317."},{"key":"e_1_3_2_44_2","volume-title":"Formal Syntax and Semantics of Programming Languages","author":"Slonneger K.","year":"1995","unstructured":"K. Slonneger and B. L. Kurtz. 1995. Formal Syntax and Semantics of Programming Languages. Addison-Wesley."},{"issue":"3","key":"e_1_3_2_45_2","doi-asserted-by":"crossref","first-page":"477","DOI":"10.2307\/40041279","article-title":"A taxonomy of privacy","volume":"154","author":"Solove D. J.","year":"2006","unstructured":"D. J. Solove. 2006. A taxonomy of privacy. Univ. Pennsylv. Law Rev. 154, 3 (2006), 477.","journal-title":"Univ. Pennsylv. Law Rev."},{"key":"e_1_3_2_46_2","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1145\/501158.501163","volume-title":"Proceedings of 3rd ACM Conference on Electronic Commerce","author":"Spiekermann S.","year":"2001","unstructured":"S. Spiekermann, J. Grossklags, and B. Berendt. 2001. E-privacy in 2nd generation E-commerce: Privacy preferences versus actual behavior. In Proceedings of 3rd ACM Conference on Electronic Commerce, 38\u201347."},{"issue":"43","key":"e_1_3_2_47_2","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1145\/345124.345167","article-title":"Web usage mining for web site evaluation\u2014Making a site better fit its users","volume":"8","author":"Spiliopoulou M.","year":"2000","unstructured":"M. Spiliopoulou. 2000. Web usage mining for web site evaluation\u2014Making a site better fit its users. Commun. ACM 8, 43 (2000), 127\u2013134.","journal-title":"Commun. ACM"},{"key":"e_1_3_2_48_2","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1007\/1-4020-2148-8_17","article-title":"Impacts of user privacy preferences on personalized systems","author":"Teltzrow M.","year":"2004","unstructured":"M. Teltzrow and A. Kobsa. 2004. Impacts of user privacy preferences on personalized systems. In Designing Personalized User Experiences in eCommerce, 315\u2013332.","journal-title":"Designing Personalized User Experiences in eCommerce"},{"key":"e_1_3_2_49_2","doi-asserted-by":"crossref","first-page":"166","DOI":"10.1007\/978-0-387-35285-5_10","volume-title":"Database Security XI","author":"Thomas R. K.","year":"1998","unstructured":"R. K. Thomas and R. Sandhu. 1998. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Database Security XI. Springer, Boston, MA, 166\u2013181."},{"key":"e_1_3_2_50_2","doi-asserted-by":"crossref","unstructured":"D. Torre M. Alferez G. Soltana M. Sabetzadeh and L. Briand. 2020. Model driven engineering for data protection and privacy: Application and experience with GDPR.","DOI":"10.1007\/s10270-021-00935-5"},{"key":"e_1_3_2_51_2","doi-asserted-by":"crossref","first-page":"1746","DOI":"10.1109\/TIFS.2019.2948287","article-title":"GDPR-compliant personal data management: A blockchain-based solution","volume":"15","author":"Truong N. B.","year":"2020","unstructured":"N. B. Truong, K. Sun, G. M. Lee, and Y. Guo. 2020. GDPR-compliant personal data management: A blockchain-based solution. IEEE Trans. Inf. Forens. Secur. 15, (2020), 1746\u20131761.","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"e_1_3_2_52_2","first-page":"68","volume-title":"Proceedings of the Evaluation of Novel Approaches to Software Engineering (ENASE\u201919)","author":"Vanezi E.","year":"2019","unstructured":"E. Vanezi, G. M. Kapitsaki, D. Kouzapas, and A. Philippou. 2019. A formal modeling scheme for analyzing a software system design against the GDPR. In Proceedings of the Evaluation of Novel Approaches to Software Engineering (ENASE\u201919) (2019), 68\u201379."},{"key":"e_1_3_2_53_2","first-page":"226","volume-title":"Proceedings of 4th International Conference on Formal Ontology in Information Systems","author":"Welty C.","year":"2006","unstructured":"C. Welty and R. Fikes. 2006. A reusable ontology for fluents in OWL. In Proceedings of 4th International Conference on Formal Ontology in Information Systems, 226\u2013336."},{"key":"e_1_3_2_54_2","volume-title":"Case Study Research: Design and Methods","author":"Yin R. K.","year":"2013","unstructured":"R. K. Yin. 2013. Case Study Research: Design and Methods (5th ed.). Sage.","edition":"5"},{"issue":"1","key":"e_1_3_2_55_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3389685","article-title":"The effect of the GDPR on privacy policies","volume":"12","author":"Zaeem R. N.","year":"2021","unstructured":"R. N. Zaeem and K. S. Barber. 2021. The effect of the GDPR on privacy policies. ACM Trans. Manag. Inf. Syst 12, 1 (2021), 1\u201320.","journal-title":"ACM Trans. Manag. Inf. Syst"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3490754","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3490754","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:30Z","timestamp":1750188630000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3490754"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,31]]},"references-count":54,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1,31]]}},"alternative-id":["10.1145\/3490754"],"URL":"https:\/\/doi.org\/10.1145\/3490754","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,1,31]]},"assertion":[{"value":"2020-11-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-10-05","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}