{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T13:05:32Z","timestamp":1775912732224,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["TESTABLE (101019206)"],"award-info":[{"award-number":["TESTABLE (101019206)"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Bundesministerium f\u00fcr Wirtschaft und Klimaschutz","award":["Trade-EVs II (01MV20006A)"],"award-info":[{"award-number":["Trade-EVs II (01MV20006A)"]}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["EXC 2092 CASA - 390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["IVAN (16KIS1168)"],"award-info":[{"award-number":["IVAN (16KIS1168)"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3616604","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"3343-3357","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8468-8516","authenticated-orcid":false,"given":"David","family":"Klein","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8961-6962","authenticated-orcid":false,"given":"Benny","family":"Rolle","sequence":"additional","affiliation":[{"name":"SAP SE, Walldorf, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1538-5033","authenticated-orcid":false,"given":"Thomas","family":"Barber","sequence":"additional","affiliation":[{"name":"SAP Security Research, Karlsruhe, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7948-0742","authenticated-orcid":false,"given":"Manuel","family":"Karl","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2574-5060","authenticated-orcid":false,"given":"Martin","family":"Johns","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Archita Agarwal Marilyn George Aaron Jeyaraj and Malte Schwarzkopf. 2022. Retrofitting GDPR Compliance onto Legacy Databases. In VLDB Endow.","DOI":"10.14778\/3503585.3503603"},{"key":"e_1_3_2_1_2_1","volume-title":"29 Data Protection Working Party","year":"2017","unstructured":"Art. 29 Data Protection Working Party. 2017. Guidelines on the right to data portability (wp242rev.01). https:\/\/ec.europa.eu\/newsroom\/article29\/items\/611233\/en."},{"key":"e_1_3_2_1_3_1","volume-title":"Phosphor: Illuminating Dynamic Data Flow in Commodity JVMs. In ACM International Conference on Object Oriented Programming Systems Languages & Applications.","author":"Bell Jonathan","year":"2014","unstructured":"Jonathan Bell and Gail Kaiser. 2014. Phosphor: Illuminating Dynamic Data Flow in Commodity JVMs. In ACM International Conference on Object Oriented Programming Systems Languages & Applications."},{"key":"e_1_3_2_1_4_1","unstructured":"Bloomberg. 2021. Amazon Gets Record 888 Million Dollar EU Fine Over Data Violations. https:\/\/www.bloomberg.com\/news\/articles\/2021-07--30\/amazon-given-record-888-million-eu-fine-for-data-privacy-breach. Accessed 08.09.2023."},{"key":"e_1_3_2_1_5_1","volume-title":"Broadleaf: Commercial Open Source eCommerce. https:\/\/www.broadleafcommerce.com. Accessed 08.09.2023.","author":"Broadleaf Commerce LLC","year":"2022","unstructured":"LLC Broadleaf Commerce. 2022a. Broadleaf: Commercial Open Source eCommerce. https:\/\/www.broadleafcommerce.com. Accessed 08.09.2023."},{"key":"e_1_3_2_1_6_1","unstructured":"LLC Broadleaf Commerce. 2022b. MLB Hits a Home Run with Broadleaf. https:\/\/www.broadleafcommerce.com\/customers\/mlb. Accessed 08.09.2023."},{"key":"e_1_3_2_1_7_1","volume-title":"Abstractions for Usable Information Flow Control in Aeolus. In USENIX Conference on Annual Technical Conference.","author":"Cheng Winnie","year":"2012","unstructured":"Winnie Cheng, Dan R. K. Ports, David Schultz, Victoria Popic, Aaron Blankstein, James Cowling, Dorothy Curtis, Liuba Shrira, and Barbara Liskov. 2012. Abstractions for Usable Information Flow Control in Aeolus. In USENIX Conference on Annual Technical Conference."},{"key":"e_1_3_2_1_8_1","unstructured":"OpenMRS Community. 2022. OpenMRS: Medical Record System. https:\/\/openmrs.org. Accessed 08.09.2023."},{"key":"e_1_3_2_1_9_1","unstructured":"Council of the European Union and European Parliament. 2016. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC (General Data Protection Regulation) (Text with EEA relevance)."},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Conference on Web Application Development.","author":"Davis Benjamin","year":"2010","unstructured":"Benjamin Davis and Hao Chen. 2010. DBTaint: Cross-Application Information Flow Tracking via Databases. In USENIX Conference on Web Application Development."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Mariano di Martino Isaac Meers Peter Quax Ken Andries and Wim Lamotte. 2022. Revisiting Identification Issues in GDPR ?Right Of Access' Policies: A Technical and Longitudinal Analysis. In Privacy Enhancing Technologies.","DOI":"10.2478\/popets-2022-0037"},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Symposium on Operating Systems Design and Implementation.","author":"Enck William","unstructured":"William Enck, Peter Gilbert, Byung Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2019. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In USENIX Symposium on Operating Systems Design and Implementation."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/17.2.143"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Pietro Ferrara Luca Olivieri and Fausto Spoto. 2018. Tailoring Taint Analysis to GDPR. In Privacy Technologies and Policy.","DOI":"10.1007\/978-3-030-02547-2_4"},{"key":"e_1_3_2_1_15_1","volume-title":"FHIR: Fast Healthcare Interoperability Resources. https:\/\/www.hl7.org\/fhir\/. Accessed 08.09.2023.","author":"Foundation FHIR","year":"2022","unstructured":"FHIR Foundation. 2022. FHIR: Fast Healthcare Interoperability Resources. https:\/\/www.hl7.org\/fhir\/. Accessed 08.09.2023."},{"key":"e_1_3_2_1_16_1","unstructured":"frentix GmbH. 2022. OpenOlat -- Infinite Learning. https:\/\/www.openolat.com. Accessed 21.01.2022."},{"key":"e_1_3_2_1_17_1","unstructured":"Gatling Corp. 2022. Gatling. https:\/\/gatling.io. Accessed 08.09.2023."},{"key":"e_1_3_2_1_18_1","volume-title":"Dynamic Taint Propagation for Java. In Annual Computer Security Applications Conference.","author":"Haldar Vivek","year":"2005","unstructured":"Vivek Haldar, Deepak Chandra, and Michael Franz. 2005. Dynamic Taint Propagation for Java. In Annual Computer Security Applications Conference."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181775.1181797"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380326"},{"key":"e_1_3_2_1_21_1","volume-title":"Open Hospital: Software EMR HIS open source. https:\/\/www.open-hospital.org\/. Accessed 22.04.2023.","author":"Frontiere Informatici","year":"2022","unstructured":"Informatici senza Frontiere. 2022. Open Hospital: Software EMR HIS open source. https:\/\/www.open-hospital.org\/. Accessed 22.04.2023."},{"key":"e_1_3_2_1_22_1","unstructured":"JForum Team. 2022. JForum. https:\/\/jforum.net\/. Accessed 08.09.2023."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Karel Kub\u00ed?ek Jakob Merane Carlos Cotrini Alexander Stremitzer Stefan Bechtold and David Basin. 2022. Checking Websites' GDPR Consent Compliance for Marketing Emails. In Privacy Enhancing Technologies.","DOI":"10.2478\/popets-2022-0046"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Thomas Linden Rishabh Khandelwal Hamza Harkous and Kassem Fawaz. 2020. The Privacy Policy Landscape After the GDPR. In Privacy Enhancing Technologies.","DOI":"10.2478\/popets-2020-0004"},{"key":"e_1_3_2_1_26_1","volume-title":"Hybrid Taint Analysis for Java EE. In ACM Symposium on Applied Computing.","author":"Loch Florian D","year":"2020","unstructured":"Florian D Loch, Martin Johns, Martin Hecker, Martin Mohr, and Gregor Snelting. 2020. Hybrid Taint Analysis for Java EE. In ACM Symposium on Applied Computing."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Dominique Machuletz and Rainer B\u00f6hme. 2020. Multiple Purposes Multiple Problems: A User Study of Consent Dialogs after GDPR. In Privacy Enhancing Technologies.","DOI":"10.2478\/popets-2020-0037"},{"key":"e_1_3_2_1_28_1","unstructured":"Michael Martin Benjamin Livshits and Monica Lam. 2006. SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities. Technical Report. Stanford University."},{"key":"e_1_3_2_1_29_1","volume-title":"USENIX Security Symposium.","author":"Martino Mariano Di","year":"2019","unstructured":"Mariano Di Martino, Pieter Robyns, Winnie Weyts, Peter Quax, Wim Lamotte, and Ken Andries. 2019. Personal Information Leakage by Abusing the GDPR 'Right of Access'. In USENIX Security Symposium."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00076"},{"key":"e_1_3_2_1_31_1","volume-title":"USENIX Security Symposium.","author":"Mehta Aastha","year":"2017","unstructured":"Aastha Mehta, Eslam Elnikety, Katura Harvey, Deepak Garg, and Peter Druschel. 2017. Qapla: Policy compliance for database-backed systems. In USENIX Security Symposium."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_33_1","unstructured":"Microsoft. 2023. Playwright. https:\/\/github.com\/microsoft\/playwright. Accessed 08.09.2023."},{"key":"e_1_3_2_1_34_1","unstructured":"Reuters. 2021. WhatsApp fined a record 225 mln euro by Ireland over privacy. https:\/\/www.reuters.com\/technology\/irish-data-privacy-watchdog-fines-whatsapp-225-mln-euros-2021-09-02\/. Accessed 08.09.2023."},{"key":"e_1_3_2_1_35_1","unstructured":"Reuters. 2022. Google hit with 150 million euro French fine for cookie breaches. https:\/\/www.cnbc.com\/2022\/01\/06\/google-hit-with-150-million-euro-french-fine-for-cookie-breaches.html. Accessed 08.09.2023."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542484"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Marlene Saemann Daniel Theis Tobias Urban and Martin Degeling. 2022. Investigating GDPR Fines in the Light of Data Flows. In Privacy Enhancing Technologies.","DOI":"10.56553\/popets-2022-0111"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329806"},{"key":"e_1_3_2_1_39_1","unstructured":"SAP. 2023. CAP Bookstore. https:\/\/github.com\/SAP-samples\/cloud-cap-samples-java. Accessed 08.09.2023."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_41_1","volume-title":"Bootstrapping Privacy Compliance in Big Data Systems. In IEEE Symposium on Security and Privacy.","author":"Sen Shayak","unstructured":"Shayak Sen, Saikat Guha, Anupam Datta, Sriram K. Rajamani, Janice Y. Tsai, and Jeannette M. Wing. 2014. Bootstrapping Privacy Compliance in Big Data Systems. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Supreeth Shastri Vinay Banakar Melissa Wasserman Arun Kumar and Vijay Chidambaram. 2020. Understanding and Benchmarking the Impact of GDPR on Database Systems. In VLDB Endow.","DOI":"10.14778\/3384345.3384354"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313524"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Sarah Spiekermann. 2012. The Challenges of Privacy by Design. Commun. ACM.","DOI":"10.1145\/2209249.2209263"},{"key":"e_1_3_2_1_45_1","volume-title":"Tanenbaum","author":"Nair Bruno Crispo","year":"2008","unstructured":"Bruno Crispo Srijith K. Nair, Patrick N.D. Simpson and Andrew S. Tanenbaum. 2008. IR-CS-045: Trishul: A Policy Enforcement Architecture for Java Virtual Machines. Technical Report. Vrije Universiteit."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Emmanuel Syrmoudis Stefan Mager Sophie Kuebler-Wachendorff Paul Pizzinini Jens Grossklags and Johann Kranz. 2021. Data Portability between Online Services: An Empirical Analysis on the Effectiveness of GDPR Art. 20. In Privacy Enhancing Technologies.","DOI":"10.2478\/popets-2021-0051"},{"key":"e_1_3_2_1_47_1","unstructured":"The Spring PetClinic Community. 2022. Spring PetClinic. https:\/\/spring-petclinic.github.io. Accessed 08.09.2023."},{"key":"e_1_3_2_1_48_1","unstructured":"University of Applied Sciences Mannheim. 2022. HSMA-CTT. https:\/\/github.com\/informatik-mannheim\/HSMA-CTT. Accessed 08.09.2023."},{"key":"e_1_3_2_1_49_1","volume-title":"Measuring the Impact of the GDPR on Data Sharing in Ad Networks. In ACM Asia Conference on Computer and Communications Security.","author":"Urban Tobias","year":"2020","unstructured":"Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, and Norbert Pohlmann. 2020. Measuring the Impact of the GDPR on Data Sharing in Ad Networks. In ACM Asia Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354212"},{"key":"e_1_3_2_1_51_1","unstructured":"VMware Inc. 2022. Spring. https:\/\/spring.io. Accessed 08.09.2023."},{"key":"e_1_3_2_1_52_1","volume-title":"PrivGuard: Privacy Regulation Compliance Made Easier. In USENIX Security Symposium.","author":"Wang Lun","year":"2022","unstructured":"Lun Wang, Usmann Khan, Joseph P. Near, Qi Pang, Jithendaraa Subramanian, Neel Somani, Peng Gao, Andrew Low, and Dawn Song. 2022. PrivGuard: Privacy Regulation Compliance Made Easier. In USENIX Security Symposium."},{"key":"e_1_3_2_1_53_1","volume-title":"Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages. In IEEE Symposium on Security and Privacy.","author":"Xiang Jian","year":"2021","unstructured":"Jian Xiang and Stephen Chong. 2021. Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_54_1","volume-title":"Improving Application Security with Data Flow Assertions. In ACM SIGOPS Symposium on Operating Systems Principles.","author":"Yip Alexander","unstructured":"Alexander Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. 2009. Improving Application Security with Data Flow Assertions. In ACM SIGOPS Symposium on Operating Systems Principles."},{"key":"e_1_3_2_1_55_1","article-title":"Taintman: An art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices","author":"You Wei","year":"2017","unstructured":"Wei You, Bin Liang, Wenchang Shi, Peng Wang, and Xiangyu Zhang. 2017. Taintman: An art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices. IEEE Transactions on Dependable and Secure Computing.","journal-title":"IEEE Transactions on Dependable and Secure Computing."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616604","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3616604","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:45:38Z","timestamp":1755740738000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616604"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":55,"alternative-id":["10.1145\/3576915.3616604","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3616604","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}