{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T23:17:57Z","timestamp":1780355877127,"version":"3.54.1"},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T00:00:00Z","timestamp":1725408000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T00:00:00Z","timestamp":1725408000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The processing of personal data gives a rise to many privacy concerns, and one of them is to ensure the transparency of data processing to end users. Usually this information is communicated to them using privacy policies. In this paper, the problem of user notification in case of data breaches and policy changes is addressed, besides an ontology-based approach to model them is proposed. To specify the ontology concepts and properties, the requirements and recommendations for the legislative regulations as well as existing privacy policies are evaluated. A set of SPARQL queries to validate the correctness and completeness of the proposed ontology are developed. The proposed approach is applied to evaluate the privacy policies designed by cloud computing providers and IoT device manufacturers. The results of the analysis show that the transparency of user notification scenarios presented in the privacy policies is still very low, and the companies should reconsider the notification mechanisms and provide more detailed information in privacy policies.<\/jats:p>","DOI":"10.1186\/s42400-024-00234-8","type":"journal-article","created":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T01:02:03Z","timestamp":1725411723000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Modelling user notification scenarios in privacy policies"],"prefix":"10.1186","volume":"7","author":[{"given":"Mikhail","family":"Kuznetsov","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Evgenia","family":"Novikova","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Igor","family":"Kotenko","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,9,4]]},"reference":[{"key":"234_CR1","unstructured":"3plususa (2021) Available online https:\/\/3plususa.com. Accessed 20 Jan 2021"},{"key":"234_CR2","unstructured":"Amazon Web Services (2022) Available online https:\/\/aws.amazon.com\/en\/privacy\/. Accessed 20 June 2022"},{"key":"234_CR3","volume-title":"The description logic handbook: theory, implementation and applications","author":"P Ashley","year":"2007","unstructured":"Ashley P, Hada S, Karjoth G, Schunter M (2007) The description logic handbook: theory, implementation and applications. Cambridge University Press, Cambridge"},{"key":"234_CR4","doi-asserted-by":"publisher","unstructured":"Ashley P, Hada S, Karjoth G, Schunter M (2002) E-p3p privacy policies and privacy authorization. In: Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society. WPES \u201902, pp 103\u2013109. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/644527.644538","DOI":"10.1145\/644527.644538"},{"key":"234_CR5","doi-asserted-by":"publisher","unstructured":"Azraoui M, Elkhiyaoui K, \u00d6nen M, Bernsmed K, De Oliveira AS, Sendor J (2015) A-PPL: an accountability policy language. In: Garcia-Alfaro J, et al (eds) Data privacy management, autonomous spontaneous security, and security assurance. DPM 2014, QASA 2014, SETOP 2014, Lecture Notes in computer science, vol. 8872, pp 319\u2013326. Springer, Switzerland, Cham. https:\/\/doi.org\/10.1007\/978-3-319-17016-9_21","DOI":"10.1007\/978-3-319-17016-9_21"},{"key":"234_CR6","doi-asserted-by":"publisher","unstructured":"Bawany NZ, Shaikh ZA (2017) Data privacy ontology for ubiquitous computing. Int J Adv Comput Sci Appl 8(1). https:\/\/doi.org\/10.14569\/IJACSA.2017.080120","DOI":"10.14569\/IJACSA.2017.080120"},{"key":"234_CR7","unstructured":"Blinded: Blinded for the review"},{"key":"234_CR8","unstructured":"California consumer privacy act home page (2018) Available online https:\/\/oag.ca.gov\/privacy\/ccpa. Accessed 20 Jan 2021"},{"key":"234_CR9","doi-asserted-by":"publisher","first-page":"140156","DOI":"10.1109\/ACCESS.2021.3115577","volume":"9","author":"J Cano-Benito","year":"2021","unstructured":"Cano-Benito J, Cimmino A, Garc\u00eda-Castro R (2021) Toward the ontological modeling of smart contracts: a solidity use case. IEEE Access 9:140156\u2013140172. https:\/\/doi.org\/10.1109\/ACCESS.2021.3115577","journal-title":"IEEE Access"},{"key":"234_CR10","unstructured":"Data Privacy Vocabulary (DPV) (2018) Available online https:\/\/w3c.github.io\/dpv\/dpv\/#sotd. Accessed 21 Oct 2021"},{"key":"234_CR11","unstructured":"Draw.io (2022) Available online https:\/\/app.diagrams.net. Accessed 20 Oct 2021"},{"key":"234_CR12","doi-asserted-by":"publisher","unstructured":"Elluri L, Joshi KP (2018) A knowledge representation of cloud data controls for EU GDPR compliance. In: 2018 IEEE World Congress on Services (SERVICES), pp 45\u201346. https:\/\/doi.org\/10.1109\/SERVICES.2018.00036","DOI":"10.1109\/SERVICES.2018.00036"},{"key":"234_CR13","unstructured":"Esteves B, Rodr\u00edguez-Doncel V (2022) Analysis of ontologies and policy languages to represent information flows in GDPR. Semantic Web"},{"key":"234_CR14","unstructured":"GDPR privacy notice template (2019) Available online https:\/\/gdpr.eu\/privacy-notice. Accessed 20 June 2022"},{"key":"234_CR15","unstructured":"General Data Protection Regulation (2016) Available online https:\/\/gdpr.eu. Accessed 20 Jan 2021"},{"key":"234_CR16","doi-asserted-by":"crossref","unstructured":"Gerl A, Bennani N, Kosch H, Brunie L (2018) LPL, towards a GDPR-compliant privacy language: formal definition and usage. Large-Scale Data-Knowl.-Centered Syst., vol. 37, pp 41\u201380 Springer, Switzerland, Cham","DOI":"10.1007\/978-3-662-57932-9_2"},{"key":"234_CR17","doi-asserted-by":"publisher","unstructured":"Gharib M, Giorgini P, Mylopoulos J (2020) COPri: a core ontology for privacy requirements engineering. In: Research challenges in information science. lecture notes in business information processing, vol. 385, pp 472\u2013489. https:\/\/doi.org\/10.1007\/978-3-030-50316-1_28","DOI":"10.1007\/978-3-030-50316-1_28"},{"key":"234_CR18","doi-asserted-by":"publisher","unstructured":"Gharib M, Giorgini P, Mylopoulos J (2021) COPri vol 2: a core ontology for privacy requirements. Data Knowl Eng 133. https:\/\/doi.org\/10.1016\/j.datak.2021.101888","DOI":"10.1016\/j.datak.2021.101888"},{"issue":"3","key":"234_CR19","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/s10817-014-9305-1","volume":"53","author":"B Glimm","year":"2014","unstructured":"Glimm B, Horrocks I, Motik B, Stoilos G, Wang Z (2014) Hermit: an owl 2 reasoner. J. Autom. Reason. 53(3):245\u2013269. https:\/\/doi.org\/10.1007\/s10817-014-9305-1","journal-title":"J. Autom. Reason."},{"key":"234_CR20","doi-asserted-by":"publisher","unstructured":"Gonzalez-Granadillo G, Menesidou SA, Papamartzivanos D, Romeu R, Navarro-Llobet D, Okoh C, Nifakos S, Xenakis C, Panaousis X (2021) Automated cyber and privacy risk management toolkit. Sensors 5493(16). https:\/\/doi.org\/10.3390\/s21165493","DOI":"10.3390\/s21165493"},{"key":"234_CR21","unstructured":"Google Cloud (2022) Available online https:\/\/cloud.google.com\/terms\/cloud-privacy-notice. Accessed 20 June 2022"},{"key":"234_CR22","unstructured":"Gopinath AAM, Wilson S, Sadeh NM (2018) Supervised and unsupervised methods for robust separation of section titles and prose text in web documents. In: EMNLP"},{"key":"234_CR23","unstructured":"GraphDB by Ontotext (2021) Available online https:\/\/www.ontotext.com\/products\/graphdb\/. Accessed 26 June 2022"},{"key":"234_CR24","unstructured":"Harkous H, Fawaz K, Lebret R, Schaub F, Shin KG, Aberer K (2018) Polisis: automated analysis and presentation of privacy policies using deep learning. https:\/\/arxiv.org\/abs\/1802.02561"},{"key":"234_CR25","unstructured":"Health insurance portability and accountability act (1996) Available online https:\/\/www.hhs.gov\/hipaa\/for-individuals\/index.html. Accessed 20 June 2022"},{"key":"234_CR26","unstructured":"Hewlett Packard Enterprise privacy notice (2022) Available online https:\/\/www.hpe.com\/us\/en\/legal\/privacy.html. Accessed 26 June 2022"},{"issue":"1","key":"234_CR27","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/3372296","volume":"23","author":"F Karegar","year":"2020","unstructured":"Karegar F, Pettersson JS, Fischer-H\u00fcbner S (2020) The dilemma of user engagement in privacy notices: effects of interaction modes and habituation on user attention. ACM Trans Priv Secur 23(1):38. https:\/\/doi.org\/10.1145\/3372296","journal-title":"ACM Trans Priv Secur"},{"key":"234_CR28","doi-asserted-by":"publisher","unstructured":"Karjoth G, Schunter M (2002) A privacy policy model for enterprises. In: Proceedings 15th IEEE computer security foundations workshop. CSFW-15, pp 271\u2013281. https:\/\/doi.org\/10.1109\/CSFW.2002.1021821","DOI":"10.1109\/CSFW.2002.1021821"},{"key":"234_CR29","doi-asserted-by":"publisher","unstructured":"Kost M, Freytag JC (2012) Privacy analysis using ontologies. In: Proceedings of the second ACM conference on data and application security and privacy. CODASPY \u201912, pp 205\u2013216. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/2133601.2133627","DOI":"10.1145\/2133601.2133627"},{"key":"234_CR30","doi-asserted-by":"publisher","unstructured":"Kuznetsov M, Novikova E, Kotenko I (2022) An approach to formal desription of the user notification scenarios in privacy policies. In: 2022 30th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), Valladolid, Spain, 2022, pp. 275-282. https:\/\/doi.org\/10.1109\/PDP55904.2022.00049.","DOI":"10.1109\/PDP55904.2022.00049"},{"key":"234_CR31","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/j.artmed.2017.07.002","volume":"80","author":"J Lamy","year":"2017","unstructured":"Lamy J (2017) Owlready: ontology-oriented programming in python with automatic classification and high level constructs for biomedical ontologies. Artif Intell Med 80:11\u201328","journal-title":"Artif Intell Med"},{"key":"234_CR32","doi-asserted-by":"publisher","unstructured":"Leicht J, Heisel M (2019) A survey on privacy policy languages: expressiveness concerning data protection regulations. In: 12th CMI Conference on Cybersecurity and Privacy (CMI), pp 1\u20136. https:\/\/doi.org\/10.1109\/CMI48017.2019.8962144","DOI":"10.1109\/CMI48017.2019.8962144"},{"key":"234_CR33","unstructured":"Thomas L (2021). Most victims of data breaches are unaware. Michigan Today. Available online:  https:\/\/michigantoday.umich.edu\/2021\/06\/25\/most-victims-of-data-breaches-remain-unaware. Accessed 21 Oct 2021"},{"key":"234_CR34","doi-asserted-by":"publisher","unstructured":"Novikova E, Doynikova E, Kotenko I (2020) P2onto: making privacy policies transparent. In: Katsikas S, et al (eds.) Computer Security. CyberICPS 2020, SECPRE 2020, ADIoT 2020, Lecture Notes in Computer Science, vol. 12501, pp 235\u2013252. Springer, Switzerland, Cham. https:\/\/doi.org\/10.1007\/978-3-030-64330-0_15","DOI":"10.1007\/978-3-030-64330-0_15"},{"key":"234_CR35","unstructured":"Novikova E, Kuzntesov M, Kotenko I (2022) The enhanced P2Onto ontology. GitHub repository. Available: https:\/\/github.com\/kuznetsovmd\/privacy-ontology. Accessed 13 Oct 2023"},{"key":"234_CR36","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1109\/ACCESS.2021.3115577","volume":"9","author":"A Oltramari","year":"2018","unstructured":"Oltramari A et al (2018) PrivOnto: a semantic framework for the analysis of privacy policies. Semantic Web 9:185\u2013203. https:\/\/doi.org\/10.1109\/ACCESS.2021.3115577","journal-title":"Semantic Web"},{"key":"234_CR37","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/978-3-319-98349-3_11","volume-title":"Electronic Government and the information systems perspective","author":"M Palmirani","year":"2018","unstructured":"Palmirani M, Martoni M, Rossi A, Bartolini C, Robaldo L (2018) Pronto: privacy ontology for legal reasoning. In: K\u0151 A, Francesconi E (eds) Electronic Government and the information systems perspective. Springer, Cham, pp 139\u2013152"},{"key":"234_CR38","unstructured":"Pandit HJ, O\u2019Sullivan D, Lewis D (2018) An ontology design pattern for describing personal data in privacy policies. In: WOP@ISWC"},{"key":"234_CR39","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1007\/978-3-030-21348-0_18","volume-title":"The semantic web","author":"HJ Pandit","year":"2019","unstructured":"Pandit HJ, Debruyne C, O\u2019Sullivan D, Lewis D (2019) GConsent: a consent ontology based on the GDPR. In: Hitzler P, Fern\u00e1ndez M, Janowicz K, Zaveri A, Gray AJG, Lopez V, Haller A, Hammar K (eds) The semantic web. Springer, Cham, pp 270\u2013282"},{"key":"234_CR40","doi-asserted-by":"publisher","unstructured":"Pardo R, Le M\u00e9tayer D (2019) Analysis of privacy policies to enhance informed consent. DBSec 2019, Lecture Notes in Computer Science, vol. 11559, pp. 177\u2013198. Springer, Switzerland, Cham. https:\/\/doi.org\/10.1007\/978-3-030-22479-0_10","DOI":"10.1007\/978-3-030-22479-0_10"},{"key":"234_CR41","unstructured":"PDPA overview (2012) Available online https:\/\/www.pdpc.gov.sg\/Overview-of-PDPA\/The-Legislation\/Personal-Data-Protection-Act. Accessed 20 Jan 2021"},{"key":"234_CR42","doi-asserted-by":"crossref","unstructured":"Poplavska E, Norton TB, Wilson S, Sadeh NM (2020) From prescription to description: mapping the GDPR to a privacy policy corpus annotation scheme. In: JURIX","DOI":"10.3233\/FAIA200874"},{"key":"234_CR43","unstructured":"Prot\u00e9g\u00e9 is a free, open-source ontology editor and framework for building intelligent systems (2014). Available online https:\/\/protege.stanford.edu. 20 Oct 2021"},{"key":"234_CR44","unstructured":"Santoro F, Bai\u00e3o F, Rodrigues Teixeira B (2018) MyMemory: an ontology for privacy protection in external digital memories. In: Proceedings of the second AMCIS conference, available online https:\/\/aisel.aisnet.org\/amcis2018\/Philosophy\/Presentations\/2"},{"key":"234_CR45","doi-asserted-by":"publisher","first-page":"800","DOI":"10.1007\/11575863_100","volume":"3762","author":"Y Tang","year":"2002","unstructured":"Tang Y, Meersman R (2002) Judicial support systems: ideas for a privacy ontology-based case analyzer. Lecture Notes Comput Sci 3762:800\u2013807. https:\/\/doi.org\/10.1007\/11575863_100","journal-title":"Lecture Notes Comput Sci"},{"key":"234_CR46","doi-asserted-by":"publisher","unstructured":"Tesfay WB, Hofmann P, Nakamura T, Kiyomoto S, Serna J (2018) Privacyguide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the fourth ACM international workshop on security and privacy analytics. IWSPA \u201918, pp 15\u201321. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/3180445.3180447","DOI":"10.1145\/3180445.3180447"},{"key":"234_CR47","unstructured":"The World Wide Web Consortium (W3C) (1994). Available online https:\/\/www.w3.org\/. Accessed 10 Oct 2023"},{"key":"234_CR48","doi-asserted-by":"publisher","unstructured":"Torre D, Soltana G, Sabetzadeh M, Briand LC, Auffinger Y, Goes P (2019) Using models to enable compliance checking against the GDPR: an experience report. In: 2019 ACM\/IEEE 22nd international conference on model driven engineering languages and systems (MODELS), pp 1\u201311. https:\/\/doi.org\/10.1109\/MODELS.2019.00-20","DOI":"10.1109\/MODELS.2019.00-20"},{"key":"234_CR49","doi-asserted-by":"crossref","unstructured":"Wilson A, Schaub F, Dara A, Liu F, Cherivirala S, Leon P (2016) The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th annual meeting of the association for computational linguistics, pp 1330\u20131340","DOI":"10.18653\/v1\/P16-1126"},{"key":"234_CR50","doi-asserted-by":"publisher","unstructured":"Wilson S, Schaub F, Liu F, Sathyendra KM, Smullen D, Zimmeck S, Ramanath R, Story P, Liu F, Sadeh N, Smith NA (2018) Analyzing privacy policies at scale: from crowdsourcing to automated annotations. ACM Trans. Web 13(1). https:\/\/doi.org\/10.1145\/3230665","DOI":"10.1145\/3230665"},{"key":"234_CR51","unstructured":"Yandex privacy notice (2022) Available online https:\/\/yandex.ru\/legal\/confidential\/. Accessed 26 June 2022"},{"key":"234_CR52","doi-asserted-by":"publisher","unstructured":"Zimmeck S, et al (2019) Maps: Scaling privacy compliance analysis to a million apps. In: Proceedings on privacy enhancing technologies, vol 66. https:\/\/doi.org\/10.1145\/2133601.2133627","DOI":"10.1145\/2133601.2133627"},{"issue":"2","key":"234_CR53","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/MSEC.2019.2897834","volume":"17","author":"Y Zou","year":"2019","unstructured":"Zou Y, Schaub F (2019) Beyond mandatory: making data breach notifications useful for consumers. IEEE Security Privacy 17(2):67\u201372. https:\/\/doi.org\/10.1109\/MSEC.2019.2897834","journal-title":"IEEE Security Privacy"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00234-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00234-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00234-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T01:06:25Z","timestamp":1725411985000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00234-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,4]]},"references-count":53,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["234"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00234-8","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,9,4]]},"assertion":[{"value":"10 May 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 March 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 September 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"41"}}