Presentation Title

Cookies for Breakfast, Lunch, and Dinner: Designing a GDPR Compliant Accountability Tool for Web Services and Web Apps

Faculty Mentor

Dr. Ben Steichen

Start Date

17-11-2018 8:30 AM

End Date

17-11-2018 10:30 AM

Location

HARBESON 64

Session

POSTER 1

Type of Presentation

Poster

Subject Area

engineering_computer_science

Abstract

In light of the recently passed General Data Protection Regulation (GDPR), large multinational companies operating in Europe are expected to hold a higher level of responsibility and self-accountability in regard to the data they collect and process. Failure to comply with the tenants set by the regulation can result in steep fines. Thusly, it is important for organizations to find efficient and reliable ways to keep track of the data they collect and process on users. In this research project, we attempt to find an efficient and reliable client-side method of analyzing the type of data a given web site or web app collects on a data subject. Our method involves using an automated web browser to coerce a web server into depositing as many user data storage mechanisms onto a client machine. The scope of this method is focused around three types of user data storage mechanisms, namely Http Cookies, local storage, and flash cookies.

Summary of research results to be presented

My partner Dimitri and I developed a prototype for collecting the user storage mechanisms deposited on a client machine. We limited the scope of the prototype to collect user storage mechanisms on the chrome browser. We were able to classify and display the metadata collected from those machines as well as specify the source and content of the data collected.

This document is currently not available here.

Share

COinS
 
Nov 17th, 8:30 AM Nov 17th, 10:30 AM

Cookies for Breakfast, Lunch, and Dinner: Designing a GDPR Compliant Accountability Tool for Web Services and Web Apps

HARBESON 64

In light of the recently passed General Data Protection Regulation (GDPR), large multinational companies operating in Europe are expected to hold a higher level of responsibility and self-accountability in regard to the data they collect and process. Failure to comply with the tenants set by the regulation can result in steep fines. Thusly, it is important for organizations to find efficient and reliable ways to keep track of the data they collect and process on users. In this research project, we attempt to find an efficient and reliable client-side method of analyzing the type of data a given web site or web app collects on a data subject. Our method involves using an automated web browser to coerce a web server into depositing as many user data storage mechanisms onto a client machine. The scope of this method is focused around three types of user data storage mechanisms, namely Http Cookies, local storage, and flash cookies.