GDPRxiv: Establishing the State of the Art in GDPR Enforcement

Chen Sun; Evan Jacobs; Daniel Lehmann; Andrew Crouse; Supreeth Shastri

GDPRxiv: Establishing the State of the Art in GDPR Enforcement

Authors: Chen Sun (University of Iowa), Evan Jacobs (University of Iowa), Daniel Lehmann (University of Copenhagen), Andrew Crouse (University of Iowa), Supreeth Shastri (University of Iowa)

Volume: 2023
Issue: 4
Pages: 484–499
DOI: https://doi.org/10.56553/popets-2023-0121

Download PDF

Abstract: Though European Union's General Data Protection Regulation (GDPR) is hailed as a model privacy regulation, details about its enforcement are not well understood. To address this gap, we propose establishing the state of the art (SOTA) in GDPR enforcement, and present the design and implementation of GDPRxiv: an information archival system that collects and curates GDPR rulings, judgements, reports, and official guidances. GDPRxiv consists of 8000+ official precedents and guidances, the largest such collection. To demonstrate the usefulness of this corpora, we share insights gleaned at the aggregate-level (say, how is the GDPR being enforced in the field) and at the article-level (say, what are the common failures observed in the field while implementing article-17 Right to be Forgotten). We release all of our software artifacts and datasets at https://GDPRxiv.org.

Keywords: GDPR, GDPR enforcement, GDPR SOTA

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.