个人数据流的可视化：来自Booking.com案例研究的洞见 (Visualising Personal Data Flows: Insights from a Case Study of Booking.com)

from arxiv, This is the full edition of a 8-page visionary paper accepted at 35th International Conference on Advanced Information Systems Engineering (CAiSE) Forum, 2023

Commercial organisations are holding and processing an ever-increasing amount of personal data. Policies and laws are continually changing to require these companies to be more transparent regarding collection, storage, processing and sharing of this data. This paper reports our work of taking Booking.com as a case study to visualise personal data flows extracted from their privacy policy. By showcasing how the company shares its consumers' personal data, we raise questions and extend discussions on the challenges and limitations of using privacy policy to inform customers the true scale and landscape of personal data flows. More importantly, this case study can inform us about future research on more data flow-oriented privacy policy analysis and on the construction of a more comprehensive ontology on personal data flows in complicated business ecosystems.

翻译：商业组织正在持有和处理越来越多的个人数据。政策和法律在不断变化，要求这些公司在收集、存储、处理和共享这些数据方面更加透明。本文报道了我们对Booking.com进行的个案研究，从他们的隐私政策中提取个人数据流并进行可视化。通过展示该公司如何分享其消费者的个人数据，我们引发了一些问题，并扩展了关于使用隐私政策告知客户个人数据流程的真实规模和景观的挑战和限制的讨论。更重要的是，这个案例研究可以为未来更注重数据流的隐私政策分析和构建更全面的关于复杂商业生态系统中个人数据流的本体论提供启示。