Miguel Cozar, David Rodríguez Torrado, J. D. Álamo, Danny S. Guamán
{"title":"Reliability of IP Geolocation Services for Assessing the Compliance of International Data Transfers","authors":"Miguel Cozar, David Rodríguez Torrado, J. D. Álamo, Danny S. Guamán","doi":"10.1109/eurospw55150.2022.00024","DOIUrl":null,"url":null,"abstract":"The General Data Protection Regulation sets strict requirements to allow personal data transfers outside the European Economic Area. Thus, knowing the geographical destination of data transfers is becoming increasingly important for different stakeholders such as data controllers that may become data exporters or data protection authorities who need to assess data processing compliance. To this end, several online databases and services provide geolocation data for IP addresses with different accuracy and reliability levels. This paper analyzes ten different IP geolocation services to understand their reliability against known ground truth and applies them to further assess whether 767 Android apps indeed carry out international personal data transfers. Our results show great discrepancy depending on the service used, thus demonstrating the uncertainty data controllers and supervisory authorities face to assess these data flows.","PeriodicalId":275840,"journal":{"name":"2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/eurospw55150.2022.00024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
The General Data Protection Regulation sets strict requirements to allow personal data transfers outside the European Economic Area. Thus, knowing the geographical destination of data transfers is becoming increasingly important for different stakeholders such as data controllers that may become data exporters or data protection authorities who need to assess data processing compliance. To this end, several online databases and services provide geolocation data for IP addresses with different accuracy and reliability levels. This paper analyzes ten different IP geolocation services to understand their reliability against known ground truth and applies them to further assess whether 767 Android apps indeed carry out international personal data transfers. Our results show great discrepancy depending on the service used, thus demonstrating the uncertainty data controllers and supervisory authorities face to assess these data flows.
《通用数据保护条例》(General Data Protection Regulation)设定了严格的要求,允许将个人数据转移到欧洲经济区以外。因此,了解数据传输的地理目的地对于不同的利益相关者(如可能成为数据输出者的数据控制者或需要评估数据处理合规性的数据保护机构)变得越来越重要。为此,一些在线数据库和服务提供了不同精度和可靠性的IP地址地理位置数据。本文分析了十种不同的IP地理定位服务,以了解它们与已知地面事实的可靠性,并将其应用于进一步评估767个Android应用程序是否确实进行了国际个人数据传输。我们的结果显示,根据所使用的服务,差异很大,从而证明了数据控制者和监管机构在评估这些数据流时面临的不确定性。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
