The Curious Case of Usable Privacy: Challenges, Solutions, and Prospects
In: Synthesis Lectures on Information Security, Privacy, and Trust
12 Ergebnisse
Sortierung:
In: Synthesis Lectures on Information Security, Privacy, and Trust
Transparency of personal data processing is a basic privacy principle and a right that is well acknowledged by data protection legislation, such as the EU general data protection regulation (GDPR). The objective of ex post transparency enhancing tools (TETs) is to provide users with insight about what data have been processed about them and what possible consequences might arise after their data have been revealed, that is, ex post. This survey assesses the state of the art in scientific literature of the usability of ex post TETs enhancing privacy and discusses them in terms of their common features and unique characteristics. The article first defines the scope of usable transparency in terms of relevant privacy principles for providing transparency by taking the GDPR as a point of reference, and usability principles that are important for achieving transparency. These principles for usable transparency serve as a reference for classifying and assessing the surveyed TETs. The retrieval and screening process of the publications is then described, as is the process for deriving the subsequent classification of the characteristics of the TETs. The survey not only looks into what is made transparent by the TETs but also how transparency is actually achieved. A main contribution of this survey is a proposed classification that assesses the TETs based on their functionality, implementation and evaluation as described in the literature. It concludes by discussing the trends and limitations of the surveyed TETs in regard to the defined scope of usable TETs and shows possible directions of future research for addressing these gaps. This survey provides researchers and developers of privacy enhancing technologies an overview of the characteristics of state of the art ex post TETs, on which they can base their work. ; Privacy&Us
BASE
In: Privacy and Identity Management for Life, S. 233-244
In: Mobile Technologies for Conflict Management, S. 181-199
International audience ; Recent social and technical developments are expanding surveillance by the government and private sector and intensifying privacy concerns, resulting in a surveillance-privacy dilemma. Governments establish surveillance schemes to fight terrorism and crime. Private organizations use profiling and data mining techniques to target marketing endeavors, to analyze customer behavior and monitor the work practices of employees. Social networks bring to the fore new means for the surveillance of individuals, publishing intimate details about themselves. Individuals are usually unaware of the constant data collection and processing in their surroundings. They are effectively losing control over their personal spheres. The aim of the conference track "Surveillance and Privacy" is to discuss and analyze, from multi-disciplinary perspectives, the privacy risks of surveillance for individuals and society, as well as solutions for protecting an individual's right to informational self-determination.
BASE
In: Privacy and Identity Management for Life, S. 245-260
In: Privacy and Identity Management for Life, S. 261-277
In: Privacy and Identity Management: The Smart Revolution
The concept of consent is a central pillar of data protection. It features prominently in research, regulation, and public debates on the subject, in spite of the wide-ranging criticisms that have been levelled against it. In this paper, I refer to this as the consent paradox. I argue that consent continues to play a central role not despite but because the criticisms of it. I analyze the debate on consent in the scholarly literature in general, and among German data protection professionals in particular, showing that it is a focus on the informed individual that keeps the concept of consent in place. Critiques of consent based on the notion of "informedness" reinforce the centrality of consent rather than calling it into question. They allude to a market view that foregrounds individual choice. Yet, the idea of a data market obscures more fundamental objections to consent, namely the individual's dependency on data controllers' services that renders the assumption of free choice a fiction.
Part 5: Project Workshops and Tutorial Papers ; International audience ; In this paper, we introduce a privacy-enhanced Peer Manager, which is a fundamental building block for the implementation of a privacy-preserving collective adaptive systems computing platform. The Peer Manager is a user-centered identity management platform that keeps information owned by a user private and is built upon an attribute-based privacy policy. Furthermore, this paper explores the ethical, privacy and social values aspects of collective adaptive systems and their extensive capacity to transform lives. We discuss the privacy, social and ethical issues around profiles and present their legal privacy requirements from the European legislation perspective.
BASE
International audience ; This article presents an overview and analysis of the key cybersecurity problems, challenges and requirements to be addressed in the future, which we derived through 63 interviews with European stakeholders from security-critical sectors including Open Banking, Supply Chain, Privacy-preserving Identity Management, Security Incident Reporting, Maritime Transport, Medical Data Exchange, and Smart Cities. We show that common problems, challenges and requirements across these sectors exist in relation to building trust, implementing privacy and identity management including secure and useable authentication, building resilient systems, standardisation and certification, achieving security and privacy by design, secure and privacy-compliant data and information sharing, and government regulations. Our results also indicate cybersecurity trends and allow to derive directions for future research and innovation activities that will be of high importance for Europe.
BASE
International audience ; This article presents an overview and analysis of the key cybersecurity problems, challenges and requirements to be addressed in the future, which we derived through 63 interviews with European stakeholders from security-critical sectors including Open Banking, Supply Chain, Privacy-preserving Identity Management, Security Incident Reporting, Maritime Transport, Medical Data Exchange, and Smart Cities. We show that common problems, challenges and requirements across these sectors exist in relation to building trust, implementing privacy and identity management including secure and useable authentication, building resilient systems, standardisation and certification, achieving security and privacy by design, secure and privacy-compliant data and information sharing, and government regulations. Our results also indicate cybersecurity trends and allow to derive directions for future research and innovation activities that will be of high importance for Europe.
BASE
International audience ; This article presents an overview and analysis of the key cybersecurity problems, challenges and requirements to be addressed in the future, which we derived through 63 interviews with European stakeholders from security-critical sectors including Open Banking, Supply Chain, Privacy-preserving Identity Management, Security Incident Reporting, Maritime Transport, Medical Data Exchange, and Smart Cities. We show that common problems, challenges and requirements across these sectors exist in relation to building trust, implementing privacy and identity management including secure and useable authentication, building resilient systems, standardisation and certification, achieving security and privacy by design, secure and privacy-compliant data and information sharing, and government regulations. Our results also indicate cybersecurity trends and allow to derive directions for future research and innovation activities that will be of high importance for Europe.
BASE