Top

Published in:

2018 | OriginalPaper | Chapter

Designing a GDPR-Compliant and Usable Privacy Dashboard

Authors : Philip Raschke, Axel Küpper, Olha Drozd, Sabrina Kirrane

Published in: Privacy and Identity Management. The Smart Revolution

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The role of personal data gained significance across all business domains in past decades. Despite strict legal restrictions that processing personal data is subject to, users tend to respond to the extensive collection of data by service providers with distrust. Legal battles between data subjects and processors emphasized the need of adaptations by the current law to face today’s challenges. The European Union has taken action by introducing the General Data Protection Regulation (GDPR), which was adopted in April 2016 and will inure in May 2018. The GDPR extends existing data privacy rights of EU citizens and simultaneously puts pressure on controllers and processors by defining high penalties in case of non-compliance. Uncertainties remain to which extent controllers and processors need to adjust their existing technologies in order to conform to the new law. This work designs, implements, and evaluates a privacy dashboard for data subjects intending to enable and ease the execution of data privacy rights granted by the GDPR.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Data Protection Impact Assessment: A Hands-On Tour of the GDPR’s Most Practical Tool

next chapter Blockchain-based Identity Management and Data Usage Control (Extended Abstract)

ECLI:EU:C:2014:317. http://curia.europa.eu/juris/documents.jsf?num=c-131/12, last accessed: 07/04/2017.

What is Snowden effect? - Definition from WhatIs.com. http://whatis.techtarget.com/definition/Snowden-effect, last accessed: 07/17/2017.

ECLI:EU:C:2015:650. http://curia.europa.eu/juris/documents.jsf?num=c-362/14, last accessed: 07/17/2017.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1–88 [hereinafter GDPR].

Council Directive 95/46, 1995 O.J. (L 281) 31 (EC) [hereinafter Directive 95/46].

GDPR art. 5(1)(a).

GDPR Recital 39.

GDPR art. 3(2).

GDPR art. 6(1)(a).

GDPR art. 6(1)(c).

GDPR art. 6(1)(e).

Directive 95/46 art. 6(1)(a).

GDPR art. 5(1)(a).

GDPR art. 15(1).

GDPR art. 16.

GDPR art. 17(1).

GDPR art. 12(3).

Directive 95/46 art. 7(a).

GDPR art. 6(1)(a).

GDPR Recital 32.

GDPR art. 7(3).

Privacy Bird. http://www.privacybird.org, last accessed: 07/20/2017.

Privacy Icons. https://disconnect.me/icons, last accessed: 07/20/2017.

PrimeLife Dashboard. http://primelife.ercim.eu/results/opensource/76-dashboard, last accessed: 07/20/2017.

Google Dashboard. https://myaccount.google.com/dashboard, last accessed: 07/20/2017.

Lightbeam for Firefox - Mozilla. https://www.mozilla.org/en-US/lightbeam, last accessed: 07/20/2017.

netograph. http://netograph.com, last accessed: 07/20/2017.

WOT (Web of Trust). https://www.mywot.com, last accessed: 07/20/2017.

Me and my Shadow. https://myshadow.org, last accessed: 07/20/2017.

Firesheep - codebutler. http://codebutler.com/firesheep, last accessed: 07/20/2017.

Panopticlick. https://panopticlick.eff.org, last accessed: 07/20/2017.

Creepy by ilektrojohn. http://www.geocreepy.com, last accessed: 07/20/2017.

mfredrik/Privacy-Bucket Wiki. https://github.com/mfredrik/Privacy-Bucket/wiki, last accessed: 07/20/2017.

pylls/datatrack: A tool that visualizes your data disclosures. https://github.com/pylls/datatrack, last accessed: 07/20/2017.

WAI-ARIA (Web Accessibility Initiative). https://www.w3.org/WAI/intro/aria.php, last accessed: 07/25/2017.

Eurostat - Population. http://ec.europa.eu/eurostat/tgm/table.do?tab=table&init=1&language=en&pcode=tps00001&plugin=1, last accessed: 07/18/2017.

Europeans and their Languages. http://ec.europa.eu/commfrontoffice/publicopinion/archives/ebs/ebs_386_en.pdf, last accessed: 07/25/2017.

Eurostat - Population by age group. http://ec.europa.eu/eurostat/tgm/refreshTableAction.do?tab=table&plugin=1&pcode=tps00010&language=en, last accessed: 07/25/2017.

Eurostat - Internet use and activities. http://ec.europa.eu/eurostat/web/products-datasets/-/isoc_bde15cua, last accessed: 07/25/2017.

Eurostat - Internet use by individuals. http://ec.europa.eu/eurostat/documents/2995521/7771139/9-20122016-BP-EN.pdf/f023d81a-dce2-4959-93e3-8cc7082b6edd, last accessed: 07/25/2017.

Eurostat - Purpose of mobile internet use. http://ec.europa.eu/eurostat/web/products-datasets/-/isoc_cimobi_purp, last accessed: 07/25/2017.

ECLI:EU:C:2014:317 http://curia.europa.eu/juris/documents.jsf?num=c-131/12, last accessed: 07/25/2017.

GDPR art. 20.

React - A JavaScript library for building user interfaces. https://reactjs.org/, last accessed: 11/13/2017.

Material-UI. http://www.material-ui.com/, last accessed: 11/13/2017.

Material Design. https://material.io/, last accessed: 11/13/2017.

Privacy dashboard | IFIP Summer School 2017. http://philip-raschke.github.io/GDPR-privacy-dashboard, last accessed: 01/19/2018.

Jung von Matt study on typical German Facebook profile. https://de.linkedin.com/pulse/das-h%C3%A4ufigste-facebook-profil-deutschlands-raphael-brinkert, last accessed: 11/13/2017.

GDPR art. 26.

vis.js - A dynamic, browser based visualization library. http://visjs.org/, last accessed: 11/13/2017.

GDPR art. 7(3).

Angulo, J., Fischer-Hübner, S., Pulls, T., Wästlund, E.: Usable transparency with the data track - a tool for visualizing data disclosures. In: Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems - CHI EA 2015, pp. 1803–1808 (2015)

Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9CrossRef

Borgesius, F.Z.: Informed consent: we can do better to defend privacy. IEEE Secur. Priv. 13, 103–107 (2015)CrossRef

Hansen, M., Borcea-Pfitzmann, K., Pfitzmann, A.: PRIME - a European project for privacy-enhancing identity management. IT - Inf. Technol. 47, 352–359 (2005)

Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) Privacy and Identity 2008. IAICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03315-5_5CrossRef

Janic, M., Wijbenga, J.P., Veugen, T.: Transparency enhancing tools (TETs): an overview. In: Workshop on Socio-Technical Aspects in Security and Trust, STAST, pp. 18–25 (2013)

Jaspers, M.W.M., Steen, T., Van Den Bos, C., Geenen, M.: The think aloud method: a guide to user interface design. Int. J. Med. Inform. 73, 781–795 (2004)CrossRef

Kani-Zabihi, E., Helmhout, M.: Increasing service users’ privacy awareness by introducing on-line interactive privacy features. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 131–148. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29615-4_10CrossRef

Lewis, C., Polson, P.G., Wharton, C., Rieman, J.: Testing a walkthrough methodology for theory-based design of walk-up-and-use interfaces. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems Empowering People - CHI 1990, pp. 235–242. ACM Press, New York (1990)

10.

Möller, S.: Quality Engineering. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-642-11548-6CrossRef

11.

Nielsen, J.: Usability Engineering. Elsevier, New York (1994)MATH

12.

Sackmann, S., Strüker, J., Accorsi, R.: Personalization in privacy-aware highly dynamic systems. Commun. ACM 49, 32 (2006)CrossRef

13.

Schneier, B.: A taxonomy of social networking data. IEEE Secur. Priv. Mag. 8, 88 (2010)

14.

Siljee, J.: Privacy transparency patterns. In: Proceedings of the 20th European Conference on Pattern Languages of Programs - EuroPLoP 2015, pp. 1–11. ACM Press, New York (2015)

15.

Thatmann, D., Raschke, P., Küpper, A.: “Please, No More GUIs”: a user study, prototype development and evaluation on the integration of attribute-based encryption in a hospital environment. In: Proceedings - International Computer Software and Applications Conference, pp. 496–502. IEEE (2016)

16.

Weitzner, D.J., Abelson, H., Hanson, C., Hendler, J., Mcguinness, D.L., Jay, G., Waterman, K.K., Berners-lee, T., Kagal, L., Sussman, G.J.: Transparent accountable data mining: new strategies for privacy protection, pp. 1–12 (2006)

17.

Zwick, D., Dholakia, N.: Whose identity is it anyway? Consumer representation in the age of database marketing. J. Macromarketing 24, 31–43 (2004)CrossRef

Title: Designing a GDPR-Compliant and Usable Privacy Dashboard
Authors: Philip Raschke
Axel Küpper
Olha Drozd
Sabrina Kirrane
Publisher: Springer International Publishing
Book: Privacy and Identity Management. The Smart Revolution
Print ISBN: 978-3-319-92924-8

Electronic ISBN: 978-3-319-92925-5

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-92925-5_14

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner