Top

Published in:

2019 | OriginalPaper | Chapter

Enabling Users to Specify Correct Privacy Requirements

Authors : Manuel Rudolph, Svenja Polst, Joerg Doerr

Published in: Requirements Engineering: Foundation for Software Quality

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Privacy becomes more and more important for users of digital services. Recent studies show that users are concerned about having too little control over their personal data. However, if users get more possibilities for self-determining the privacy effecting their personal data, it must be guaranteed that the resulting privacy requirements are correct. This means, they reflect the user’s actual privacy demands. There exist multiple approaches for specifying privacy requirements as an end user, which we call specification paradigms. We assume that a matching of specification paradigms to users based on empirical data can positively influence the objective and perceived correctness. We use the user type model by Dupree, which categorizes users by their motivation and knowledge. We experimentally determined the best match of user types and paradigms. We show that participants with less knowledge and motivation make more mistakes and that a strong limitation of selection options increases objective and perceived correctness of the specified privacy requirements.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Is the SAFE Approach Too Simple for App Feature Extraction? A Replication Study

next chapter RE-SWOT: From User Feedback to Requirements via Competitor Analysis

European Commission: Special Eurobarometer 431 - Data Protection (2015). http://ec.europa.eu/commfrontoffice/publicopinion/archives/ebs/ebs_431_en.pdf

Symantec: State of Privacy Report 2015 (2015). https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy-report-2015.pdf

Rudolph, M., Feth, D., Polst, S.: Why users ignore privacy policies – a survey and intention model for explaining user privacy behavior. In: Kurosu, M. (ed.) HCI 2018. LNCS, vol. 10901, pp. 587–598. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91238-7_45CrossRef

Kumaraguru, P., Cranor, L.: Privacy indexes: a survey of Westin’s studies (2005). http://repository.cmu.edu/isr/856

Dupree, J.L., Devries, R., Berry, D.M., Lank, E.: Privacy personas: clustering users via attitudes and behaviors toward security practices. In: Conference on Human Factors in Computing Systems (2016)

Digman, J.M.: Personality structure: emergence of the five-factor model. Ann. Rev. Psychol. 41, 417–440 (1990)CrossRef

Keirsey, D.: Please Understand Me 2. Prometheus Nemesis Book Company, Carlsbad (1998)

Myers, I.B., McCaulley, M.H., Most, R.: Manual: A Guide to the Development and Use of the Myers-Briggs Type Indicator, vol. 1985. Consulting Psychologists Press, Palo Alto (1985)

Urban, J.M., Hoofnagle, C.J.: The privacy pragmatic as privacy vulnerable. In: Workshop on Privacy Personas and Segmentation, SOUPS, Menlo Park, CA, 9–11 July 2014

10.

Smith, H.J., Milberg, S.J., Burke, S.J.: Information privacy: measuring individuals’ concerns about organizational practices. MIS Q. 20, 167–196 (1996)CrossRef

11.

Morton, A., Sasse, M.A.: Desperately seeking assurances: segmenting users by their information-seeking preferences. In: 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), pp. 102–111 (2014)

12.

Malhotra, N.K., Kim, S.S., Agarwal, J.: Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Inf. Syst. Res. 15(4), 336–355 (2004)CrossRef

13.

Information Systems Security Research Group. PERMIS, University of Kent. http://sec.cs.kent.ac.uk/permis/

14.

Johnson, M., Karat, J., Karat, C.M., Grueneberg, K.: Usable policy template authoring for iterative policy refinement. In: IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY, Fairfax, Virginia, USA (2010)

15.

Uszok, A., et al.: KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, POLICY (2003)

16.

Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Analyzing Facebook privacy settings: user expectations vs. reality. In: ACM Conference on Internet Measurement (2011)

17.

Fang, L., LeFevre, K.: Privacy wizards for social networking sites. In: Proceedings of the 19th International Conference on World Wide Web. ACM, New York (2010)

18.

Cranor, L.F.: P3P: making privacy policies more useful. IEEE Secur. Priv. 99, 50–55 (2003)CrossRef

19.

Cranor, L., Langheinrich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0 (APPEL1.0) (2002). https://www.w3.org/TR/P3P-preferences/

20.

Rudolph, M., Polst, S.: Satisfying and efficient privacy settings. Mensch und Computer (2018)

21.

Rudolph, M., Feth, D., Doerr, J., Spilker, J.: Requirements elicitation and derivation of security policy templates—an industrial case study. In: 24th International Requirements Engineering Conference (RE), Beijing, China, pp. 283–292 (2016)

22.

Supplementary Experiment Material including extended Figures for this Paper. http://s.fhg.de/yU6

Title: Enabling Users to Specify Correct Privacy Requirements
Authors: Manuel Rudolph
Svenja Polst
Joerg Doerr
Publisher: Springer International Publishing
Book: Requirements Engineering: Foundation for Software Quality
Print ISBN: 978-3-030-15537-7

Electronic ISBN: 978-3-030-15538-4

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-15538-4_3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner