Privacy and Identity Management. Between Data Protection and Security

Serious games seem to be a good alternative to traditional trainings since they are supposed to be more entertaining and engaging. However, serious games also create specific challenges: The serious games should not only be adapted to specific target groups, but also be capable of addressing recent attacks. Furthermore, evaluation of the serious games turns out to be challenging. While this already holds for serious games in general, it is even more difficult for serious games on security and privacy awareness. On the one hand, because it is hard to measure security and privacy awareness. On the other hand, because both of these topics are currently often in the main stream media requiring to make sure that a measured change really results from the game session. This paper briefly introduces three serious games to counter social engineering attacks and one serious game to raise privacy awareness. Based on the introduced games the raised challenges are discussed and partially existing solutions are presented.

Behavioural security, technical security and organisational security are inter-related. Issues addressing security should therefore consider those three pillars in common not in silos.

This paper summarizes a keynote speech held on this topic at the 16^th IFIP Summer School on Privacy and Identity Management.

In the context of IT security, legal instruments commonly demand that IT security is brought up to the level of ‘state of the art’.

As the first horizontal instrument on cybersecurity at EU level, the NIS Directive requires that Member States shall ensure that operators of essential services (OESs) and digital service providers (DSPs) take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which they use in their operations, or in the context of offering specific services. Having regard to the ‘state of the art’, those measures shall ensure a level of security of NIS appropriate to the risk posed. Similarly, the GDPR requires data controllers, and to some extent processors, to take ‘state of the art’ into account when implementing appropriate technical and organisational measures to mitigate the risks caused by their data processing activities. The same applies to public electronic communications networks or services regarding the security of their networks and services under the EECC.

Although the notion is widely referred to in legal texts, there is no standard legal definition of the notion.

This paper, based on a workshop held at the 14^th IFIP summer school, analyses the contexts in which the notion ‘state of the art’ is being used in legislation. Briefly, the reasons for abstaining from clear technical guidance are addressed. Following an introduction to the three-step theory developed by the German constitutional court, where ‘state of the art’ is located between the ‘generally accepted rules of technology’ and the ‘state of science and technology’, this paper argues that this approach can also be applied at EU level in the context of IT security.

This paper summarizes the contents and presentations held at a workshop at the IFIP Summer School on Privacy and Identity Management 2021, focusing on privacy-preserving identity management. In this document, we first introduce the necessary background on privacy-preserving identity management, including core cryptographic concepts. We then present a demonstrator scenario which benefits from the use of such technologies. Finally, we present a distributed privacy-preserving identity management framework offering an even higher level of security and privacy than previous work.

The article argues that the extent of surveillance has reached a critical level for democratic societies. However, the jurisprudence of the ECtHR, ECJ and German constitutional court, which never question the extent of surveillance on the structural level, rather aims to legitimize even the most far-reaching measures and thus does not offer effective ex post protection. The introduction of legislative ex ante mechanisms also does not promise to counter the current issues surrounding surveillance measures. Instead, such a mechanism could further legitimize surveillance. The article concludes that while tools to assess the level of surveillance could be helpful when they depart from the premise that the extent of surveillance must be reduced, civil society is best suited to operate and advance these tools in the general discourse.

The Internet of Things (IoT) is bringing new ways to collect and analyse data to develop applications answering or anticipating users’ needs. These data may be privacy-sensitive, requiring efficient privacy-preserving mechanisms. The IoT is a distributed system of unprecedented scale, creating challenges for performance and security. Classic blockchains could be a solution by providing decentralisation and strong security guarantees. However they are not efficient and scalable enough for large scale IoT systems, and available tools designed for preserving privacy in blockchains, e.g. coin mixing, have a limited effect due to transaction cost and rate.

This article provides a framework based on several technologies to address the requirements of privacy, security and performance of the Internet of Things. The basis of the framework is the IOTA technology, a derivative of blockchains relying on a directed acyclic graph to create transactions instead of a linear chain. IOTA unlocks distributed ledgers performance by increasing throughput as more users join the network, making the network scalable. IOTA being not designed for privacy protection, we complement it by privacy-preserving mechanisms: merge avoidance and decentralised mixing. Finally, privacy is reinforced by introducing usage control mechanisms for users to monitor the use and the dissemination of their data.

Remote patient monitoring involves the collection of patient-generated health data, using sensors/devices and mobile apps, to allow observation of patient’s health status, also outside healthcare environments. The challenge in this field is to facilitate patient-centric data storing, sharing, and retrieving, with high attention to personal, sensitive data privacy and protection. This study presents SynCare, a patient-centered ecosystem developed by LifeCharger, for secure health-related data recording and remote patient monitoring. SynCare has been developed with the aim of making up a strong loop between patients, healthcare professionals and informal caregivers, building up secure channels for data sharing and supporting the patients in the management of their own health and related data. The system includes: 1) a mobile app for the patient, offering different features supporting the therapy and allowing the management of consents to share key data with the healthcare professionals and/or caregivers, 2) a database on Cloud, storing all the encrypted, sensitive health-data, 3) public Ethereum blockchain to validate the data sharing consents, 4) a clinical dashboard developed as a web application whose main purpose is to allow healthcare professional to display and analyze the data collected by the patient through the mobile app. The SynCare ecosystem implements a software developed by LiberActa srl to asynchronously load the anonymous consent data on the Ethereum public blockchain, decoupling the user experience from the blockchain interaction, which can be slow, without compromising the data security.

This paper mainly questions whether taxpayers can claim certain cybersecurity guarantees based on EU law. The author starts by introducing EU tax law, the notion of taxpayers’ rights and why data protection and cybersecurity become more and more important in the field of EU tax law. Further, the author presents briefly what data protection and cybersecurity in a EU context mean and which impact it has on taxpayers. One main point of the study is to compare the data protection law and the cybersecurity law and the guarantees for taxpayers therein. Therefore, the paper outlines the intersections and divergences of EU data protection law and EU cybersecurity law. Another aspect of the paper is the question whether there is or even should be a taxpayers’ right to cybersecurity.

Privacy, Information, and Cybersecurity (PICS) are related properties that have become a concern for more or less everyone. A large portion of the responsibility for PICS is put on the end-user, who is expected to adopt PICS tools, guidelines, and features to stay secure and maintain organizational security. However, the literature describes that many users do not adopt PICS tools and a key reason seems to be usability. This study acknowledges that the usability of PICS tools is a crucial concern and seeks to problematize further by adding cognitive ability as a key usability aspect. We argue that a user’s cognitive abilities determine how the user perceives the usability of PICS tools and that usability guidelines should account for varying cognitive abilities held by different user groups. This paper presents a case study with focus on how cognitive disabilities can affect the usability of PICS tools. Interviews with users with cognitive disabilities as well as usability experts, and experts on cognitive disabilities were conducted. The results suggest that many of the usability factors are shared by all users, cognitive challenges or not. However, cognitive challenges often cause usability issues to be more severe. Based on the results, several design guidelines for the usability of PICS tools are suggested.

Cloud native information systems engineering enables scalable and resilient software architectures powering major online offerings. Today, these are built following agile development practices. At the same time, a growing demand for privacy-friendly services is articulated by societal norms and policy through effective legislative frameworks. In this paper, we (i) identify conceptual dimensions of cloud native privacy engineering – that is, bringing together cloud computing fundamentals and privacy regulation – and propose an integrative approach to be addressed to overcome the shortcomings of existing privacy enhancing technologies in practice and evaluating existing system designs. Furthermore, we (ii) propose a reference software development lifecycle called DevPrivOps to enhance established agile development methods with respect to privacy. Altogether, we show that cloud native privacy engineering opens up key advances to the state of the art of privacy by design and by default using latest technologies.

The use of mobile devices and wearables in healthcare is an important trend. To increase the motivation for regular use of such mHealth applications gamification elements have a huge potential. On the other hand for the integration of gamification concepts in mHealth applications personal health related data and usage data needs to be processed. Based on a categorization of gamification elements and examples for mHealth applications an overview about the aim of the use of gamification is given. It is analysed whether the processing of personal data is needed and if privacy is considered in the examples for the realization of gamification elements. Based on this analysis approaches for addressing privacy risks in gamification in mHealth are proposed.

Companies increasingly equip employees with smart watches to, e.g., support them in carrying out their work. Smart watches can however collect data about them and reveal sensitive information. This may result in limiting the acceptance of these devices by employees, despite their potential helpfulness. In this paper, we therefore analyze factors that influence employees’ willingness to share smart watch captured private data. In more detail, we investigate employees’ technological knowledge about data collection and processing and the associated risks, their technical affinity, their smart watch ownership and usage, and their legislation knowledge about respective laws. To this end, we have conducted an online survey with more than 1,000 full-time employees. Our findings suggest that employees are aware of the risk associated with smart watches but partially have incorrect knowledge about legal frameworks. Moreover, more than one-third of the participants own a personal smart watch and have a certain technological affinity. However, our results reveal different impacts from these factors on employees’ willingness to share data with their employers.

Platformization increasingly changes educational pedagogies, policies, governance, financing, and the role of teachers in public education. As such, platforms start to play a vital role in the realization of the values and societal goals of public education. Platform governance typically focuses on the responsibility of one actor. Cooperative responsibility argues that instead, platform governance should be the result of the dynamic interaction and allocation of responsibilities between platforms and users, supported by a legal and policy framework created by state institutions. Qualitative interviews into the construction of the Privacy Covenant for public education in the Netherlands are used as a case to investigate cooperative responsibility ‘on the ground’. The findings show that the Privacy Covenant has functioned as a driving force for strengthening data protection. The public education sector organizes themselves, and extensively cooperates with both state institutions and platform companies in order to improve data protection. Many of these stakeholders take more responsibility in protecting the privacy of children and keep on collaborating for the ongoing improvement of data protection. In this collaboration, schools should take into account an observed diversity in platforms which influences the distribution of responsibilities between them.

Nowadays, there is no tool that provides a global, permanent and “real time” view of road freight transport flows. However, this type of mapping is already available for air and sea traffic and could be useful to transport companies, e.g., setting up logistics hubs in strategic locations, and to public authorities, e.g., quickly knowing the impact of regulations, the contribution to congestion, or the impact of emissions. This kind of tool could obviously make information about road freight traffic more accessible, and allow for the consolidation of flows at both the interurban and urban levels to help decarbonize freight transport and logistics. The main contribution of this paper aims to provide a design sketch of an observatory of road freight transport flows based on signalling data from mobile network, which is accurate enough for that type of study and which does not require any supplementary installation of application on mobile devices. This kind of observatory is therefore related to the concept of Physical Internet through its objectives. This observatory will have to ensure privacy and business confidentiality by respecting the constraints set by the General Data Protection Regulation (GDPR) and the ePrivacy directive, i.e., a short-term anonymization in the French case. Thus, the second contribution of this paper is a literature review on the methods that could be useful to solve these questions.