Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2024 | Book

Blueprints for Deploying Privacy Enhancing Technologies in E-Government Read chapter Read first chapter

Privacy and Identity Management. Sharing in a Digital World

18th IFIP WG 9.2, 9.6/11.7, 11.6 International Summer School, Privacy and Identity 2023, Oslo, Norway, August 8–11, 2023, Revised Selected Papers

Editors: Felix Bieker, Silvia de Conca, Nils Gruschka, Meiko Jensen, Ina Schiering

Publisher: Springer Nature Switzerland

Book Series : IFIP Advances in Information and Communication Technology

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This book contains selected papers presented at the 18th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School on Privacy and Identity Management, held in Oslo, Norway during August 8 - 11, 2023. The 21 full papers, including 2 workshops papers, presented in this book were carefully reviewed and selected from 30 submissions. The proceedings also contain two invited talks. As in previous years, one of the goals of the IFIP Summer School was to encourage the publication of thorough research papers by students and emerging scholars. The papers combine interdisciplinary approaches to bring together a host of perspectives, such as technical, legal, regulatory, socio-economic, social or societal, political, ethical, anthropological, philosophical, or psychological perspectives.

Table of Contents

Frontmatter

Keynote Papers

Frontmatter

Open Access

Blueprints for Deploying Privacy Enhancing Technologies in E-Government
Abstract
Governments are increasingly becoming providers of data-driven services to both citizens and organisations. As the number of these services grows, the government will store greater amounts of personal and company data. Data minimisation and data protection can be legal obligations, especially for governments that have passed data protection and privacy regulations. However, even without such regulation, processing only as much data as is necessary, is good information security practice. In this paper, we give an overview of how we put together a Privacy Enhancing Technology (PET) concept and roadmap for an e-government, including motivations, an adoption strategy and blueprints for services that benefit from PETs.
Liina Kamm, Dan Bogdanov, Eduardo Brito, Andre Ostrak
PDF View full text
The Effacement of Information Technology from EU Law: The Need for Collaborative Approaches to Redesign the EU’s Regulatory Architecture
Abstract
EU information technology law is built like a multi-storey house: on the ground floor is technology development and on the top floor are regulatory principles and rights; in the middle floor lie standards, which should connect the top with the ground floor. The house is built on the premise that these floors are seamlessly connected, but are they? The multi-storey house was in fact built without staircases, causing a practical disconnect between regulatory principles and technology development. This keynote speech, which draws from the 2023 book ‘Cybersecurity, Privacy and Data Protection in EU law’, will explore why information technology is effaced from EU law in practice, and the implications for cybersecurity, data protection, data markets, identity management, privacy and many other fields. This keynote speech will explore what collaborative approaches may be needed to redesign the EU regulatory architecture.
Maria Grazia Porcedda

Selected Student Papers

Frontmatter
Towards an Affordance-Based Typology of Personal Data Stores
Abstract
Personal Data Stores are often presented as a tool for data subjects to take back control over the processing of their personal data. Backed by data portability and access rights afforded by recent European legislative efforts, these Personal Data Stores are to collate various personal data in a digital location under the control of the data subject, effectively disconnecting data from applications. Through a review of 16 existing Personal Data Stores, this paper provides a timely affordance-based typology covering data processing, sharing and consent options, and (data) visualisation. We find six distinct Personal Data Store affordances: i) Data sharing, ii) Access and control, iii) Secure storage, iv) Cognition, v) Authentication, and vi) Monetisation. Notably, the data sharing affordance is the most commonly available in our sample of Personal Data Stores. These findings can inform the design and development of personal data stores by providing a typology for understanding the affordances that should be considered when creating new data store offerings.
August Bourgeus, Tim Theys, Nanouk Verhulst, Laurens Vandercruysse, Peter Mechant
Assuring GDPR Conformance Through Language-Based Compliance
Abstract
Existing legal regulations, such as the GDPR in the European Union, exert significant pressure on businesses to embed legal principles into their information systems. These legislative provisions, expertly crafted in natural language, have raised technical challenges to be GDPR compliant. In particular, formal reasoning about compliance at the level of programming code is challenging. Available alternatives, such as manual auditing, have demonstrated limited scalability, and the absence of system-level support has led to substantial penalties for businesses and a loss of control over their personal data for users. Hence, we develop an approach that intends to reconcile the existing challenges in software implications with GDPR through programming language support. We build on earlier work introducing a privacy-aware active object language and operational semantics. To demonstrate the practicality, we here present a prototype implementation within the Maude formalism, which validates our semantics and model-checks GDPR compliance properties within any given configuration. Our work is limited to certain key concepts of the GDPR that can be interpreted at the programming level. We focus on processing rights based on user consent.
Chinmayi Prabhu Baramashetru, Silvia Lizeth Tapia Tarifa, Olaf Owe
User Interaction Data in Apps: Comparing Policy Claims to Implementations
Abstract
As mobile app usage continues to rise, so does the generation of extensive user interaction data, which includes actions such as swiping, zooming, or the time spent on a screen. Apps often collect a large amount of this data and claim to anonymize it, yet concerns arise regarding the adequacy of these measures. In many cases, the so-called anonymized data still has the potential to profile and, in some instances, re-identify individual users. This situation is compounded by a lack of transparency, leading to potential breaches of user trust.
Our work investigates the gap between privacy policies and actual app behavior, focusing on the collection and handling of user interaction data. We analyzed the top 100 apps across diverse categories using static analysis methods to evaluate the alignment between policy claims and implemented data collection techniques. Our findings highlight the lack of transparency in data collection and the associated risk of re-identification, raising concerns about user privacy and trust. This study emphasizes the importance of clear communication and enhanced transparency in privacy practices for mobile app development.
Feiyang Tang, Bjarte M. Østvold
Developing with Compliance in Mind: Addressing Data Protection Law, Cybersecurity Regulation, and AI Regulation During Software Development
Abstract
This paper explores the concept of complying with relevant legal requirements when developing software systems. Specifically, it focuses on data protection law, cybersecurity regulation, and Artificial Intelligence (AI) regulation requirements in the software system development processes. The paper analyses the impact of three key regulatory frameworks in the European Union: the General Data Protection Regulation (GDPR), the Network and Information Security (NIS) 2 Directive, and the proposed Artificial Intelligence Act (AIA). The article examines the interplay and potential conflicts between different requirements in these rule sets. Towards the end of the paper, some suggestions are made for achieving alignment with these regulations in software systems, enabling concurrent compliance with the GDPR, the NIS 2 Directive, and the AIA, in situations where all the regulations enter into effect simultaneously.
Bjørn Aslak Juliussen, Jon Petter Rui, Dag Johansen
Digital Security Controversy Analysis: A Case Study of the Debate over GCHQ Exceptional Access Proposal
Abstract
In the field of commodity encrypted communications, the problems related to privacy and security are rather complicated to solve. Debates around them have been persistent since the civilian use of modern cryptography. Governments have emphasized the challenges to law enforcement posed by strong cryptography, while a heterogeneous community of security and policy experts has advocated for the widespread application of cryptography to safeguard privacy rights. Framed as the “Crypto Wars” between the tech community and the intelligence community, actors who adopt this framing are anxious about the outcome of the “Wars”. Participants of the debate have brought forward solutions such as key escrow, exceptional access, and client-side scanning to settle the disputes, and scholars have provided policy advice to end the “Wars” with minimal loss of democratic values. Despite these inputs, the “Wars” remain. In view of the security nature of the encryption debate and its intricacy, I draw on securitization theory from critical security studies and the concept of “controversy” from science and technology studies (STS) to dissect the matters across social, technical, and political perspectives. Shifting away from the “Crypto Wars” framing, I approach the debate with digital security controversy analysis by engaging with the competing claims about encryption and mapping them to the normative conflicts over security logics. This paper serves as a resource for interdisciplinary readers, aiding them in grasping the underlying contestations within the ongoing debates over encrypted communications.
Cynthia Ng
Educating Parents in Managing Online Privacy Risks: Media Educators’ Perspectives
Abstract
Although parents express concerns about their children’s personal data being collected for malicious purposes, studies have shown that parents themselves often share their children’s personal data, are not aware of certain privacy risks, or lack knowledge on how to mitigate them. In light of the extensive body of information material that is publicly available for free, this research focuses on understanding the challenges faced in educating parents about their children’s online privacy, and proposes strategies to overcome these barriers. For this a qualitative, exploratory study among media educators was conducted. The results suggest that the main obstacle lies in effectively establishing contact with parents, highlighting the necessity of finding alternative formats to the traditional brochures and parent-teacher conferences. In addition, the findings underscore the significance of showing empathy and selecting words carefully when communicating with parents. We contribute with a comprehensive overview of media educators’ viewpoints and provide insights for future research on supporting parents in mitigating online privacy risks.
Ann-Kristin Lieberknecht
A Walk in the Labyrinth. Evolving EU Regulatory Framework for Secondary Use of Electronic Personal Health Data for Scientific Research
Abstract
While the digital transformation allows the secondary use of personal health data to advance scientific medical research, the existing EU regulatory framework creates uncertainty. The new legislative proposals, namely the European Health Data Space Regulation Proposal, Data Governance Act, and Data Act, not only do not deliver simplification but expand already elaborate enforcement structures without adequate cooperation and consistency mechanisms. This issue is a symptom of tension between divergent approaches towards personal data, which, in the context of the Europeanization of administrative law, will be a challenge for data sharing that will arise within the EU data commons. This paper examines the current and upcoming regulatory framework and provides examples of anticipated overlaps from the perspective of cooperation and consistency mechanisms.
Paweł Hajduk
Who Is the Attacker - Analyzing Data Protection Violations in Health Care
Abstract
Every natural person has the fundamental right of protection in relation to the processing of their personal data. The General Data Protection Regulation (GDPR) is the legal basis for data protection in the European Union. One aspect of the GDPR is that violations of this regulation can lead to significant fines. To ensure data protection, controllers have to analyse and mitigate the risks to the rights and freedoms of data subjects. Many different stakeholders and organisations with or without malicious intentions can pose a risk in this sense. Overall, it is important to know who the attackers actually are and understand the context of potential violations. To this end we analyse data protection violations in the health care sector between July 2018 and March 2023 based on fines imposed under GDPR to identify stakeholders who pose a risk to the data subjects as well as their motives. Surprisingly, it appears that the controller is by far the most frequent perpetrator of a data protection violation while their motives are often just negligence. Insiders like employees often cause a personal data breach accidentally. Measures to enhance competence and awareness are of major importance to foster the compliance with data protection regulations.
Ramona Schmidt, Ina Schiering
Towards Privacy-Preserving Machine Learning in Sovereign Data Spaces: Opportunities and Challenges
Abstract
The world of big data has unlocked novel avenues for organizations to generate value via sharing data. Current data ecosystem initiatives such as Gaia-X and IDS are introducing data-driven business models that facilitate access to diverse data sources and automate data exchange processes among organizations. However, this also poses challenges for organizations and their customers in preserving control over their own data. This paper provides an overview of the extension requirements on current usage control concepts in data spaces through technical means to augment data privacy guarantees. Our analysis clarifies the deficiencies regarding privacy within the realms of data sovereignty and sovereign data spaces, as well as the risks and opportunities associated with the application of machine learning on sensitive data. This work identifies promising foundational elements and presents areas of research for the integration of privacy-enhancing technologies into usage control for remote data science.
Mehdi Akbari Gurabi, Felix Hermsen, Avikarsha Mandal, Stefan Decker
Secure and Privacy-Preserving Authentication for Data Subject Rights Enforcement
Abstract
In light of the GDPR, data controllers (DC) need to allow data subjects (DS) to exercise certain data subject rights. A key requirement here is that DCs can reliably authenticate a DS. Due to a lack of clear technical specifications, this has been realized in different ways, such as by requesting copies of ID documents or by email address verification. However, previous research has shown that this is associated with various security and privacy risks and that identifying DSs can be a non-trivial task. In this paper, we review different authentication schemes and propose an architecture that enables DCs to authenticate DSs with the help of independent Identity Providers in a secure and privacy-preserving manner by utilizing attribute-based credentials and eIDs. Our work contributes to a more standardized and privacy-preserving way of authenticating DSs, which will benefit both DCs and DSs.
Malte Hansen, Andre Büttner
A Privacy-Preserving Approach to Vehicle Renting and Driver Accountability in VANETs
Abstract
Vehicular Ad Hoc Networks (VANETs) play a crucial role in the evolution of Intelligent Transportation Systems. The problems of renting and drivers’ accountability still need to be answered in VANETs. Existing proposals do not consider renting vehicles, and there is no distinction between renters and owners. This paper proposes privacy-preserving rental and accountability protocols to address these problems. The proposed rental protocol outputs an agreement between an owner and a renter, which allows the renter to unlock and drive the vehicle. The privacy-preserving accountability protocol offers a robust solution for detecting and mitigating malicious behavior in VANETs. It provides a platform for holding entities accountable for their actions without violating their privacy. The paper demonstrates that our solution successfully meets the pre-set security and privacy requirements in VANETs. These findings suggest promising potential for improving future vehicular networks’ safety, efficiency, and performance.
Mahdi Akil, Sujash Naskar, Leonardo A. Martucci, Jaap-Henk Hoepman
Entangled: A Case Study of Data Exchange and Actor Relationships in a Mobility Ecosystem
Abstract
With the continuous proliferation of digital services, personal data sharing has become an ever-pressing issue. Contemporary solutions such as identity management raise privacy questions for customers, as the interoperability between different service providers requires substantial integration efforts. Self-sovereign identity (SSI) is a novel identity management approach leveraging digital credentials and promising to provide privacy-friendly data sharing to users and enable interconnected ecosystems based on a common infrastructure. While creating governance frameworks has been identified as a major challenge in implementing SSI, the scarce research on this subject mainly focuses on the technical subsystem. This paper presents a case study of an urban mobility ecosystem showcasing relevant governance aspects based on data exchange, actor relationships, and service offerings.
Daniel Richter, Jürgen Anke
Enhancing Transparency Through Personal Information Management Systems: Current State of Service Offerings and Considerations for Further Advancements
Abstract
The aim of the present article is to analyze how Personal Information Management Systems may alleviate current problems in assuring the principle of transparency enshrined in Art. 5 of the GDPR. For that purpose, existing challenges in collecting valid consent and providing transparent information will be identified. Subsequently an analysis of the current state of developments of PIMS found on the market will be conducted and their potential for mitigating these issues will be considered.
Janina Rochon
User-Driven Privacy Factors in Trigger-Action Apps: A Comparative Analysis with General IoT
Abstract
The growing adoption of Trigger-Action Platforms (TAPs) in the Internet of Things (IoT) paradigm has evolved users’ ability to automate their digital environments. However, this automation also introduces potential threats to users’ privacy. To enhance users’ privacy decisions and develop effective permission management systems, it is crucial to understand users’ comprehension of privacy factors in the IoT. This paper presents a literature review on privacy factors in the general IoT environment and compares them with users’ priorities and preferences for privacy factors specific to TAPs. To this end, we earlier conducted three Focus Groups (FGs) to gather users’ definitions and rankings of privacy factors in the TAPs context. Through the comparison with the general IoT literature, we highlight the similarities and differences in privacy factors between TAPs and traditional IoT applications. The outcomes of this study can inform the designers and developers with an emphasis on privacy-centric IoT TAPs.
Piero Romare
Privacy and Utility Evaluation of Synthetic Tabular Data for Machine Learning
Abstract
Synthetic data generation approaches have attracted a lot of attention as a potential substitute for classical anonymization methods. However, synthetic data still pose a wide range of privacy risks, for example, dataset containing data points close to real data points, thus, increasing risks of linkage attacks. While differentially private generative models are generally considered immune to privacy attacks, it is not immediately evident how these models maintain privacy with reasonable utility. In this study, we evaluate the privacy and utility trade-offs in synthetic data generated by the state-of-the-art generative model CTGAN and its differentially private variant DPCTGAN for mixed tabular data domain. We conduct experiments using widely recognized benchmark datasets to highlight the importance of selecting optimal hyperparameters such that the model converges during training and produces synthetic data with satisfactory utility. Our experiments show that synthetic data generators, which were trained with differential privacy, may experience collapse during the training phase. While the addition of a smaller noise allows the training to converge, still could limit risks against privacy attacks such as membership inference and linkage.
Felix Hermsen, Avikarsha Mandal

Open Access

Empirical Evaluation of Synthetic Data Created by Generative Models via Attribute Inference Attack
Abstract
The disclosure risk of synthetic/artificial data is still being determined. Studies show that synthetic data generation techniques generate similar data to the original data and sometimes even the exact original data. Therefore, publishing synthetic datasets can endanger the privacy of users. In our work, we study the synthetic data generated from different synthetic data generation techniques, including the most recent diffusion models. We perform a disclosure risk assessment of synthetic datasets via an attribute inference attack, in which an attacker has access to a subset of publicly available features and at least one synthesized dataset, and the aim is to infer the sensitive features unknown to the attacker. We also compute the predictive accuracy and F1 score of the random forest classifier trained on several synthetic datasets. For sensitive categorical features, we show that Attribute Inference Attack is not highly feasible or successful. In contrast, for continuous attributes, we can have an approximate inference. This holds true for the synthetic datasets derived from Diffusion models, GANs, and DPGANs, which shows that we can only have approximated Attribute Inference, not the exact Attribute Inference.
Saloni Kwatra, Vicenç Torra
PDF View full text
How Much is Your Instagram Data Worth? Economic Perspective of Privacy in the Social Media Context
Abstract
Numerous smartphone and web applications rely on personal information to analyze user behavior, primarily for targeted advertising and the enhancement of personalized features. However, these applications often provide users with limited choices: either accept their privacy policies or refrain from using the services altogether. Consequently, the prevailing norm is to “pay” for these applications and web services by providing personal data. Given that privacy policies are typically lengthy and difficult to comprehend, most users accept the terms and conditions without fully grasping the potential consequences, even reading the very complex and long privacy policies and terms of use. Sometimes users are left with no other choice than accepting the terms of use, if they rely on a specific service or want to communicate with friends and colleagues, even though they understand the potentially harmful consequences and do not agree with the terms of use. As a result, many users remain unaware of being continuously tracked by multiple applications installed on their smartphones or unwillingly agreeing to privacy policies without an alternative choice of payment other than personal information. An alternative is to establish payment options to pay for the services with money instead of with data. However, to evaluate how much people are willing to pay (WTP) for the protection of their data and which prices to offer for certain services is an under-explored question. This research aims to shed light on users’ WTP for data protection for a specific data-sharing scenario, namely for sharing data with Instagram. Overall, 68 participants took part in a survey evaluating the individual levels of WTP for data privacy when using Instagram. The results show a positive correlation between participants with higher privacy concerns also those willing to pay more for the protection of their data. Interestingly younger participants reported significantly higher privacy concerns but reported lower amounts of money they would spend on protecting their data. Moreover, female participants and the gender type other reported significantly higher WTP values in comparison to male participants.
Vera Schmitt, Paul Michel dit Ferrer, Arooj Anwar Khan, Ina Kern, Sebastian Möller

Workshop and Tutorial Papers

Frontmatter
Private Training Approaches - A Primer
Abstract
Rapid proliferation of Machine Learning (ML) systems in today online services and applications have given rise to privacy preserving machine learning research field. In the tutorial we present a primer understanding of privacy preserving ML system design approaches, by drawing in the knowledge from the state-of-the art private learning methods. We present the primer understanding in the tutorial session that is part of the IFIP summer school, which included an interactive feedback discussion session. The tutorial participants range from students to experts in various different research fields and indicated their interest in the topic. The tutorial format consists of i) presentation of the tutorial topic and ii) interactive discussion session to encourage the participants to actively discuss/reinforce their understanding and operational concerns of the tutorial topics.
Jenni Reuben, Ala Sarah Alaqra
Workshop on Cybersecurity of Critical Infrastructures
Abstract
This paper reports the presentation and discussion during the Cybersecurity of Critical Infrastructures workshop organized as a part of the 18th IFIP Summer School on Privacy and Identity Management. Furthermore, this paper also pointed to several promising future research directions. This workshop was primarily aimed at empowering PhD candidates, MSc students, and early-career researchers with insights into Critical Infrastructure (CI) security. The workshop provided participants with guidance on navigating the intricacies of safeguarding CIs, such as those in the energy and oil and gas sectors. It encompasses various aspects, from familiarizing participants with cybersecurity standards and frameworks to understanding tools and approaches that adversaries might leverage to target a system. Additionally, it also addresses how to mitigate socio-legal implications and security issues, particularly in relation to human factors. This initiative embraced a holistic approach to cybersecurity education, covering vital components like rigorous risk management, comprehensive cybersecurity training and awareness programs. This in turn would equip participants with some essential knowledge and skills to fortify critical operations against the ever-evolving cyber threat landscape.
Aida Akbarzadeh, Sabarathinam Chockalingam, Xhesika Ramaj, Lama Amro, Mary Sánchez-Gordón, Vasileios Gkioulos, Ricardo Colomo-Palacios, László Erdődi, Nathan Lau, Siv Hilde Houmb
Backmatter
Metadata
Title
Privacy and Identity Management. Sharing in a Digital World
Editors
Felix Bieker
Silvia de Conca
Nils Gruschka
Meiko Jensen
Ina Schiering
Copyright Year
2024
Electronic ISBN
978-3-031-57978-3
Print ISBN
978-3-031-57977-6
DOI
https://doi.org/10.1007/978-3-031-57978-3

Premium Partner

    Image Credits