Skip to main content

2020 | OriginalPaper | Buchkapitel

Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

verfasst von : Johanna Johansen, Simone Fischer-Hübner

Erschienen in: Privacy and Identity Management. Data for Better Living: AI and Privacy

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

We introduce a new model for evaluating privacy that builds on the criteria proposed by the EuroPriSe certification scheme by adding usability criteria. Our model is visually represented through a cube, called Usable Privacy Cube (or UP Cube), where each of its three axes of variability captures, respectively: rights of the data subjects, privacy principles, and usable privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination of only rights and principles, forming the two axes at the basis of our UP Cube. In this way we also want to bring out two perspectives on privacy: that of the data subjects and, respectively, that of the controllers/processors. We define usable privacy criteria based on usability goals that we have extracted from the whole text of the General Data Protection Regulation. The criteria are designed to produce measurements of the level of usability with which the goals are reached. Precisely, we measure effectiveness, efficiency, and satisfaction, considering both the objective and the perceived usability outcomes, producing measures of accuracy and completeness, of resource utilization (e.g., time, effort, financial), and measures resulting from satisfaction scales. In the long run, the UP Cube is meant to be the model behind a new certification methodology capable of evaluating the usability of privacy, to the benefit of common users. For industries, considering also the usability of privacy would allow for greater business differentiation, beyond GDPR compliance.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Fußnoten
1
Note that system/product/service are used interchangeably throughout the paper.
 
2
GDPR – General Data Protection Regulation from European Union [1].
 
3
Following the requirement for a consistency mechanism set out in the Article 63 of GDPR, the work of the certifications bodies and DPAs in Germany is coordinated and made consistent through The Standard Data Protection Model (https://​www.​datenschutz-mv.​de/​datenschutz/​datenschutzmodel​l/​), issued by the Conference of the Independent Data Protection Authorities of the Bund and the Länder on 9–10 November 2016. This document is a good reference for methods and guidance for implementing the data protection principles.
 
Literatur
1.
Zurück zum Zitat Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Official Journal of the European Union L 119/1 (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Official Journal of the European Union L 119/1 (2016)
4.
Zurück zum Zitat Ergonomics of human-system interaction - Part 11: Usability: Definitions and concepts. Standard ISO 9241–11:2018 (2018) Ergonomics of human-system interaction - Part 11: Usability: Definitions and concepts. Standard ISO 9241–11:2018 (2018)
5.
Zurück zum Zitat Ackerman, M.S., Mainwaring, S.D.: Privacy issues and human-computer interaction. In: Cranor, L., Garfinkel, S. (eds.) Security and Usability: Designing Secure Systems That People Can Use, pp. 381–399. O’Reilly, Newton (2005) Ackerman, M.S., Mainwaring, S.D.: Privacy issues and human-computer interaction. In: Cranor, L., Garfinkel, S. (eds.) Security and Usability: Designing Secure Systems That People Can Use, pp. 381–399. O’Reilly, Newton (2005)
6.
Zurück zum Zitat Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 41–46 (1999)CrossRef Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 41–46 (1999)CrossRef
8.
Zurück zum Zitat Brooke, J.: SUS - A quick and dirty usability scale. Usability Eval. Ind. 189(194), 4–7 (1996) Brooke, J.: SUS - A quick and dirty usability scale. Usability Eval. Ind. 189(194), 4–7 (1996)
11.
Zurück zum Zitat Cranor, L.F., Garfinkel, S.: Security and Usability: Designing Secure Systems That People Can Use. O’Reilly, Newton (2005) Cranor, L.F., Garfinkel, S.: Security and Usability: Designing Secure Systems That People Can Use. O’Reilly, Newton (2005)
12.
Zurück zum Zitat Dumas, J.S., Redish, J.C.: A Practical Guide to Usability Testing, Revised edn. Intellect Books (1999) Dumas, J.S., Redish, J.C.: A Practical Guide to Usability Testing, Revised edn. Intellect Books (1999)
13.
Zurück zum Zitat European Union Agency for Fundamental Rights: Handbook on European Data Protection Law - 2018 Edition. Publications Office of the European Union, Luxembourg (2018) European Union Agency for Fundamental Rights: Handbook on European Data Protection Law - 2018 Edition. Publications Office of the European Union, Luxembourg (2018)
14.
Zurück zum Zitat Good, N.S., Krekelberg, A.: Usability and privacy: a study of Kazaa P2P file-sharing. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 137–144. ACM (2003) Good, N.S., Krekelberg, A.: Usability and privacy: a study of Kazaa P2P file-sharing. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 137–144. ACM (2003)
16.
Zurück zum Zitat Iachello, G., Hong, J.: End-user privacy in human-computer interaction. Found. Trends Hum.-Comput. Interact. 1(1), 1–137 (2007)CrossRef Iachello, G., Hong, J.: End-user privacy in human-computer interaction. Found. Trends Hum.-Comput. Interact. 1(1), 1–137 (2007)CrossRef
17.
18.
Zurück zum Zitat Kamara, I., De Hert, P.: Data protection certification in the EU: possibilities, actors and building blocks in a reformed landscape. In: Rodrigues, R., Papakonstantinou, V. (eds.) Privacy and Data Protection Seals. ITLS, vol. 28, pp. 7–34. T.M.C. Asser Press, The Hague (2018). https://doi.org/10.1007/978-94-6265-228-6_2CrossRef Kamara, I., De Hert, P.: Data protection certification in the EU: possibilities, actors and building blocks in a reformed landscape. In: Rodrigues, R., Papakonstantinou, V. (eds.) Privacy and Data Protection Seals. ITLS, vol. 28, pp. 7–34. T.M.C. Asser Press, The Hague (2018). https://​doi.​org/​10.​1007/​978-94-6265-228-6_​2CrossRef
19.
Zurück zum Zitat Karat, C.M., Brodie, C., Karat, J.: Usability design and evaluation for privacy and security solutions. In: Security and Usability, pp. 47–74 (2005) Karat, C.M., Brodie, C., Karat, J.: Usability design and evaluation for privacy and security solutions. In: Security and Usability, pp. 47–74 (2005)
20.
Zurück zum Zitat Karat, C.M., Karat, J., Brodie, C.: Privacy security and trust: human-computer interaction challenges and opportunities at their intersection. In: The Human-Computer Interaction Handbook, pp. 669–700 (2012) Karat, C.M., Karat, J., Brodie, C.: Privacy security and trust: human-computer interaction challenges and opportunities at their intersection. In: The Human-Computer Interaction Handbook, pp. 669–700 (2012)
23.
Zurück zum Zitat Patrick, A.S., Kenny, S., Holmes, C., van Breukelen, M.: Human computer interaction (chap. 12). In: Handbook for Privacy and Privacy-Enhancing Technologies: The case of Intelligent Software Agents, pp. 249–290 (2003) Patrick, A.S., Kenny, S., Holmes, C., van Breukelen, M.: Human computer interaction (chap. 12). In: Handbook for Privacy and Privacy-Enhancing Technologies: The case of Intelligent Software Agents, pp. 249–290 (2003)
24.
Zurück zum Zitat Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)CrossRef Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)CrossRef
25.
26.
27.
Zurück zum Zitat Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium, vol. 348 (1999) Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium, vol. 348 (1999)
Metadaten
Titel
Making GDPR Usable: A Model to Support Usability Evaluations of Privacy
verfasst von
Johanna Johansen
Simone Fischer-Hübner
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-42504-3_18