Skip to main content

Über dieses Buch

This book contains a range of invited and submitted papers presented at the 11th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, held in Karlstad, Sweden, in August 2016.
The 17 revised full papers and one short paper included in this volume were carefully selected from a total of 42 submissions and were subject to a two-step review process. The papers combine interdisciplinary approaches to bring together a host of perspectives: technical, legal, regulatory, socio-economic, social, societal, political, ethical, anthropological, philosophical, and psychological.



Keynote and Invited Papers


Big Data Prophylactics

Data mining has been re-branded as ‘big data analytics’. The techniques involved harbour a substantial set of risks, many of which will be borne by individuals. This chapter argues that safeguards are needed, to protect individuals against the potentially harmful acts that organisations will take against them. Alternative forms of such ‘big data prophylactics’ are outlined.
Roger Clarke

Open Access

Big Data Privacy and Anonymization

Data privacy has been studied in the area of statistics (statistical disclosure control) and computer science (privacy preserving data mining and privacy enhancing technologies) for at least 40 years. In this period models, measures, methods, and technologies have been developed to effectively protect the disclosure of sensitive information.
The coming of big data, with large volumes of data, dynamic and streaming data, poses new challenges to the field. In this paper we will review some of these challenges and propose some lines of research in the field.
Vicenç Torra, Guillermo Navarro-Arribas

Data Protection by Design and by Default à la European General Data Protection Regulation

The European data protection reform has resulted in a new regulation that will be effective from May 2018. This so-called General Data Protection Regulation contains specific provisions on data protection by design and on data protection by default. After briefly discussing related approaches such as “privacy by design”, we will elaborate how these provisions can be interpreted and sketch the potential impact on data processing in Europe and possibly beyond.
Marit Hansen

Evaluating Websites and Their Adherence to Data Protection Principles: Tools and Experiences

Contributions to IFIP Summer School Proceedings
We present our two separate tools for data protection measurement and evaluation of websites. The first tool does a generic check on a single website and is openly available for any web user to use when evaluating data protection measures implemented on a website. The second tool was used to perform a more exhaustive evaluation of Swedish municipalities. The work focuses on leakages of personally identifiable information to third parties when a web visitor goes to a website, and in our accompanying website we have also identified measures that web developers could undertake, or that web visitors could request, to improve the data protection of their visitors.
Amelia Andersdotter, Anders Jensen-Urstad

Privacy in the Human Brain Project: The Perspective of Ethics Management

The paper describes the ethics management function of the human brain project. It highlights some of the specific privacy-related issues of the project and the strategies that ethics management uses to address these.
Bernd Carsten Stahl

Workshop Papers


Smart Cars Cruising on the Road Paved with Good Intentions? – Workshop on Big Data Applications and Individual Rights Under the New European General Data Protection Regulation

In this workshop we addressed the protection of individuals in the EU General Data Protection Regulation with regard to threats posed by big data applications. Using smart cars as an example, the workshop focused on the individuals’ rights under the new Regulation. After an introduction to these topics, participants were invited to discuss these issues in groups and draw general conclusions on the effectiveness of the rights for individuals under the General Data Protection Regulation.
Felix Bieker, Barbara Büttner, Murat Karaboga

Opportunities and Challenges of CREDENTIAL

Towards a Metadata-Privacy Respecting Identity Provider
This paper summarizes the results of a workshop at the IFIP Summer School 2016 introducing the EU Horizon 2020 project credential, i.e., Secure Cloud Identity Wallet. The contribution of this document is three-fold. First, it gives an overview of the credential project, its use-cases, and core technologies. Second, it explains the challenges of the project’s approach and summarizes the results of the parallel focus groups that were held during the workshop. Third, it focuses on a specific challenge—the protection of metadata in centralized identity providers—and suggests a potential architecture addressing this problem.
Farzaneh Karegar, Christoph Striecks, Stephan Krenn, Felix Hörandner, Thomas Lorünser, Simone Fischer-Hübner

The Role of Privacy in the Framework for Responsible Research and Innovation in ICT for Health, Demographic Change and Ageing

Responsible Research and Innovation (RRI) is an approach to research governance that promotes the sustainability, acceptability and desirability of research and innovation processes and outputs. Given the importance of private sector companies in funding and executing research and in particular innovation, it is important to understand how their practices map onto RRI. This paper describes the role of RRI in industry and then focuses on the way in which privacy can be considered. It draws on a workshop undertaken in the context of the IFIP Summer School on Privacy and Identity Management to develop some suggestions on future integration of privacy in RRI for industry.
Bernd Carsten Stahl, Emad Yaghmaei

Evidence-Based Methods for Privacy and Identity Management

In the advent of authoritative experiments and evidence-based methods in security research [2, 4, 21, 29], we are convinced that privacy and identity research will benefit from the scientific method, as well. This workshop offers an introduction to selected tools of experiment design and systematic analysis. It includes key ingredients of evidence-based methods: hallmarks of sound experimentation, templates for the design of true experiments, and inferential statistics with sound power analysis. To gauge the state of play, we include a systematic literature review of the pre-proceedings of the 2016 IFIP Summer school on Privacy and Identity Management as well as the participants’ feedback on their perception on evidence-based methods. Finally, we make our case for the endorsement of evidence-based methods in privacy and identity management.
Kovila P. L. Coopamootoo, Thomas Groß

Selected Papers (Part I) - Legal Aspects and User Rights


Enforcing Data Protection Law – The Role of the Supervisory Authorities in Theory and Practice

This paper examines the role of the supervisory authorities for the enforcement of the EU data protection regulation. It therefore examines the case law of the Court of Justice of the European Union and the upcoming legislative changes under the General Data Protection Regulation, which includes detailed provisions for the cooperation of all European supervisory authorities.
Felix Bieker

Not just User Control in the General Data Protection Regulation

On the Problems with Choice and Paternalism, and on the Point of Data Protection
User control is increasingly prominent in the discourse surrounding the General Data Protection Regulation (GDPR). However, alongside user control, the GDPR also tries to achieve what will be called controller responsibility. Is this unjust paternalism or does it correctly place the responsibility for data protection with the controller and its supervisory authority? This paper argues that the question of responsibility should be evaluated in light of the overarching objective of the GDPR to protect the fundamental rights of natural persons. It describes the problems of a focus on the “choice” of data subjects, but also takes seriously the charge of paternalism which more protective data protection laws are faced with, tying the resulting dilemma to the objectives of data protection and ultimately to the debate on the nature of rights. Does data protection law seek to protect certain interests, such as secrecy and seclusion, or does it seek to give data subjects control over their data, and thereby political power regarding the substance of their fundamental rights? The paper concludes that a further exploration of will theories and interest theories of rights would shed light on the appropriate roles for user control and controller responsibility.
Claudia Quelle

Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This?

A transparency enhancing tool called Data Track has been developed at Karlstad University. The latest stand-alone version of the tool allows users to visualize their data exports. For analyzing the users’ perceptions of the Data Track in regard to transparency features and the concepts of data export and data portability, we have conducted a qualitative user study. We observed that although users had rather little interest in the visualization of derived data activities revealed in the Google location file, they were interested in other kinds of derived data like usage patterns for different service providers. Also, as earlier user studies revealed, we again confirmed that it is confusing for users to differentiate between locally and remotely stored and controlled data. Finally, in spite of being concerned about the security of the data exported to their machines, for exercising data portability rights pursuant to the General Data Protection Regulation, most participants would prefer to first export and edit the data before uploading it to another service provider and would appreciate using a tool such as the Data Track for helping them in this context.
Farzaneh Karegar, Tobias Pulls, Simone Fischer-Hübner

Cloud Computing Contracts

Regulatory Issues and Cloud Service Providers’ Offers: An Analysis
In cloud computing, a cloud service-brokering framework mediates between cloud service users (CSUs) and cloud service providers (CSPs) to facilitate the availability of cloud services to the users according to their requirements from multi-cloud environment. The current cloud service brokering framework considers the service performance commitments of CSPs, but it is not aware of current legal/regulatory compliance status of CSPs when recommending services to the users. A cloud contract (terms of service, Service Level Agreement (SLA)) helps cloud users in their decision making to select an appropriate CSP according to their expectations. CSUs feedback and survey report show that users are still not satisfied with the current terms and conditions committed to by CSPs. They believe that the terms and conditions are unclear or unbalanced, which they sometimes are when in favour of CSPs. In this paper, we identify some major issues to be included in cloud contract to make it safe and fair to all parties involved in the agreement from the European Union (EU) data protection perspective. Another contribution of the paper is analyzing cloud contracts (their terms of service and SLAs) offered by international CSPs in respect of the standard guidelines recommended by different independent bodies to include in the cloud contracts. This information is visualized in a sorting table, called a Heat Map table, which gives a clear picture of the regulatory compliance status of CSPs in their cloud contract documents.
Shyam S. Wagle

Selected Papers (Part II) - Privacy Technologies and Frameworks


Using Differential Privacy for the Internet of Things

In this paper we propose a hybrid privacy-protection model for the Internet of Things (IoT) with the ultimate purpose of balancing privacy restrictions and usability in data delivery services. Our model uses traditional de-identification methods (such as k-anonymity) under low-privacy requirements, but allows for the transmission of aggregate statistical results (calculated with a privacy-preserving method such as Differential Privacy) as an alternative if the privacy requirements exceed a threshold. We show a prototype implementation for this model, and present a small step-by-step example.
Carlos Rodrigo Gómez Rodríguez, Elena Gabriela Barrantes S.

Implicit Bias in Predictive Data Profiling Within Recruitments

Recruiters today are often using some kind of tool with data mining and profiling, as an initial screening for successful candidates. Their objective is often to become more objective and get away from human limitation, such as implicit biases versus underprivileged groups of people. In this explorative analysis there have been three potential problems identified, regarding the practice of using these predictive computer tools for hiring. First, that they might miss the best candidates, as the employed algorithms are tuned with limited and outdated data. Second, is the risk of directly or indirectly discriminate candidates, or, third, failure to give equal opportunities for all individuals. The problems are not new to us, and from this theoretical analysis and from other similar work; it seems that algorithms and predictive data mining tools have similar kinds of implicit biases as humans. Our human limitations, then, does not seem to be limited to us humans.
Anders Persson

A Survey of Security Analysis in Federated Identity Management

We conduct a systematic survey of security analysis in Federated Identity Management (FIM). We use a categorisation system based off the Malicious and Accidental Fault Tolerance framework (MAFTIA) to categorise security incidents in FIM. When security incidents are categorised, we can paint a picture of the landscape of problems that have been studied in FIM. We outline the security incidents that are happening across FIM protocols and present solutions to those security incidents as proposed by others.
Sean Simpson, Thomas Groß

Evaluating Users’ Affect States: Towards a Study on Privacy Concerns

Research in psychology suggests that affect influences decision making. Consequently, we ask the question how affect states such as happiness and fear impact a user’s privacy concerns. To investigate this question, we need to prepare the ground in validating methods to induce and measure emotions. While most empirical privacy research is based on self-report questionnaires [20], such an experiment design—and the field at large—will benefit from psycho-physiological tools that offer immediate measurements of the user’s state [11]. To bridge this gap, this study constructs an experiment design that induces emotions and tightly controls this manipulation. Furthermore, it offers a pretest that compares self-report and psycho-physiological tools for measuring users’ affect states. We administer validated video affect stimuli in a within-subject trial, in which participants were exposed to both happy and sad stimuli in random order, after setting a neutral baseline state. The results indicate, first, that participants’ affect states were successfully manipulated using stimuli films. Second, a systematic comparison between the tools indicates their strengths and weaknesses in sensitivity and tightness of confidence intervals, hence lays the foundations for future experiment design. Finally, we contribute an experiment design to investigate the impact of affect state on privacy decision making, which draws on the lessons learned from the experiment.
Uchechi Nwadike, Thomas Groß, Kovila P. L. Coopamootoo

Privacy Salience: Taxonomies and Research Opportunities

Privacy is a well-understood concept in the physical world, with us all desiring some escape from the public gaze. However, while individuals might recognise locking doors as protecting privacy, they have difficulty practising equivalent actions online. Privacy salience considers the tangibility of this important principle; one which is often obscured in digital environments. Through extensively surveying a range of studies, we construct the first taxonomies of privacy salience. After coding articles and identifying commonalities, we categorise works by their methodologies, platforms and underlying themes. While web browsing appears to be frequently analysed, the Internet-of-Things has received little attention. Through our use of category tuples and frequency matrices, we then explore those research opportunities which might have been overlooked. These include studies of targeted advertising and its affect on salience in social networks. It is through refining our understanding of this important topic that we can better highlight the subject of privacy.
Meredydd Williams, Jason R. C. Nurse, Sadie Creese


Weitere Informationen

Premium Partner