nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Privacy CURE: Consent Comprehension Made Easy

verfasst von : Olha Drozd, Sabrina Kirrane

Erschienen in: ICT Systems Security and Privacy Protection

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Although the General Data Protection Regulation (GDPR) defines several potential legal bases for personal data processing, in many cases data controllers, even when they are located outside the European Union (EU), will need to obtain consent from EU citizens for the processing of their personal data. Unfortunately, existing approaches for obtaining consent, such as pages of text followed by an agreement/disagreement mechanism, are neither specific nor informed. In order to address this challenge, we introduce our Consent reqUest useR intErface (CURE) prototype, which is based on the GDPR requirements and the interpretation of those requirements by the Article 29 Working Party (i.e., the predecessor of the European Data Protection Board). The CURE prototype provides transparency regarding personal data processing, more control via a customization, and, based on the results of our usability evaluation, improves user comprehension with respect to what data subjects actually consent to. Although the CURE prototype is based on the GDPR requirements, it could potentially be used in other jurisdictions also.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Facilitating Privacy Attitudes and Behaviors with Affective Visual Design

Nächstes Kapitel JavaScript Malware Detection Using Locality Sensitive Hashing

GDPR Art. 6(1)(b–f).

For the lawful personal data processing data subject’s consent is not required.

GDPR Art. 6(1)(a).

Art. 4(11) is complemented by Art. 7 that provides information on conditions for consent.

Article 29 Working Party Guidelines on consent under Regulation 2016/6791 are available at https://bit.ly/2BdQs08.

Article 29 Working Party was an independent European working party that dealt with data protection issues. On 25.05.2018 it was replaced by the European Data Protection Board under the GDPR.

A Privacy Finder is a search engine service that informs users whether the privacy policies of the displayed search results coincide with users’ privacy preferences. It also generates a privacy report for each search result, providing users with the core information from the privacy policy.

Compliance tools are offered by various companies, e.g., ShareThis Inc., eccenca GmbH, etc.

Usercentrics’ consent request can be viewed at https://usercentrics.com.

Norwegian Consumer Council Report is available at https://bit.ly/2N1TRRC.

Our questionnaire is available at https://bit.ly/2DNOGC3.

The prototype is available in two languages: English (http://cr-slider.soft.cafe/en/) and German (http://cr-slider.soft.cafe/de/).

The source code is available at https://bit.ly/2GErFC7.

Scalable Policy-awarE linked data arChitecture for prIvacy, trAnsparency and compLiance (SPECIAL) project is described in detail on https://www.specialprivacy.eu/.

Acquisti, A., Adjerid, I., Brandimarte, L.: Gone in 15 seconds: the limits of privacy transparency and control. IEEE Secur. Priv. 11(4), 72–74 (2013)CrossRef

Angulo, J., Fischer-Hübner, S., Pulls, T., Wästlund, E.: Usable transparency with the data track: a tool for visualizing data disclosures. In: Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1803–1808. ACM (2015)

Bastien, J.C.: Usability testing: a review of some methodological and technical aspects of the method. Int. J. Med. Inform. 79, e18–e23 (2010) CrossRef

Benedek, J., Miner, T.: Measuring desirability: new methods for evaluating desirability in a usability lab setting. Proc. Usability Prof. Assoc. 2003(8–12), 57 (2002)

Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9CrossRef

Borgesius, F.Z.: Informed consent: we can do better to defend privacy. IEEE Secur. Priv. 13(2), 103–107 (2015)CrossRef

Brewer, M.B., Crano, W.D.: Research design and issues of validity. In: Reis, H.T., Judd, C.M. (eds.) Handbook of Research Methods in Social and Personality Psychology, pp. 3–16. Cambridge University Press, Cambridge (2000)

Charters, E.: The use of think-aloud methods in qualitative research: an introduction to think-aloud methods. Brock Educ. J. 12(2), 68–82 (2003)CrossRef

Checkland, P., Holwell, S.: Action research. In: Kock, N. (ed.) Information Systems Action Research. Integrated Series in Information Systems, vol. 13, pp. 3–17. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-36060-7_1CrossRef

10.

Costante, E., Sun, Y., Petković, M., den Hartog, J.: A machine learning solution to assess privacy policy completeness: (short paper). In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, pp. 91–96. ACM (2012)

11.

Drozd, O., Kirrane, S.: I agree: customize your personal data processing with the core user interface. In: Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 17–32. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27813-7_2CrossRef

12.

Friedman, B., Howe, D.C., Felten, E.: Informed consent in the mozilla browser: implementing value-sensitive design. In: Proceedings of the 35th Annual Hawaii International Conference on System Sciences, p. 10. IEEE (2002)

13.

Hartson, H.R., Castillo, J.C., Kelso, J., Neale, W.C.: Remote evaluation: the network as an extension of the usability laboratory. In: Proceedings of the SIGCHI. ACM (1996)

14.

Ivory, M.Y., Hearst, M.A.: The state of the art in automating usability evaluation of user interfaces. ACM Comput. Surv. (CSUR) 33(4), 470–516 (2001)CrossRef

15.

Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A nutrition label for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 4. ACM (2009)

16.

Kirrane, S., et al.: A scalable consent, transparency and compliance architecture. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 11155, pp. 131–136. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98192-5_25CrossRef

17.

Kumar, P.: Privacy policies and their lack of clear disclosure regarding the life cycle of user information. In: 2016 AAAI Fall Symposium Series (2016)

18.

Liccardi, I., Pato, J., Weitzner, D.J.: Improving mobile app selection through transparency and better permission analysis. J. Priv. Confid. 5(2), 1–55 (2014)

19.

MacKenzie, I.S.: User studies and usability evaluations: from research to products. In: Proceedings of the 41st Graphics Interface Conference, pp. 1–8. CIPS (2015)

20.

McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. ISJLP 4, 543 (2008)

21.

McDonald, A.M., Reeder, R.W., Kelley, P.G., Cranor, L.F.: A comparative study of online privacy policies and formats. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 37–55. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_3CrossRef

22.

Mont, M.C., Sharma, V., Pearson, S.: Encore: dynamic consent, policy enforcement and accountable information sharing within and across organisations. Technical report, HP Laboratories HPL-2012-36 (2012)

23.

Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. JMIS 24(3), 45–77 (2007)

24.

Piras, L., et al.: Defend architecture: a privacy by design platform for GDPR compliance. In: Gritzalis, S., et al. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 78–93. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27813-7_6CrossRef

25.

Railean, A., Reinhardt, D.: Let there be lite: design and evaluation of a label for IoT transparency enhancement. In: Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services Adjunct, pp. 103–110. ACM (2018)

26.

Raschke, P., Küpper, A., Drozd, O., Kirrane, S.: Designing a GDPR-compliant and usable privacy dashboard. In: Hansen, M., Kosta, E., Nai-Fovino, I., Fischer-Hübner, S. (eds.) Privacy and Identity 2017. IAICT, vol. 526, pp. 221–236. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92925-5_14CrossRef

27.

Reeder, R.W., et al.: Expandable grids for visualizing and authoring computer security policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1473–1482. ACM (2008)

28.

Schaub, F., Balebako, R., Durity, A.L., Cranor, L.F.: A design space for effective privacy notices. In: Eleventh Symposium on Usable Privacy and Security, pp. 1–17 (2015)

29.

Seidman, I.: Interviewing as Qualitative Research: A Guide for Researchers in Education and the Social Sciences. Teachers College Press, New York (2013)

30.

Steinsbekk, K.S., Myskja, B.K., Solberg, B.: Broad consent versus dynamic consent in biobank research: is passive participation an ethical problem? EJHG 21(9), 897 (2013)CrossRef

31.

Tidwell, J.: Designing Interfaces: Patterns for Effective Interaction Design. O’Reilly Media, Inc., Sebastopol (2010)

32.

Utz, C., Degeling, M., Fahl, S., Schaub, F., Holz, T.: (Un)informed consent: studying GDPR consent notices in the field. arXiv preprint arXiv:1909.02638 (2019)

33.

Van Someren, M., Barnard, Y., Sandberg, J.: The Think Aloud Method: A Practical Approach to Modelling Cognitive Processes. Academic Press, London (1994)

34.

Weitzner, D.J., et al.: Transparent accountable data mining: new strategies for privacy protection (2006)

35.

Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 1077–1093. IEEE (2017)

Titel: Privacy CURE: Consent Comprehension Made Easy
verfasst von: Olha Drozd
Sabrina Kirrane
Verlag: Springer International Publishing
Buch: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-030-58200-5

Electronic ISBN: 978-3-030-58201-2

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-58201-2_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"