Privacy Labelling and the Story of Princess Privacy and the Seven Helpers

Privacy is currently in 'distress' and in need of 'rescue', much like princesses in the all-familiar fairytales. We employ storytelling and metaphors from fairytales to make reader-friendly and streamline our arguments about how a complex concept of Privacy Labeling (the 'knight in shining armour') can be a solution to the current state of Privacy (the 'princess in distress'). We give a precise definition of Privacy Labeling (PL), painting a panoptic portrait from seven different perspectives (the 'seven helpers'): Business, Legal, Regulatory, Usability and Human Factors, Educative, Technological, and Multidisciplinary. We describe a common vision, proposing several important 'traits of character' of PL as well as identifying 'undeveloped potentialities', i.e., open problems on which the community can focus. More specifically, this position paper identifies the stakeholders of the PL and their needs with regard to privacy, describing how PL should be and look like in order to address these needs. Throughout the paper, we highlight goals, characteristics, open problems, and starting points for creating, what we define as, the ideal PL. In the end we present three approaches to establish and manage PL, through: self-evaluations, certifications, or community endeavors. Based on these, we sketch a roadmap for future developments.Comment: 26 pages, 3 figure

Towards a privacy-preserving inspection process for authentication solutions with conditional identification

Anonymous, yet accountable authentication solutions such as privacyenhancing attribute-based credentials do not only provide various privacy features, but also contain an option of conditional identification of specific attributes of the user. While the technical functionality of this so-called inspection is available, it has not yet been examined how the inspection operation can be embedded in the organizational framework of a service provider and which inspection grounds have to be considered. This text proposes a model inspection process with clearly defined roles and workflows derived from legal obligations and guidelines from European primary law and the EU data protection regime. Thereby implementation of privacy-preserving authentication solutions in practice is facilitated, as it has been shown in a pilot of an online communication platform in a Swedish school

Summary

fidis-wp3-del3.15a.IMS_database_V1.0.do

Challenges and Solutions in Implementing Informed Consent in Digital Environments: A Scoping Review

In times of ubiquitous data collection and processing, the need for privacy and control is stronger than ever. The implementation of informed consent is becoming increasingly important. The obligation to obtain informed consent and the user’s right to information and to refuse or withdraw consent is already defined in the GDPR. Particularly within the mHealth sector, where the collection of particularly sensitive health data occurs, the realisation of informed consent presents an important challenge. However, many applications are still not compliant, and companies seem to struggle with the implementation of effective informed consent. This scoping review analyses how the technical implementation of informed consent has been addressed in the literature to date, what challenges need to be overcome when implementing informed consent, and what solutions are proposed and discussed in the current literature on the implementation of informed consent

A multidisciplinary definition of privacy labels

Purpose This paper aims to present arguments about how a complex concept of privacy labeling can be a solution to the current state of privacy. Design/methodology/approach The authors give a precise definition of Privacy Labeling (PL), painting a panoptic portrait from seven different perspectives: Business, Legal, Regulatory, Usability and Human Factors, Educative, Technological and Multidisciplinary. They describe a common vision, proposing several important “traits of character” of PL as well as identifying “undeveloped potentialities”, i.e. open problems on which the community can focus. Findings This position paper identifies the stakeholders of the PL and their needs with regard to privacy, describing how PL should be and look like to address these needs. Main aspects considered are the PL’s educational power to change people’s knowledge of privacy, tools useful for constructing PL and the possible visual appearances of PL. They also identify how the present landscape of privacy certifications could be improved by PL. Originality/value The authors adopt a multidisciplinary approach to defining PL as well as give guidelines in the form of goals, characteristics, open problems, starting points and a roadmap for creating the ideal PL. </jats:sec