Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

We introduce a new model for evaluating privacy that builds on the criteria proposed by the EuroPriSe certification scheme by adding usability criteria. Our model is visually represented through a cube, called Usable Privacy Cube (or UP Cube), where each of its three axes of variability captures, respectively: rights of the data subjects, privacy principles, and usable privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination of only rights and principles, forming the two axes at the basis of our UP Cube. In this way we also want to bring out two perspectives on privacy: that of the data subjects and, respectively, that of the controllers/processors. We define usable privacy criteria based on usability goals that we have extracted from the whole text of the General Data Protection Regulation. The criteria are designed to produce measurements of the level of usability with which the goals are reached. Precisely, we measure effectiveness, efficiency, and satisfaction, considering both the objective and the perceived usability outcomes, producing measures of accuracy and completeness, of resource utilization (e.g., time, effort, financial), and measures resulting from satisfaction scales. In the long run, the UP Cube is meant to be the model behind a new certification methodology capable of evaluating the usability of privacy, to the benefit of common users. For industries, considering also the usability of privacy would allow for greater business differentiation, beyond GDPR compliance.Comment: 41 pages, 2 figures, 1 table, and appendixe

ICT Systems Security and Privacy Protection: 29th IFIP TC 11 International Conference, SEC 2014 Marrakech, Morocco, June 2-4, 2014

International audienceBook Front Matter of AICT 42

The internet: a framework for understanding ethical issues.

The impact and influence of the Internet as a communications medium cannot be overstated. It has had a profound effect on economic, political, and other social infrastructures, and has introduced ways of communicating which have transformed social relationships. The Internet has opened up information exchange on a global scale, offering enormous opportunities and advantages to an hitherto unknown degree. The Internet has also raised a number of serious, and urgent, ethical challenges. The discussions and debate surrounding ethical issues such as trust, security and privacy, amongst others, conducted at all levels (international, government, academia and the popular press) in themselves are evidence of the complexity of the problem of Internet ethics. The research unravels some of the complexity and muddle of Internet ethics, with the objective of providing a foundation for further research. This thesis offers four perspectives on the problems of Internet ethics: technical, conceptual, regulatory and ethical. These different viewpoints are not only useful in drawing out insights concerning the ethical framework of the Internet, they also provide leverage for the analysis of pertinent issues. The work in this thesis thus offers a framework for understanding, and analysis, which can be developed and used in continuing investigations. The research is a combination of theory and practice - both informing each other. The approach taken arose from the author's direct involvement in many of the expert discussions and debates which (together with the literature), identified a need for foundational work. In-depth work with a number of specialised groups has provided the practical backdrop, and grounding to this research - published results appear as Appendices

Human choice and computers : an ever more intimate relationship

Since 1974, the Human Choice and Computers (HCC) conference series has firmly remained at the cutting edge of innovative thinking about the interface between the social and technology. This introductory chapter to the proceedings of the 12th Human Choice and Computers conference points out that what has set HCC conferences apart is the critical perspective that is its hallmark. HCC12 continues this tradition

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.Comment: Accepted for publication at the 2021 International Workshop on Privacy Engineering (IWPE'21). This is a preprint manuscript (authors' own version before final copy-editing

Methodology and workflow to perform the Data Protection Impact Assessment in healthcare information systems

Background: The General Regulation on Data Protection (GDPR) modernizes and harmonizes personal data protection laws across the European Union, affecting all economic sectors including the healthcare industry. The new regulation introduces two specific duties: the Record of Processing Activities (ROPA) and, for each high-risk processing, the Data Protection Impact Assessment (DPIA). Currently, there are no specific DPIA methodologies for the healthcare environment, but only broad methodologies applicable in all economic sectors. Objectives: This work aims to propose a methodology to perform DPIA for healthcare information systems, considering the specific constraints and criticisms posed by the heterogenous and highly sensitive nature of data and software use in hospitals. Methods: We first performed a GDPR analysis and an examination of other sources regarding DPIA.This analysis led to the identification of issues related to GDPR application in the healthcare environment. We then developed a workflow for DPIA execution, and implemented a software to apply it in a real environment. The methodology was applied on 11 softwares and devices already in use in the Trieste area, Italy. Results: The most important issue identified in the analysis is the definition of "processing activity", which was overcome by focusing the methodology on the information system processing the data instead of the processing activity per se. We therefore designed a workflow for the risk assessment of an information system establishing that the DPIA shall be performed after the purchase, usually a bid with strict IT security requirements of the information system, but before its deployment in the real environment. The validation of the developed software to implement the workflow on the 11 softwares showed the ability of the proposed workflow to perform the DPIA, and to uncover some important issues in the examined systems. Conclusions: The proposed methodology can be applied to perform DPIA in the healthcare environment by supporting risk evaluation and management, focusing on each software component added to the healthcare information system

The control over personal data: True remedy or fairy tale ?

This research report undertakes an interdisciplinary review of the concept of "control" (i.e. the idea that people should have greater "control" over their data), proposing an analysis of this con-cept in the field of law and computer science. Despite the omnipresence of the notion of control in the EU policy documents, scholarly literature and in the press, the very meaning of this concept remains surprisingly vague and under-studied in the face of contemporary socio-technical environments and practices. Beyond the current fashionable rhetoric of empowerment of the data subject, this report attempts to reorient the scholarly debates towards a more comprehensive and refined understanding of the concept of control by questioning its legal and technical implications on data subject\^as agency

Yes, I know this IoT Device Might Invade my Privacy, but I Love it Anyway! A Study of Saudi Arabian Perceptions

The Internet of Things (IoT) ability to monitor our every move raises many privacy concerns. This paper reports on a study to assess current awareness of privacy implications of IoT devices amongst Saudi Arabians. We found that even when users are aware of the potential for privacy invasion, their need for the convenience these devices afford leads them to discount this potential and to ignore any concerns they might initially have had. We then conclude by making some predictions about the direction the IoT field will take in the next 5-7 years, in terms of privacy invasion, protection and awareness