5,562 research outputs found
Online Customer Trust in the Context of the General Data Protection Regulation (GDPR)
Background: A recent global survey found that almost half of Internet users who never buy online indicated lack of trust as the main reason. The General Data Protection Regulation (GDPR) is new legislation expected to provide the opportunity for organizations to improve their customer trust through personal data governance. Few studies explore online customer trust from the GDPR perspective. This study aims to fill this gap by drawing on the Technology Acceptance Model (TAM) and Self-Determination Theory (SDT), examining the antecedents of online customer trust from the GDPR perspective. The study also attempts to derive insights about the GDPR that may affect online customer trust, but which to date have little presence in frameworks of the antecedents of online trust. The main research questions are as follows. First, what are the impacts of perceived technology, perceived risks and perceived trustworthiness on online customer trust in the GDPR context? Second, what are the GDPR-specific factors that may affect online customer trust?
Method: This positivist study used a survey strategy with a deductive approach to investigate the research questions. A questionnaire was designed for primary data collection as the basis for quantitative data analysis.
Results: Data analysis confirmed that several GDPR-related trust antecedents – perceived security, perceived third-party assurance and perceived openness – are positively associated with online customer trust. This study offers new insights into the SDT adaptation that suggest the value of motivation theory for trust research in the GDPR context. This study also generates insights about the GDPR that may affect online customer trust.
Conclusions: This study suggests that the GDPR plays a significant role in online customer trust by bringing about stronger rights and more transparency for online customers. Both the confirmation and insights are a contribution that can lead seemingly old-fashioned trust antecedents into a new application.
Available at: https://aisel.aisnet.org/pajais/vol12/iss1/4
How to make privacy policies both GDPR-compliant and usable
It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers
Eavesdropping Whilst You're Shopping: Balancing Personalisation and Privacy in Connected Retail Spaces
Physical retailers, who once led the way in tracking with loyalty cards and
`reverse appends', now lag behind online competitors. Yet we might be seeing
these tables turn, as many increasingly deploy technologies ranging from simple
sensors to advanced emotion detection systems, even enabling them to tailor
prices and shopping experiences on a per-customer basis. Here, we examine these
in-store tracking technologies in the retail context, and evaluate them from
both technical and regulatory standpoints. We first introduce the relevant
technologies in context, before considering privacy impacts, the current
remedies individuals might seek through technology and the law, and those
remedies' limitations. To illustrate challenging tensions in this space we
consider the feasibility of technical and legal approaches to both a) the
recent `Go' store concept from Amazon which requires fine-grained, multi-modal
tracking to function as a shop, and b) current challenges in opting in or out
of increasingly pervasive passive Wi-Fi tracking. The `Go' store presents
significant challenges with its legality in Europe significantly unclear and
unilateral, technical measures to avoid biometric tracking likely ineffective.
In the case of MAC addresses, we see a difficult-to-reconcile clash between
privacy-as-confidentiality and privacy-as-control, and suggest a technical
framework which might help balance the two. Significant challenges exist when
seeking to balance personalisation with privacy, and researchers must work
together, including across the boundaries of preferred privacy definitions, to
come up with solutions that draw on both technology and the legal frameworks to
provide effective and proportionate protection. Retailers, simultaneously, must
ensure that their tracking is not just legal, but worthy of the trust of
concerned data subjects.Comment: 10 pages, 1 figure, Proceedings of the PETRAS/IoTUK/IET Living in the
Internet of Things Conference, London, United Kingdom, 28-29 March 201
Making GDPR Usable: A Model to Support Usability Evaluations of Privacy
We introduce a new model for evaluating privacy that builds on the criteria
proposed by the EuroPriSe certification scheme by adding usability criteria.
Our model is visually represented through a cube, called Usable Privacy Cube
(or UP Cube), where each of its three axes of variability captures,
respectively: rights of the data subjects, privacy principles, and usable
privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with
the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination
of only rights and principles, forming the two axes at the basis of our UP
Cube. In this way we also want to bring out two perspectives on privacy: that
of the data subjects and, respectively, that of the controllers/processors. We
define usable privacy criteria based on usability goals that we have extracted
from the whole text of the General Data Protection Regulation. The criteria are
designed to produce measurements of the level of usability with which the goals
are reached. Precisely, we measure effectiveness, efficiency, and satisfaction,
considering both the objective and the perceived usability outcomes, producing
measures of accuracy and completeness, of resource utilization (e.g., time,
effort, financial), and measures resulting from satisfaction scales. In the
long run, the UP Cube is meant to be the model behind a new certification
methodology capable of evaluating the usability of privacy, to the benefit of
common users. For industries, considering also the usability of privacy would
allow for greater business differentiation, beyond GDPR compliance.Comment: 41 pages, 2 figures, 1 table, and appendixe
Electronic identity verification: personal data protection challenges and risks
This work highlights the clash of GDPR, eIDAS Regulation and PSD2 Directive, as well as tackles challenges of implementation in practice, specifically the challenges of securing personal data whilst ensuring an electronic identity. A comparative analysis on practical case studies which are concerned with electronic identity verification, electronic identity establishment and use electronic identity verification in the process of providing services is carried out in order to understand how such businesses tackle personal data challenges, how successfully and to what manner. The work concludes with findings of legal uncertainty between all three regulatory acts, as they lack unified definitions and interpretational certainty in terminology, as well as they are in a need of revision due to the fact that some relevant laws were developed prior GDPR
Data privacy as a business opportunity : leveraging privacy maximizing features to address client privacy concerns
Data privacy is a critical concern in the era of data-driven businesses. Users are becoming
increasingly sensitive about the collection and processing of their personal data. This Master’s
thesis examines whether a firm’s data privacy policy can provide an edge over competitors.
Primary research was conducted to ascertain user preferences and behavior regarding data
privacy in the context of identified business drivers for prioritizing data privacy as well as for
mitigating associated risks and benefits. This data supplemented secondary material from the
literature review. PESTEL analysis indicated that key drivers for data privacy are legal, ethical,
financial, and technical. Moreover, expert interviews and the survey revealed that businesses
cannot avoid data privacy and proved the above-mentioned key drivers. Furthermore, the
drivers can be structured for transparency, trust, capabilities, and holistic processes. Data
privacy must be approached holistically as data governance to ensure efficient and responsible
data management within an organization. Hence, a concept was developed which proactively
leverages user concerns and minimizes the consequences of data breaches and non-compliance
with the GDPR.
Based on the foregoing, privacy policies can lead to unique positioning and consequently
provide a competitive advantage (CA) with the following measures: (1) explicit opt-in choices
on a consent management platform, (2) efficient Data Lifecycle Management, (3) are in the
context of privacy by design, and (4) represent technical best practices, such as differential
privacy. These criteria, properly executed with consideration to company-specific use cases and
the internal resources and capabilities, leverage privacy maximizing features for CA.A privacidade dos dados Ă© uma preocupação crĂtica na era das empresas orientadas pelos dados.
Os utilizadores estĂŁo a tornar-se cada vez mais sensĂveis quanto Ă recolha dos seus dados
pessoais. Esta tese de mestrado examina se a polĂtica de privacidade de dados de uma empresa
pode proporcionar uma vantagem sobre a concorrĂŞncia.
Foi realizada uma pesquisa primária para determinar as preferências e o comportamento dos
utilizadores relativamente Ă privacidade dos dados no contexto dos impulsionadores
empresariais identificados para dar prioridade Ă privacidade dos dados. Estes dados
complementaram o material secundário da revisão bibliográfica. A análise PESTEL indicou
que os principais motores da privacidade de dados são legais, éticos, financeiros, e técnicos,
comprovados por entrevistas e inquéritos. Além disso, os condutores podem ser estruturados
para transparĂŞncia, confiança, capacidades, e processos holĂsticos. A privacidade dos dados
deve ser abordada holisticamente como governação dos dados para assegurar uma gestão
eficiente dos dados dentro de uma organização. Foi desenvolvido um conceito que mostra que
as polĂticas de privacidade podem conduzir a um posicionamento Ăşnico e, consequentemente,
proporcionar uma vantagem competitiva com as seguintes medidas:(1) escolhas explĂcitas de
opt-in sobre uma plataforma de gestĂŁo de consentimento, (2) gestĂŁo eficiente do ciclo de vida
dos dados, (3) estão no contexto da privacidade por conceção, e (4) representam as melhores
práticas técnicas, tais como a privacidade diferencial. Estes critérios, devidamente executados
tendo em consideração os casos de utilização especĂficos da empresa e os recursos e
capacidades internas, potenciam as caracterĂsticas de privacidade para uma vantagem
competitiva
The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information
Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft.
Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism.
This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers
Customer ratings as a vector for discrimination in employment relations? Pathways and pitfalls for legal remedies
The use of customer ratings to evaluate worker performance is increasingly worrisome because of its widespread use in the gig-economy. As scholars in computer and social sciences denounce, this practice entails the risk of producing discriminatory outcomes, by reproducing biases existing in society. By drawing an analogy with discriminatory practices adopted by an employer to satisfy its customers' preferences, we propose a legal analysis of this phenomenon grounded in EU non-discrimination law. Thus, we first analyse the issues related to the application of non-discrimination law to (alleged) self-employed workers. Then, we address the lack of access for the individual worker to the data regarding customers' ratings. We conclude by arguing that the use of customer ratings should be considered as a suspect criterion, while the current (EU) non-discrimination laws should be modernised through a clearer inclusion of (alleged) self-employed workers.Series: ohne Reih
Consumer perspectives on information privacy following the implementation of the GDPR
The General Data Protection Regulation (GDPR) was implemented in the European Union and European Economic Area in May 2018. The GDPR aims to strengthen consumers’ rights to data privacy in the wake of technological developments like big data and artificial intelligence. This was a hot topic for stakeholders, such as lawyers, companies and consumers, prior to the GDPR’s implementation. This paper investigates to what extent consumers are concerned about information privacy issues following the implementation of the GDPR. We present findings from an online survey conducted during spring 2019 among 327 Norwegian consumers, as well as findings from a survey conducted immediately prior to the implementation of the GDPR in spring 2018. We draw the following conclusions: (1) consumers gained significant knowledge about their information privacy from the GDPR, but felt relatively little need to execute their enhanced rights; (2) about 50% of respondents believed themselves to have control over their data, while almost 40% stated that they had no control about their personal data; and (3) consumers largely trusted companies to manage their personal data. These insights are of interest to both academia and to industries that deal with personal data
- …