Trading Trust for Discount: Does Frugality Moderate the Impact of Privacy and Security Concerns?

The paper develops a framework (1) to distinguish between the unique and shared dimensions of privacy and security concerns, (2) to examine the impact of privacy and security concerns on the trust-discount tradeoff as moderated by frugality disposition, and (3) to investigate the impact of personality on online privacy and security concerns. We use Utility Theory and its extension, Prospect Theory, to argue that frugality modifies the perception of risk as depicted in privacy and security concerns and monetary gains from discount in the trust-discount tradeoff. We develop the conceptual model to show the role of privacy and security concerns and the moderating role of frugality in trust-discount tradeoff, as well as the role of personality as the antecedents of privacy and security concerns. Data collected from lab experiments are used to test the model using the structural equation modeling approach. The study is one of the first to study the role of frugality in trust-discount tradeoff. It is also an early attempt to analyze the similarities and dissimilarities between the dimensions of security and privacy concerns. Our findings suggest that frugality plays an important role in moderating the impact of security concerns in trust-discount tradeoff. On the theoretical side the paper adds to the trust-privacy literature and to the field of psychology by studying the role of frugality and personality in relation to privacy and security concerns. The tradeoff of trust-discount is an area that is not adequately studied. This paper adds insight about this tradeoff. The study has practical implications by showing that while offering discount may counter consumers’ privacy concern, it does not reduce the security concern of frugal consumers. Little known websites with low trust perception will not survive by just offering discounts. They need to invest in creating social capital in the form of increased trustworthiness

The Architecture of Privacy: Remaking Privacy in Cyberspace

This is an essay about privacy. My aim is to understand privacy through these two very different ideas. Privacy, in the sense that I mean here, can be described by these two different ideas. It stands in competition with these ideas. It is that part of life that is left after one subtracts, as it were, the monitored and the searchable. A life where less is monitored is a life where more is private; and life where less can (legally or technologically) be searched is also a life where more is private. By understanding the technologies of these two different ideas, the monitored and the searchable--understanding, as it were, their architectures--we understand something of the privacy that any particular social context makes possible. These contexts are many. They differ dramatically across the world. But in this essay, I want to use this notion of the monitored and the searchable to compare privacy across contexts, and to see just why the context we are about to enter is so extraordinarily different from any we have known. For my claim is that we are entering an age when privacy will be fundamentally altered--an age when the extent of the monitored, and the reach of searchable, is far greater than anything we have known thus far. We can choose to let this change occur, or we can choose to do something in response. After making plain the kind of change we should expect, my aim is to make understandable a range of responses, and to argue, if only implicitly, in favor of one particular response within that range

How and Why We Should Know Less: Information Privacy in Cyberspace

Article published in the Michigan State University School of Law Student Scholarship Collection

Privacy and data protection in Africa: a state of the art

A literature review is pivotal to any scientific research or writing. Quite often a prudent researcher may not embark on research or writing a scientific piece of work without first reviewing the literature. Yet this literature may sometimes not be readily available, especially in a relatively new area of scholarship, or its availability may be challenging. † In this article I survey the major literature on privacy and data protection in Africa as an emerging field of law. † I argue that currently this literature is underdeveloped. † I offer a modest proposal that efforts have to be directed towards training, researches, networking, the creation of modern libraries, inter-country/ sub- or regional discussions and establishing journals specifically dedicated to privacy and data protection law issues

Chapter 1 Law and record keeping

Managing Digital Records in Africa draws on the research work of the InterPARES Trust (ITrust) project that investigated interrelated archival issues focusing on legal analysis, infrastructure, trust, authentication, and education within the African context. This research-focused book provides a legal analysis and systematic assessment of how African institutions manage digital records in four countries (i.e., Botswana, Kenya, South Africa, and Zimbabwe). It also examines the extent to which records are managed using Internet-based applications, trust in such records, and digital record authentication to support the auditing process. Finally, it provides a curriculum analysis in digital records at institutions of higher learning in 38 African countries. The book's case studies illustrate the threads of discussion, which span the ITrust domains of legislation, infrastructure, authentication, trust, and education in archives and records management. The book can be used as a premier reference source by private and public organizations, researchers, educators, archivists, records managers, and postgraduate students to make informed decisions about digital records, records management systems, cloud-based services, authenticating records, and identifying universities on the continent that offer archival programmes. The book may also find expression to practitioners in other fields such as law and auditing

Cost-Based California Effects

The “California Effect” is a recurring trope in discussions about regulatory interdependence. This effect predicts that businesses active in multiple jurisdictions sometimes adopt the strictest standards that they face in any jurisdiction globally, even if the law does not require global compliance. There is a substantial literature that assumes the existence of California Effects both at the interstate level in the United States and the international level. However, empirical evidence documenting their existence and strength is scarce. This paper investigates the existence of California Effects in data privacy law, a field in which these effects have been said to be particularly influential. Its main goal is to understand the extent to which EU law (which is usually described as comparably stringent) influences transactions between U.S. online services and consumers. Using a range of computational and traditional quantitative techniques, the paper tracks changes in almost 700 webpages’ privacy policies. The analysis covers two years starting in November 2017, a period that saw the enactment of a new, sweeping data privacy law in the EU. Contrary to what many assume, the analysis reveals that most U.S. online services treat U.S. consumers and EU consumers differently, with EU consumers enjoying higher levels of protection. This result indicates that the impact of EU law on the operations of U.S. online services is limited. Moreover, it suggests that California Effects driven by costs of differentiation might be less important than is commonly assumed, at least in data privacy law. The paper also discusses the implications of these findings for researchers and policymakers

Towards a Global Data Privacy Standard

This Article questions the widespread contention that recent updates to European Union (EU) data protection law will drive a disruptive wedge between EU and United States (U.S.) data privacy regimes. Europe’s General Data Protection Regulation (GDPR), which took effect in May 2018, gives all EU citizens easier access to their data, a right to portability, a right to be forgotten, and a right to learn when their data has been hacked. These mandatory privacy protections apply to non-EU companies that offer goods or services to EU consumers, whether through a subsidiary or a website. The “Brussels Effect” hypothesis projects a “race to the top” as multinational entities find it easier to adopt the most stringent data protection standards worldwide, rather than satisfying divergent data privacy rules. The GDPR is said to be a prime example of the Brussels Effect because of its aggressive extraterritorial scope that unilaterally imposes EU law on U.S. entities. This Article acknowledges a Brussels Effect, but there is also an overlooked “D.C. Effect” reflected in the GDPR’s adoption of many U.S. data privacy innovations. The GDPR imports long-established U.S. tort concepts for the first time into European privacy law, including deterrence-based fines, collective redress, wealth-based punishment, and arming data subjects with the right to initiate public enforcement. Under the GDPR, the EU Commission adopted “Privacy by Design” and security breach notification obligations, innovations pioneered in the U.S. The net effect of the GDPR is a bilateral transatlantic privacy convergence, which is rapidly evolving into a global data privacy standard. Nations around the world, some U.S. states, and the major U.S.-based data processors are instituting policies harmonized with the GDPR. This Article argues that the GDPR has the potential to not only bring an end to the transatlantic data privacy wars, but to become the basis of a worldwide “gold standard” for global data privacy

2021 State of the Practice in Data Privacy and Security

The data privacy and security landscape is changing drastically due to new laws and regulations, the COVID-19 pandemic, and other emerging trends. This article looks at the current state of these issues

Privacy protection in context aware systems.

Smartphones, loaded with users’ personal information, are a primary computing device for many. Advent of 4G networks, IPV6 and increased number of subscribers to these has triggered a host of application developers to develop softwares that are easy to install on the mobile devices. During the application download process, users accept the terms and conditions that permit revelation of private information. The free application markets are sustainable as the revenue model for most of these service providers is through profiling of users and pushing advertisements to the users. This creates a serious threat to users privacy and hence it is important that “privacy protection mechanisms” should be in place to protect the users’ privacy. Most of the existing solutions falsify or modify the information in the service request and starve the developers of their revenue. In this dissertation, we attempt to bridge the gap by proposing a novel integrated CLOPRO framework (Context Cloaking Privacy Protection) that achieves Identity privacy, Context privacy and Query privacy without depriving the service provider of sustainable revenue made from the CAPPA (Context Aware Privacy Preserving Advertising). Each service request has three parameters: identity, context and actual query. The CLOPRO framework reduces the risk of an adversary linking all of the three parameters. The main objective is to ensure that no single entity in the system has all the information about the user, the queries or the link between them, even though the user gets the desired service in a viable time frame. The proposed comprehensive framework for privacy protecting, does not require the user to use a modified OS or the service provider to modify the way an application developer designs and deploys the application and at the same time protecting the revenue model of the service provider. The system consists of two non-colluding servers, one to process the location coordinates (Location server) and the other to process the original query (Query server). This approach makes several inherent algorithmic and research contributions. First, we have proposed a formal definition of privacy and the attack. We identified and formalized that the privacy is protected if the transformation functions used are non-invertible. Second, we propose use of clustering of every component of the service request to provide anonymity to the user. We use a unique encrypted identity for every service request and a unique id for each cluster of users that ensures Identity privacy. We have designed a Split Clustering Anonymization Algorithms (SCAA) that consists of two algorithms Location Anonymization Algorithm (LAA) and Query Anonymization Algorithm (QAA). The application of LAA replaces the actual location for the users in the cluster with the centroid of the location coordinates of all users in that cluster to achieve Location privacy. The time of initiation of the query is not a part of the message string to the service provider although it is used for identifying the timed out requests. Thus, Context privacy is achieved. To ensure the Query privacy, the generic queries (created using QAA) are used that cover the set of possible queries, based on the feature variations between the queries. The proposed CLOPRO framework associates the ads/coupons relevant to the generic query and the location of the users and they are sent to the user along with the result without revealing the actual user, the initiation time of query or the location and the query, of the user to the service provider. Lastly, we introduce the use of caching in query processing to improve the response time in case of repetitive queries. The Query processing server caches the query result. We have used multiple approaches to prove that privacy is preserved in CLOPRO system. We have demonstrated using the properties of the transformation functions and also using graph theoretic approaches that the user’s Identity, Context and Query is protected against the curious but honest adversary attack, fake query and also replay attacks with the use of CLOPRO framework. The proposed system not only provides \u27k\u27 anonymity, but also satisfies the \u3c k; s \u3e and \u3c k; T \u3e anonymity properties required for privacy protection. The complexity of our proposed algorithm is O(n)