129 research outputs found
Making GDPR Usable: A Model to Support Usability Evaluations of Privacy
We introduce a new model for evaluating privacy that builds on the criteria
proposed by the EuroPriSe certification scheme by adding usability criteria.
Our model is visually represented through a cube, called Usable Privacy Cube
(or UP Cube), where each of its three axes of variability captures,
respectively: rights of the data subjects, privacy principles, and usable
privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with
the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination
of only rights and principles, forming the two axes at the basis of our UP
Cube. In this way we also want to bring out two perspectives on privacy: that
of the data subjects and, respectively, that of the controllers/processors. We
define usable privacy criteria based on usability goals that we have extracted
from the whole text of the General Data Protection Regulation. The criteria are
designed to produce measurements of the level of usability with which the goals
are reached. Precisely, we measure effectiveness, efficiency, and satisfaction,
considering both the objective and the perceived usability outcomes, producing
measures of accuracy and completeness, of resource utilization (e.g., time,
effort, financial), and measures resulting from satisfaction scales. In the
long run, the UP Cube is meant to be the model behind a new certification
methodology capable of evaluating the usability of privacy, to the benefit of
common users. For industries, considering also the usability of privacy would
allow for greater business differentiation, beyond GDPR compliance.Comment: 41 pages, 2 figures, 1 table, and appendixe
Machine-Readable Privacy Certificates for Services
Privacy-aware processing of personal data on the web of services requires
managing a number of issues arising both from the technical and the legal
domain. Several approaches have been proposed to matching privacy requirements
(on the clients side) and privacy guarantees (on the service provider side).
Still, the assurance of effective data protection (when possible) relies on
substantial human effort and exposes organizations to significant
(non-)compliance risks. In this paper we put forward the idea that a privacy
certification scheme producing and managing machine-readable artifacts in the
form of privacy certificates can play an important role towards the solution of
this problem. Digital privacy certificates represent the reasons why a privacy
property holds for a service and describe the privacy measures supporting it.
Also, privacy certificates can be used to automatically select services whose
certificates match the client policies (privacy requirements).
Our proposal relies on an evolution of the conceptual model developed in the
Assert4Soa project and on a certificate format specifically tailored to
represent privacy properties. To validate our approach, we present a worked-out
instance showing how privacy property Retention-based unlinkability can be
certified for a banking financial service.Comment: 20 pages, 6 figure
Furthering the Growth of Cloud Computing by Providing Privacy as a Service
The evolution of Cloud Computing as a viable business solution for providing hardware and software has created many security concerns. Among these security concerns, privacy is often overlooked. If Cloud Computing is to continue its growth, this privacy concern will need to be addressed. In this work we discuss the current growth of Cloud Computing and the impact the public sector and privacy can have in furthering this growth. To begin to provide privacy protection for Cloud Computing, we introduce privacy constraints that outline privacy preferences. We propose the expansion of Cloud Service Level Agreements (SLAs) to include these privacy constraints as Quality of Service (QoS) levels. This privacy QoS must be agreed upon along with the rest of the QoS terms within the SLA by the Cloud consumer and provider. Finally, we introduce Privacy as a Service (PraaS) to monitor the agreement and provide enforcement if necessary
Constructing Independently Verifiable Privacy-Compliant Type Systems for Message Passing between Black-Box Components
Privacy by design (PbD) is the principle that privacy should be considered at
every stage of the software engineering process. It is increasingly both viewed
as best practice and required by law. It is therefore desirable to have formal
methods that provide guarantees that certain privacy-relevant properties hold.
We propose an approach that can be used to design a privacy-compliant
architecture without needing to know the source code or internal structure of
any individual component. We model an architecture as a set of agents or
components that pass messages to each other. We present in this paper
algorithms that take as input an architecture and a set of privacy constraints,
and output an extension of the original architecture that satisfies the privacy
constraints
Routes for breaching and protecting genetic privacy
We are entering the era of ubiquitous genetic information for research,
clinical care, and personal curiosity. Sharing these datasets is vital for
rapid progress in understanding the genetic basis of human diseases. However,
one growing concern is the ability to protect the genetic privacy of the data
originators. Here, we technically map threats to genetic privacy and discuss
potential mitigation strategies for privacy-preserving dissemination of genetic
data.Comment: Draft for comment
From mechatronics to the Cloud
At its conception mechatronics was viewed purely in terms of the ability to integrate the technologies of mechanical and electrical engineering with computer science to transfer functionality, and hence complexity, from the mechanical domain to the software domain. However, as technologies, and in particular computing technologies, have evolved so the nature of mechatronics has changed from being purely associated with essentially stand-alone systems such as robots to providing the smart objects and systems which are the building blocks for Cyber-Physical Systems, and hence for Internet of Things and Cloud-based systems. With the possible advent of a 4th Industrial Revolution structured around these systems level concepts, mechatronics must again adapt its world view, if not its underlying technologies, to meet this new challenge
Public perceptions of demand side management and a smarter energy future
Demand side management (DSM) is a key aspect of many future energy system scenarios1,2. DSM refers to a range of technologies and interventions designed to create greater efficiency and flexibility on the demand side of the energy system3. Examples include the provision of more information to users to support efficient behaviour and new ‘smart’ technologies that can be automatically controlled. Key stated outcomes of implementing DSM are benefits for consumers, such as cost savings3, 4 and greater control over energy use. Here, we use results from an online survey to examine public perceptions and acceptability of a range of current DSM possibilities in a representative sample of the British population (N = 2441). We show that, whilst cost is likely to be a significant reason for many people to uptake DSM measures, those concerned about energy costs are actually less likely to accept DSM. Notably, individuals concerned about climate change are more likely to be accepting. A significant proportion of people, particularly those concerned about affordability, indicated unwillingness or concerns about sharing energy data, a necessity for many forms of DSM. We conclude substantial public engagement and further policy development is required for widespread DSM implementation
Data privacy compliance benefits for organisations - a cyber-physical systems and Internet of Things study
The protection of people’s privacy is both a legal requirement and a key factor for doing business in many jurisdictions. Organisations thus have a legal obligation to get their privacy compliance in order as a matter of business importance. This applies not only to organisations’ day-to-day business operations, but also to the information technology systems they use, develop or deploy. However, privacy compliance, like any other legal compliance requirements, is often seen as an extra burden that is both unnecessary and costly. Such a view of compliance can result in negative consequences and lost opportunities for organisations. This paper seeks to position data privacy compliance as a value proposition for organisations by focusing on the benefits that can be derived from data privacy compliance as it applies to a particular subset of information technology systems, namely cyber-physical systems and Internet of Things technologies. A baseline list of data privacy compliance benefits, contextualised for CPSs and IoT with the South African legal landscape is proposed.http://www.springer.comseries/7899hj2021Informatic
- …