Abstract
The last few decades have entertained a fast digital transformation of our daily activities. This has brought about numerous benefits as well as unanticipated consequences. As such, on the consequences side, information privacy incidents have become prevalent. This has further raised the concern of users and data protection bodies alike. Thus, quantifying and communicating privacy risks plays paramount role in raising user awareness, designing appropriate technical solutions, and enacting legal frameworks. However, previous research in privacy risk quantification has not considered the user’s heterogeneously subjective perceptions of privacy, and her right to informational self determination since, often, the privacy risk analysis and prevention takes place once the data is out of her control. In this paper, we present a user-centered privacy risk quantification framework coupled with granular and usable privacy risk warnings. The framework takes a new approach in that it empowers users to take informed privacy protection decisions prior to unintended data disclosure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
CNIL, How to implement the data protection act, (2012). URL http://goo.gl/jdlw5O, last access, May 2, 2017.
- 2.
The descriptions of the attributes http://archive.ics.uci.edu/ml/machine-learning-databases/adult/adult.names.
- 3.
Data philanthropy is a newly emerging concept in which private sector, or citizens participate in donating data for the public good, cf. http://corporatecitizenship.bc.edu/data-philanthropy.
References
The EU data protection reform and big data factsheet. http://www.ec.europa.eu/justice/data-protection/files/data-protection-big-data_factsheet_web_en.pdf. Accessed 07 June 2017
Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)
Bal, G., Rannenberg, K., Hong, J.: Styx: design and evaluation of a new privacy risk communication method for smartphones. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 113–126. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_10
Banerjee, M., Karimi Adl, R., Wu, L., Barker, K.: Quantifying privacy violations. In: Jonker, W., Petković, M. (eds.) SDM 2011. LNCS, vol. 6933, pp. 1–17. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23556-6_1
Biega, J., Mele, I., Weikum, G.: Probabilistic prediction of privacy risks in user search histories. In: Proceedings of the First International Workshop on Privacy and Security of Big Data, pp. 29–36. ACM (2014)
Christin, D., Michalak, M., Hollick, M.: Raising user awareness about privacy threats in participatory sensing applications through graphical warnings. In: Proceedings of International Conference on Advances in Mobile Computing & #38; Multimedia, MoMM 2013, pp. 445:445–445:454. ACM, New York (2013)
Clifford, R., Popa, A.: Maximum subset intersection. Inf. Process. Lett. 111(7), 323–325 (2011)
de Montjoye, Y.-A., Radaelli, L., Singh, V.K., Pentland, A.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)
Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: Risk analysis of android applications: a user-centric solution. Future Gener. Comput. Syst. 80, 505–518 (2016)
Du, W., Teng, Z., Zhu, Z.: Privacy-maxent: integrating background knowledge in privacy quantification. In: Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, pp. 459–472. ACM (2008)
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, pp. 1–6. USENIX Association, Berkeley (2010)
Fawaz, K., Shin, K.G.: Location privacy protection for smartphone users. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 239–250. ACM, New York (2014)
Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., Waidner, M.: Privacy-enhancing identity management. Inf. Secur. Tech. Rep. 9(1), 35–44 (2004)
Hogganvik, I., Stølen, K.: A graphical approach to risk identification, motivated by empirical investigations. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MODELS 2006. LNCS, vol. 4199, pp. 574–588. Springer, Heidelberg (2006). https://doi.org/10.1007/11880240_40
Hong, W., Thong, J.Y.: Internet privacy concerns: an integrated conceptualization and four empirical studies. MIS Q. 37, 275–298 (2013)
Ngoc, T.H., Echizen, I., Komei, K., Yoshiura, H.: New approach to quantification of privacy on social network sites. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 556–564. IEEE (2010)
PARTY, A.D.P.W.: UCI machine learning repository adult data set. https://archive.ics.uci.edu/ml/datasets/adult. Accessed 30 Mar 2017
Rotenberg, M., Jacobs, D.: Updating the law of information privacy: the new framework of the European Union. Harv. JL Pub. Pol’y 36, 605 (2013)
Sattar, A.S., Li, J., Ding, X., Liu, J., Vincent, M.: A general framework for privacy preserving data publishing. Knowl.-Based Syst. 54, 276–287 (2013)
Slovic, P., Weber, E.U.: Perception of risk posed by extreme events (2002)
Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: privacy policy benchmarking using machine learning and the EU GDPR. In: Companion Proceedings of The Web Conference 2018, pp. 163–166. International World Wide Web Conferences Steering Committee (2018)
Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, pp. 15–21. ACM (2018)
Tuunainen, V.K., Pitkänen, O., Hovi, M.: Users’ awareness of privacy on online social networking sites-case facebook. In: Bled 2009 Proceedings, p. 42 (2009)
Wan, Z., et al.: A game theoretic framework for analyzing re-identification risk. PLoS One 10, e0120592 (2015). Supporting information. threshold, 7:9
Watanabe, C., Amagasa, T., Liu, L.: Privacy risks and countermeasures in publishing and mining social network data. In: 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 55–66. IEEE (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tesfay, W.B., Nastouli, D., Stamatiou, Y.C., Serna, J.M. (2020). pQUANT: A User-Centered Privacy Risk Analysis Framework. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-41568-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41567-9
Online ISBN: 978-3-030-41568-6
eBook Packages: Computer ScienceComputer Science (R0)