Skip to main content
SpringerLink
Log in

Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems

  • Conference paper
  • First Online:
Computer Security. ESORICS 2022 International Workshops (ESORICS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13785))

Included in the following conference series:

  • 1127 Accesses

Abstract

Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy. In this paper, we explore these challenges from the perspective of digital ecosystems’ platform providers. To this end, we present the results of an interview study with seven data protection officers representing a total of 12 digital ecosystems in Germany. We identified current and future challenges for the implementation of data protection requirements, covering issues on legal obligations and data subject rights. Our results support stakeholders involved in the implementation of privacy protection measures in digital ecosystems, and form the foundation for future privacy-related studies tailored to the specifics of digital ecosystems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Unless otherwise stated, all articles mentioned refer to the GDPR [10].

  2. 2.

    The Telecommunication Telemedia Data Protection Act (TTDSG) is the national adoption of the EU ePrivacy Directive in Germany. It further replaces previous regulations on data protection and secrecy for telecommunications services in Germany.

References

  1. Almeida, J., da Cunha, P.R., Pereira, A.D.: GDPR-compliant data processing: practical considerations. In: Proceedings of the 18th European, Mediterranean, and Middle Eastern Conference (EMCIS), pp. 505–514 (2021)

    Google Scholar 

  2. Anwar, M.J., Gill, A.Q., Beydoun, G.: A review of information privacy laws and standards for secure digital ecosystems. In: Proceedings of the 29th Australasian Conference on Information Systems (ACIS), pp. 1–12 (2018)

    Google Scholar 

  3. Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Proceedings of the 4th Annual Privacy Forum, pp. 135–152 (2016)

    Google Scholar 

  4. Campbell, J.L., Quincy, C.D., Osserman, J., Pedersen, O.K.: Coding in-depth semistructured interviews. Sociol. Methods Res. 42, 294–320 (2013)

    Article  MathSciNet  Google Scholar 

  5. Chen, Z.T., Cheung, M.: Privacy perception and protection on Chinese social media. Ethics Inf. Technol. 20(4), 279–289 (2018)

    Article  Google Scholar 

  6. da Conceição Freitas, M., da Silva, M.M.: GDPR compliance in SMEs: there is much to be done. J. Inf. Syst. Eng. Manag. 3(4), 30 (2018)

    Google Scholar 

  7. Drozd, O.: Privacy Pattern Catalogue: a tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In: Proceedings of the 10th IFIP International Summer School on Privacy and Identity Management, pp. 129–140 (2016)

    Google Scholar 

  8. EDPB: Guidelines 4/2019 on article 25 data protection by design and by default, version 2.0 (2020)

    Google Scholar 

  9. EDPB: Guidelines 3/2022 on dark patterns in social media platform interfaces: how to recognise and avoid them, version 1.0 (2022)

    Google Scholar 

  10. European Union: GDPR, Regulation (EU) 2016/679 (2016)

    Google Scholar 

  11. Fernandes, J., Machado, C., Amaral, L.: Identifying critical success factors for the general data protection regulation implementation in higher education institutions. Digital Policy, Regul. Gov. 24(4), 355–379 (2022)

    Article  Google Scholar 

  12. Holler, M., van Giffen, B., Benzell, S., Ehrat, M.: The general data protection regulation in financial services industries: how do companies approach the implementation of the gdpr and what can we learn from their approaches? In: Proceedings of the 82th Jahrestagung des Verbands der Hochschullehrer für Betriebswirtschaft (VHB), pp. 1–11 (2020)

    Google Scholar 

  13. Kira, B., Sinha, V., Srinivasan, S.: Regulating digital ecosystems. Industr. Corp. Change 30(5), 1337–1360 (2021)

    Article  Google Scholar 

  14. Koch, M., Krohmer, D., Naab, M., Rost, D., Trapp, M.: A matter of definition: criteria for digital ecosystems. Digital Business 2(2), 100027 (2022)

    Article  Google Scholar 

  15. Lisiak-Felicka, D., Szmit, M.: GDPR implementation in public administrationin Poland - 1.5 year after: an empirical analysis. J. Econ. Manag. 43, 1–21 (2021)

    Google Scholar 

  16. McHugh, M.L.: Interrater reliability: the kappa statistic. Biochemia Medica 22(3), 276–282 (2012)

    Article  MathSciNet  Google Scholar 

  17. Nachira, F., Nicolai, A., Dini, P.: Digital business ecosystems. European Commission (2007)

    Google Scholar 

  18. Namara, M., Sloan, H., Knijnenburg, B.P.: The effectiveness of adaptation methods in improving user engagement and privacy protection on social network sites. In: Proceedings on Privacy Enhancing Technologies, vol. 2022, iss. 1, pp. 629–648 (2022)

    Google Scholar 

  19. Park, Y.J., Chung, J.E., Shin, D.H.: The structuration of digital ecosystem, privacy, and big data intelligence. Am. Behav. Sci. 62(10), 1319–1337 (2018)

    Article  Google Scholar 

  20. Popescu, A., et al.: Increasing transparency and privacy for online social network users – USEMP value model, scoring framework and legal. In: Proceedings of the 4th Annual Privacy Forum (APF), pp. 38–59 (2016)

    Google Scholar 

  21. Poritskiy, N., Oliveira, F., Almeida, F.: The benefits and challenges of general data protection regulation for the information technology sector. Digital Policy, Regul. Gov. 21(5), 510–524 (2019)

    Article  Google Scholar 

  22. Qiu, Y., Gopal, A., Hann, I.H.: Logic pluralism in mobile platform ecosystems. Inf. Syst. Res. 28(2), 225–249 (2017)

    Article  Google Scholar 

  23. Ranzini, G., Etter, M., Lutz, C., Vermeulen, I.: Privacy in the sharing economy. Tech. rep., Ps2Share (2017)

    Google Scholar 

  24. Raschke, P., Küpper, A., Drozd, O., Kirrane, S.: Designing a GDPR-compliant and usable privacy dashboard. In: Proceedings of the 12th Annual IFIP Summer School on Privacy and Identity Management, pp. 221–236 (2017)

    Google Scholar 

  25. Sirur, S., Nurse, J.R., Webb, H.: Are We There Yet? Understanding the challenges faced in complying with the general data protection regulation (GDPR). In: Proceedings of the 2nd International Workshop on Multimedia Privacy and Security (MPS), pp. 88–95 (2018)

    Google Scholar 

  26. Spiekermann, S., Grossklags, J., Berendt, B.: E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. In: Proceedings of the 3rd ACM Conference on Electronic Commerce (EC), pp. 38–47 (2001)

    Google Scholar 

  27. Teixeira, G.A., da Silva, M.M., Pereira, R.: The critical success factors of GDPR implementation: a systematic literature review. Digital Policy, Regul. Gov. 21(4), 402–418 (2019)

    Article  Google Scholar 

  28. Teixeira, G.A., da Silva, M.M., Pereira, R.: The critical success factors of GDPR implementation: a delphi study. In: Proceedings of the 29th International Conference on Information Systems Development (ISD), pp. 1–12 (2021)

    Google Scholar 

  29. Teubner, T., Flath, C.: Privacy in the sharing economy. J. Assoc. Inf. Syst. 20(3), 213–242 (2019)

    Google Scholar 

  30. Van Landuyt, D., Sion, L., Dewitte, P., Joosen, W.: The bigger picture. In: Proceedings of the 2nd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE), pp. 283–293 (2020)

    Google Scholar 

  31. Yun, H., Lee, G., Kim, D.J.: A chronological review of empirical research on personal information privacy concerns. Inf. Manag. 56(4), 570–601 (2019)

    Article  Google Scholar 

Download references

Acknowledgments

We thank Marian Hönscheid and Benedikt Malchow for helping us code the interviews. This research was supported by the project D’accord funded by the German Federal Ministry of Education and Research (grant number: 16KIS1508).

Author information

Authors and Affiliations

  1. Ruhr University Bochum, Bochum, Germany

    Stephan Wiefling

  2. H-BRS University of Applied Sciences, Sankt Augustin, Germany

    Jan Tolsdorf & Luigi Lo Iacono

Authors
  1. Stephan Wiefling
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Tolsdorf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luigi Lo Iacono
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jan Tolsdorf .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Polytechnique Montréal, Montreal, Canada

    Frédéric Cuppens

  3. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  4. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  5. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  6. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  7. Ruhr University Bochum, Bochum, Germany

    M. Angela Sasse

  8. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  9. University of Trento, Trento, Italy

    Silvio Ranise

  10. University of Genoa, Genoa, Italy

    Luca Verderame

  11. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  12. Indra, Alcobendas, Spain

    Jorge Maestre Vidal

  13. Indra, Alcobendas, Spain

    Marco Antonio Sotelo Monge

  14. George Mason University, Fairfax, VA, USA

    Massimiliano Albanese

  15. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  16. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  17. Institute for Energy Technology, Halden, Norway

    Ankur Shukla

A Appendix – Semi-structured Interview

A Appendix – Semi-structured Interview

We conducted the semi-structured interview using the main questions below. The interviews were held in German. To ease understanding, we translated the interview questions from German to English in this paper. We also included optional questions. We asked these questions only when we still had sufficient time to ask them, and when study participants had not implicitly answered these questions in the previous ones.

1.1 A.1 Introduction

  • Please briefly introduce yourself, including your function in the company.

  • Please briefly introduce the digital ecosystem for which you are here today.

  • Please briefly describe your areas of responsibility in this digital ecosystem.

1.2 A.2 Detailed Description of the Ecosystem

  • Stakeholder

    • Who is involved in the digital ecosystem and with what motivation?

    • Which actors and participants are involved?

  • Data and purpose of use

    • What common personal data are processed in the digital ecosystem and for what purposes are they processed?

    • Optional: Are there any particularly sensitive personal data that you work with?

  • Data flow

    • Who gets access to the personal data? So who are the recipients of the personal data?

    • Optional: Where/how does which personal data flow to whom for which purpose?

    • Optional: To what extent does the broker influence data flows? Also on those of providers?

  • Data flow depth

    • Do you know what the recipients process the personal data for?

    • If external recipients: Do you know what external recipients process the personal data for?

    • How do you ensure that recipients use the data only for the intended purposes?

1.3 A.3 Privacy Challenges

  • Based on your comments and descriptions: In your opinion, what are the biggest challenges and problems in implementing the legal requirements for data protection?

    • What have been the biggest challenges in the past?

    • What do you think will be challenges to deal with in the future?

  • With our research, we want to strengthen the rights of data subjects and support digital ecosystems in their implementation. When you think about data subjects’ rights, what challenges do you face in implementing them in particular?

  • In your view, what responsibility does the provider of the digital ecosystem have to ensure data protection throughout the ecosystem and for all participants/actors?

    • How do you assess the responsibility for the various players in the digital Ecosystem for data protection?

    • Optional: How is data protection ensured, e.g. at the recipients’ side?

  • What do you think would be useful or helpful to make data protection in digital ecosystems more effective in the future?

1.4 A.4 Privacy Dashboards

  • Do the terms “privacy cockpits” or “privacy dashboards” mean anything to you?

  • Do you already use such tools or do you plan to use them in the future?

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wiefling, S., Tolsdorf, J., Lo Iacono, L. (2023). Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems. In: Katsikas, S., et al. Computer Security. ESORICS 2022 International Workshops. ESORICS 2022. Lecture Notes in Computer Science, vol 13785. Springer, Cham. https://doi.org/10.1007/978-3-031-25460-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25460-4_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25459-8

  • Online ISBN: 978-3-031-25460-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation