pQUANT: A User-Centered Privacy Risk Analysis Framework

  • Welderufael B. TesfayEmail author
  • Dimitra Nastouli
  • Yannis C. Stamatiou
  • Jetzabel M. Serna
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12026)


The last few decades have entertained a fast digital transformation of our daily activities. This has brought about numerous benefits as well as unanticipated consequences. As such, on the consequences side, information privacy incidents have become prevalent. This has further raised the concern of users and data protection bodies alike. Thus, quantifying and communicating privacy risks plays paramount role in raising user awareness, designing appropriate technical solutions, and enacting legal frameworks. However, previous research in privacy risk quantification has not considered the user’s heterogeneously subjective perceptions of privacy, and her right to informational self determination since, often, the privacy risk analysis and prevention takes place once the data is out of her control. In this paper, we present a user-centered privacy risk quantification framework coupled with granular and usable privacy risk warnings. The framework takes a new approach in that it empowers users to take informed privacy protection decisions prior to unintended data disclosure.


Privacy Privacy risk analysis Privacy risk communication 


  1. 1.
    The EU data protection reform and big data factsheet. Accessed 07 June 2017
  2. 2.
    Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)CrossRefGoogle Scholar
  3. 3.
    Bal, G., Rannenberg, K., Hong, J.: Styx: design and evaluation of a new privacy risk communication method for smartphones. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 113–126. Springer, Heidelberg (2014). Scholar
  4. 4.
    Banerjee, M., Karimi Adl, R., Wu, L., Barker, K.: Quantifying privacy violations. In: Jonker, W., Petković, M. (eds.) SDM 2011. LNCS, vol. 6933, pp. 1–17. Springer, Heidelberg (2011). Scholar
  5. 5.
    Biega, J., Mele, I., Weikum, G.: Probabilistic prediction of privacy risks in user search histories. In: Proceedings of the First International Workshop on Privacy and Security of Big Data, pp. 29–36. ACM (2014)Google Scholar
  6. 6.
    Christin, D., Michalak, M., Hollick, M.: Raising user awareness about privacy threats in participatory sensing applications through graphical warnings. In: Proceedings of International Conference on Advances in Mobile Computing & #38; Multimedia, MoMM 2013, pp. 445:445–445:454. ACM, New York (2013)Google Scholar
  7. 7.
    Clifford, R., Popa, A.: Maximum subset intersection. Inf. Process. Lett. 111(7), 323–325 (2011)MathSciNetCrossRefGoogle Scholar
  8. 8.
    de Montjoye, Y.-A., Radaelli, L., Singh, V.K., Pentland, A.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)CrossRefGoogle Scholar
  9. 9.
    Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: Risk analysis of android applications: a user-centric solution. Future Gener. Comput. Syst. 80, 505–518 (2016)CrossRefGoogle Scholar
  10. 10.
    Du, W., Teng, Z., Zhu, Z.: Privacy-maxent: integrating background knowledge in privacy quantification. In: Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, pp. 459–472. ACM (2008)Google Scholar
  11. 11.
    Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, pp. 1–6. USENIX Association, Berkeley (2010)Google Scholar
  12. 12.
    Fawaz, K., Shin, K.G.: Location privacy protection for smartphone users. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 239–250. ACM, New York (2014)Google Scholar
  13. 13.
    Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., Waidner, M.: Privacy-enhancing identity management. Inf. Secur. Tech. Rep. 9(1), 35–44 (2004)CrossRefGoogle Scholar
  14. 14.
    Hogganvik, I., Stølen, K.: A graphical approach to risk identification, motivated by empirical investigations. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MODELS 2006. LNCS, vol. 4199, pp. 574–588. Springer, Heidelberg (2006). Scholar
  15. 15.
    Hong, W., Thong, J.Y.: Internet privacy concerns: an integrated conceptualization and four empirical studies. MIS Q. 37, 275–298 (2013) CrossRefGoogle Scholar
  16. 16.
    Ngoc, T.H., Echizen, I., Komei, K., Yoshiura, H.: New approach to quantification of privacy on social network sites. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 556–564. IEEE (2010)Google Scholar
  17. 17.
    PARTY, A.D.P.W.: UCI machine learning repository adult data set. Accessed 30 Mar 2017
  18. 18.
    Rotenberg, M., Jacobs, D.: Updating the law of information privacy: the new framework of the European Union. Harv. JL Pub. Pol’y 36, 605 (2013)Google Scholar
  19. 19.
    Sattar, A.S., Li, J., Ding, X., Liu, J., Vincent, M.: A general framework for privacy preserving data publishing. Knowl.-Based Syst. 54, 276–287 (2013)CrossRefGoogle Scholar
  20. 20.
    Slovic, P., Weber, E.U.: Perception of risk posed by extreme events (2002)Google Scholar
  21. 21.
    Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: privacy policy benchmarking using machine learning and the EU GDPR. In: Companion Proceedings of The Web Conference 2018, pp. 163–166. International World Wide Web Conferences Steering Committee (2018)Google Scholar
  22. 22.
    Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, pp. 15–21. ACM (2018)Google Scholar
  23. 23.
    Tuunainen, V.K., Pitkänen, O., Hovi, M.: Users’ awareness of privacy on online social networking sites-case facebook. In: Bled 2009 Proceedings, p. 42 (2009)Google Scholar
  24. 24.
    Wan, Z., et al.: A game theoretic framework for analyzing re-identification risk. PLoS One 10, e0120592 (2015). Supporting information. threshold, 7:9CrossRefGoogle Scholar
  25. 25.
    Watanabe, C., Amagasa, T., Liu, L.: Privacy risks and countermeasures in publishing and mining social network data. In: 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 55–66. IEEE (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Welderufael B. Tesfay
    • 1
    Email author
  • Dimitra Nastouli
    • 2
  • Yannis C. Stamatiou
    • 2
    • 3
  • Jetzabel M. Serna
    • 1
  1. 1.Chair of Mobile Business and Multilateral SecurityGoethe University FrankfurtFrankfurt am MainGermany
  2. 2.Department of Business AdministrationUniversity of PatrasPatrasGreece
  3. 3.Computer Technology Institute and Press “Diophantus”PatrasGreece

Personalised recommendations