Advertisement

PrivacyInsight: The Next Generation Privacy Dashboard

  • Christoph Bier
  • Kay Kühne
  • Jürgen Beyerer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9857)

Abstract

Transparency is an integral part of European data protection. In particular, the right of access allows the data subject to verify if his personal data is processed in a lawful manner. The data controller has the full obligation to provide all information on personal data processing in an easily accessible way. Privacy dashboards are promising tools for this purpose. However, there is not yet any privacy dashboard available which allows full access to all personal data. Particularly, information flows remain unclear. We present the next generation privacy dashboard PrivacyInsight. It provides full access to all personal data along information flows. Additionally, it allows exercising the data subject’s further rights. We evaluate PrivacyInsight in comparison with existing approaches by means of a user study. Our results show that PrivacyInsight is the most usable and most feature complete existing privacy dashboard.

Keywords

Privacy Data protection Right of access Privacy dashboard Usability Data subject Transparency User interface 

References

  1. 1.
    Aldeco-Pérez, R., Moreau, L.: Provenance-based auditing of private data use. In: Proceedings of the 2008 International Conference on Visions of Computer Science: BCS International Academic Conference, VoCS 2008, pp. 141–152. British Computer Society, Swinton (2008)Google Scholar
  2. 2.
    Angulo, J., Bernsmed, K., Fischer-Hübner, S., Froystad, C., Gjaere, E.A., Wästlund, E.: D: D-5.1 user interface prototypes v1. Deliverable, KAU, SINTEF (2014)Google Scholar
  3. 3.
    Angulo, J., Fischer-Hübner, S., Pulls, T., Wästlund, E.: Usable transparency with the data track: a tool for visualizing data disclosures. In: Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1803–1808. ACM (2015)Google Scholar
  4. 4.
    Bangor, A., Kortum, P., Miller, J.: Determining what individual sus scores mean: adding an adjective rating scale. J. Usability Stud. 4(3), 114–123 (2009)Google Scholar
  5. 5.
    Bier, C.: How usage control and provenance tracking get together - a data protection perspective. In: IEEE Security and Privacy Workshops (SPW), pp. 13–17 (2013)Google Scholar
  6. 6.
    Brooke, J., et al.: Sus-a quick and dirty usability scale. Usability Eval. Ind. 189(194), 4–7 (1996)Google Scholar
  7. 7.
    Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact. 13(2), 135–178 (2006)CrossRefGoogle Scholar
  8. 8.
    Fischer-Hübner, S., Angulo, J., Pulls, T.: How can cloud users be supported in deciding on, tracking and controlling how their data are used? In: Hansen, M., Hoepman, J.-H., Leenes, R., Whitehouse, D. (eds.) Privacy and Identity 2013. IFIP AICT, vol. 421, pp. 77–92. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  9. 9.
    Freire, J., Koop, D., Santos, E., Silva, C.T.: Provenance for computational tasks: a survey. Comput. Sci. Eng. 10(3), 11–21 (2008)CrossRefGoogle Scholar
  10. 10.
    Harvan, M., Pretschner, A.: State-based usage control enforcement with data flow tracking using system call interposition. In: Proceedings of the 3rd International Conference on Network and System Security (NSS 2009), pp. 373–380. IEEE, Saint Malo (2009)Google Scholar
  11. 11.
    Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    ISO: ISO 9241–11: Ergonomic requirements for office work with visual display terminals (VDTs). Technical report, International Organization for Standardization, Geneva, Switzerland (2000)Google Scholar
  13. 13.
    Janic, M., Wijbenga, J.P., Veugen, T.: Transparency enhancing tools (TETs): an overview. In: Third Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 18–25 (2013)Google Scholar
  14. 14.
    Kani-Zabihi, E., Helmhout, M.: Increasing service users’ privacy awareness by introducing on-line interactive privacy features. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 131–148. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Kolter, J., Netter, M., Pernul, G.: Visualizing past personal data disclosures. In: International Conference on Availability, Reliability, and Security (ARES 2010), pp. 131–139 (2010)Google Scholar
  16. 16.
    Laugwitz, B., Held, T., Schrepp, M.: Construction and evaluation of a user experience questionnaire. In: Holzinger, A. (ed.) USAB 2008. LNCS, vol. 5298, pp. 63–76. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Lewis, J.R., Sauro, J.: The factor structure of the system usability scale. In: Kurosu, M. (ed.) HCD 2009. LNCS, vol. 5619, pp. 94–103. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Park, J., R.: Towards usage control models: beyond traditional access control. In: Proceedings of the Seventh ACM Symposium on Access control models and technologies (SACMAT 2002), pp. 57–64. ACM, Monterey (2002)Google Scholar
  19. 19.
    Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)CrossRefGoogle Scholar
  20. 20.
    Pretschner, A., Büchler, M., Harvan, M., Schaefer, C., Walter, T.: Usage control enforcement with data flow tracking for X11. In: Proceedings of the 5th International Workshop on Security and Trust Management (STM), pp. 124–137, Saint Malo (2009)Google Scholar
  21. 21.
    Pretschner, A., Lovat, E., Büchler, M.: Representation-independent data usage control. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 122–140. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  22. 22.
    Pulls, T., Peeters, R., Wouters, K.: Distributed privacy-preserving transparency logging. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES 2013, pp. 83–94. ACM, New York (2013)Google Scholar
  23. 23.
    Roßnagel, A.: Handbuch Datenschutzrecht. C.H. Beck, München (2003)Google Scholar
  24. 24.
    Simitis, S. (ed.): Bundesdatenschutzgesetz. Nomos, Baden-Baden, 7 auflage (2011)Google Scholar
  25. 25.
    Simmhan, Y.L., Plale, B., Gannon, D.: A survey of data provenance in e-science. ACM Sigmod Record 34(3), 31–36 (2005)CrossRefGoogle Scholar
  26. 26.
    Warren, S.D., Brandeis, L.D.: The right to privacy. Harvard Law Rev. 4(5), 193–220 (1890)CrossRefGoogle Scholar
  27. 27.
    Wästlund, E., Hübner, S.F.: End user transparency tools: UI prototypes. Technical report, KAU (2010)Google Scholar
  28. 28.
    Wästlund, E., Wolkerstorfer, P., Köffel, C.: PET-USES: privacy-enhancing technology – users’ self-estimation scale. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) IFIP AICT 320. IFIP AICT, vol. 320, pp. 266–274. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Weichert, T.: Auskunftsanspruch in Verteilten Systemen. Datenschutz und Datensicherheit (DuD) 30(11), 694–699 (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Fraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSBKarlsruheGermany

Personalised recommendations