Search results

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.

The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.

The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.

The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.

This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.

This paper aims to present arguments about how a complex concept of privacy labeling can be a solution to the current state of privacy.

The authors give a precise definition of Privacy Labeling (PL), painting a panoptic portrait from seven different perspectives: Business, Legal, Regulatory, Usability and Human Factors, Educative, Technological and Multidisciplinary. They describe a common vision, proposing several important “traits of character” of PL as well as identifying “undeveloped potentialities”, i.e. open problems on which the community can focus.

This position paper identifies the stakeholders of the PL and their needs with regard to privacy, describing how PL should be and look like to address these needs. Main aspects considered are the PL’s educational power to change people’s knowledge of privacy, tools useful for constructing PL and the possible visual appearances of PL. They also identify how the present landscape of privacy certifications could be improved by PL.

The authors adopt a multidisciplinary approach to defining PL as well as give guidelines in the form of goals, characteristics, open problems, starting points and a roadmap for creating the ideal PL.

Despite the widely varying estimates about the strength of the global Internet economy, there is general agreement among experts about the dramatic influence of this medium on consumers as well businesses. However, one area that has generated conflicting views is the issue of Internet privacy. As businesses develop more sophisticated technologies to collect, store and disseminate information on consumers, privacy and security of this information are raising concerns among consumers and public policy advocates. Anecdotal evidence seems to suggest that consumers in some European countries view privacy protection as a very important issue. Investigates consumer attitudes in the Federal Republic of Germany. The findings indicate that consumers in Germany have very strong views about protecting their privacy. They believe that both companies and governments are obligated to protect the information of their consumers and citizens. To this end, German consumers are willing to support stricter legislation. Results also suggest that German consumers’ views about Internet use and on‐line behaviors, are affected, among other things, by their views regarding privacy in general, their personal expertise in Internet technologies, and how they view the role of the government and the role of companies in protecting consumer privacy.

Past research shows that users of smart home devices (SHDs) have privacy concerns. These concerns have been validated from technical research that shows SHDs introduce a lot of privacy risks. However, there is limited research in addressing these concerns and risks. This paper aims to bridge this gap by informing the design of data-related privacy controls for SHDs.

In this paper, the authors follow a user-centered design approach to design data-related privacy controls from design requirements backed by literature. The authors test the design for usability and perceived information control using psychometrically validated scales. For this purpose, two variations of the prototype (MyCam1 with a listing of data-related privacy controls and MyCam2 with three privacy presets) were created and tested them in a between-subjects experimental setting. Study participants (n = 207) were recruited via Mechanical Turk and asked to use the prototype app. An online survey was distributed to the participants to measure some usability and privacy-related constructs.

Findings show that the presented prototype designs were usable and met the privacy control needs of users. The prototype design with privacy presets (MyCam2) was found to be significantly more usable than the list of privacy controls (MyCam1).

The findings of this paper are original and build on the paper presented at the International Symposium on Human Aspects of Information Security and Assurance (HAISA 2022). This paper contributes improved and usable designs of privacy controls for smart home applications.

The purpose of this paper is to present the approach taken within the PrimeLife project for designing user‐friendly privacy policy interfaces for the PrimeLife Policy Language (PPL) and report on the lessons learned when designing interfaces for privacy policy management and display.

Taking an iterative process of design, the authors developed the interface of the “Send Data?” prototype, a browser extension designed and developed to deal with the powerful features provided by PPL, and having the purpose of helping users to make conscious decisions on the dissemination of their personal information. The proposed interface introduces the novel features of “on the fly” privacy management, predefined levels of privacy settings, and simplified selection of anonymous credentials. The last iteration of the prototype has been tested using a cognitive walkthrough approach.

Results from usability tests show that users understood and appreciate most of the features contained within the interface and they perceived their benefit for protecting their privacy online. However, improvement is still needed in order to make the display and management of privacy policies more intuitive and seamless. Showing privacy mismatches inside a two‐dimensional table was preferred by users in general.

The paper introduces the novelty of “on the fly” privacy management, which lets users adapt and organize their own privacy preferences whilst an online transaction takes place, Also, it allows users to select credentials to identify themselves in a simpler manner.

A huge amount of personal and sensitive data are shared on Facebook, which makes it a prime target for attackers. Adversaries can exploit third-party applications connected to a user’s Facebook profiles (i.e. Facebook apps) to gain access to this personal information. Users’ lack of knowledge and the varying privacy policies of these apps make them further vulnerable to information leakage. However, little has been done to identify mismatches between users’ perceptions and the privacy policies of Facebook apps. This paper aims to address this challenge in the work.

The authors conducted a lab study with 31 participants, where the authors received data on how they share information on Facebook, their Facebook-related security and privacy practices and their perceptions on the privacy aspects of 65 frequently-used Facebook apps in terms of data collection, sharing and deletion. The authors then compared participants’ perceptions with the privacy policy of each reported app. Participants also reported their expectations about the types of information that should not be collected or shared by any Facebook app.

The analysis reveals significant mismatches between users’ privacy perceptions and reality (i.e. privacy policies of Facebook apps), where the authors identified over-optimism not only in users’ perceptions of information collection but also in their self-efficacy in protecting their information in Facebook despite experiencing negative incidents in the past.

To the best of the knowledge, this is the first study on the gap between users’ privacy perceptions around Facebook apps and reality. The findings from this study offer direction for future research to address that gap through designing usable, effective and personalized privacy notices to help users to make informed decisions about using Facebook apps.

The paper aims at a multi‐faceted review of scholarly work, analyzing the current state of empirical studies dealing with privacy and online social networking (OSN) as well as the theoretical “puzzle” of privacy approaches related to OSN usage from the background of diverse disciplines. Drawing on a more pragmatic and practical level, aspects of privacy management are presented as well.

Based on individual privacy concerns and also publicly communicated threats, information privacy has become an important topic of public and scholarly discussion. Beside diverse positive aspects of OSN sites for users, their information is for example also being used for data mining and profiling, pre‐recruiting information as well as economic espionage. This review highlights information privacy mainly from an individual point‐of‐view, focusing on the usage of OSN sites (OSNs).

This analysis of scholarly work shows the following findings: first, adults seem to be more concerned about potential privacy threats than younger users; second, policy makers should be alarmed by a large part of users who underestimate risks of their information privacy on OSNs; third, in the case of using OSNs and its services, traditional one‐dimensional privacy approaches fall short. Hence, findings of this paper further highlight the necessity to focus on multidimensional and multidisciplinary frameworks of privacy, for example considering a so‐called “privacy calculus paradigm” and rethinking “fair information practices” from a more and more ubiquitous environment of OSNs.

The results of the work presented in this paper give new opportunities for research as well as suggestions for privacy management issues for OSN providers and users.

This paper aims that privacy research is divided in distinct communities and rarely considered as a singular field, harming its disciplinary identity. The authors collected 119.810 publications and over 3 million references to perform a bibliometric domain analysis as a quantitative approach to uncover the structures within the privacy research field.

The bibliometric domain analysis consists of a combined directed network and topic model of published privacy research. The network contains 83,159 publications and 462,633 internal references. A Latent Dirichlet allocation (LDA) topic model from the same dataset offers an additional lens on structure by classifying each publication on 36 topics with the network data. The combined outcomes of these methods are used to investigate the structural position and topical make-up of the privacy research communities.

The authors identified the research communities as well as categorised their structural positioning. Four communities form the core of privacy research: individual privacy and law, cloud computing, location data and privacy-preserving data publishing. The latter is a macro-community of data mining, anonymity metrics and differential privacy. Surrounding the core are applied communities. Further removed are communities with little influence, most notably the medical communities that make up 14.4% of the network. The topic model shows system design as a potentially latent community. Noteworthy is the absence of a centralised body of knowledge on organisational privacy management.

This is the first in-depth, quantitative mapping study of all privacy research.

We examine the translation of the concept of privacy in the advent of digital communication technologies. We analyze emerging notions of informational privacy in public discourse and policymaking in the United States. Our analysis shows category change to be a dynamic process that is only in part about cognitive processes of similarity. Instead, conceptions of privacy were tied to institutional orders of worth. Those orders offered theories, analogies, and vocabularies that could be deployed to extrapolate the concept of privacy into new domains, make sense of new technologies, and to shape policy agendas.

This article aims to reflect on possible ways to optimise current ways to deliver information provision to make it more transparent to users. In particular, this article will refer to the benefits (and challenges) of using more user-centred approaches to inform users in a more transparent way.

In this paper we analyse individual, as well as contextual factors (e.g. cognitive differences, time constraints, specific features of social networking sites [SNS] platforms) which may have an impact on the way users deal with Terms of Use, privacy policies and other types of information provision typically made available on SNS platforms. In addition, possible ways of improving current practices in the field are discussed. In particular, the benefits (and challenges) of a user-centred approach have been referred to when it comes to informing users in a way that is more meaningful to them. Finally, it is discussed how user-centred approaches can act as mechanisms to increase transparency in SNS environments and how (alternative) forms of regulation could benefit from such an approach.

The authors believe that it is necessary to start focussing on users/consumers’ needs, expectations and values to develop visualisation tools that can help make law (more) meaningful to users/consumers by giving them a better insight into their rights and obligations and by guiding them in making truly informed decisions regarding their online choices and behaviour.

By looking at different techniques such as visual design and the timing of information, the article contributes to the discussion on how people can be made more aware of legal documents and actually read them.