Skip to main content
SpringerLink
Log in

Addressing Challenges: A Way Forward

  • Chapter
  • First Online:
The Curious Case of Usable Privacy

  • 51 Accesses

Abstract

This chapter provides an overview of solutions for achieving usable privacy. First, the need for combining human-centred and privacy by design approaches is highlighted. Moreover, it is discussed how important challenges for usable privacy can be approached by available solutions. These include example approaches for considering culturally dependent privacy personas, developing usable Privacy-Enhancing Technology (PET) configuration tools through interdisciplinary efforts, raising users’ attention to privacy as a secondary goal via engaging them with the policy content, designing usable multi-layered privacy notices and usable privacy management via semi-automation, and achieving usable transparency through usable explanations of PETs and different forms of visualisation of data disclosures. Finally, we discuss how fundamental legal privacy requirements map to Human-Computer Interaction (HCI) requirements and HCI solutions, focusing on the solutions discussed in this chapter.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    According to Hofstede [67], the individualism (versus collectivism) cultural dimension addresses the degree of interdependence that a society maintains between its members. In individualistic societies, people are supposed to care about themselves and their immediate family. In contrast, in collectivist societies, people belong to “groups” that take care of them in return for their loyalty.

  2. 2.

    Despite the fact that secret sharing of personal data is information-theoretically secure when the Shamir scheme [15] is used, it remains pseudonymous data, and therefore personal data under GDPR, since it can be reconstructed with the help of other data shares.

  3. 3.

    More precisely, it was developed for a privacy-enhancing data analytics application using differential privacy for federated learning.

References

  1. Schaub, F., Balebako, R., Durity, A. & Cranor, L. A design space for effective privacy notices. Eleventh Symposium On Usable Privacy And Security (SOUPS 2015). pp. 1–17 (2015)

    Google Scholar 

  2. Tsormpatzoudi, P., Berendt, B. & Coudert, F. Privacy by design: from research and policy to practice-the challenge of multi-disciplinarity. Privacy Technologies And Policy: Third Annual Privacy Forum, APF 2015, Luxembourg, Luxembourg, October 7–8, 2015, Revised Selected Papers 3. pp. 199–212 (2016)

    Google Scholar 

  3. Cavoukian, A. & Others Privacy by design: The 7 foundational principles. Information And Privacy Commissioner Of Ontario, Canada. 5 pp. 12 (2009)

    Google Scholar 

  4. Fritsch, L., Fuglerud, K. & Solheim, I. Towards inclusive identity management. Identity In The Information Society. 3 pp. 515–538 (2010)

    Article  Google Scholar 

  5. ETSI standard EN 301 549. Accessibility requirements for ICT products and services. https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf (2021)

  6. Islami, L., Fischer-Hübner, S. & Papadimitratos, P. Capturing drivers’ privacy preferences for intelligent transportation systems: An intercultural perspective. Computers & Security. 123 pp. 102913 (2022)

    Article  Google Scholar 

  7. Pettersson, J., Fischer-Hübner, S., Danielsson, N., Nilsson, J., Bergmann, M., Clauss, S., Kriegelstein, T. & Krasemann, H. Making PRIME usable. Proceedings Of The 2005 Symposium On Usable Privacy And Security. pp. 53–64 (2005)

    Google Scholar 

  8. Karegar, F., Gerber, N., Volkamer, M. & Fischer-Hübner, S. Helping john to make informed decisions on using social login. Proceedings Of The 33rd Annual ACM Symposium On Applied Computing. pp. 1165–1174 (2018)

    Google Scholar 

  9. Karegar, F., Pettersson, J. & Fischer-Hübner, S. The dilemma of user engagement in privacy notices: Effects of interaction modes and habituation on user attention. ACM Transactions On Privacy And Security (TOPS). 23, 1–38 (2020)

    Article  Google Scholar 

  10. Wilkinson, D., Bahirat, P., Namara, M., Lyu, J., Alsubhi, A., Qiu, J., Wisniewski, P. & Knijnenburg, B. Privacy at a glance: the user-centric design of glanceable data exposure visualizations. (Proceedings on Privacy Enhancing Technologies,2020)

    Google Scholar 

  11. Murmann, P., Beckerle, M., Fischer-Hübner, S. & Reinhardt, D. Reconciling the what, when and how of privacy notifications in fitness tracking scenarios. Pervasive And Mobile Computing. 77 pp. 101480 (2021)

    Article  Google Scholar 

  12. Demjaha, A., Spring, J., Becker, I., Parkin, S. & Sasse, M. Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption. Proc. USEC. 2018 (2018)

    Google Scholar 

  13. Wu, J. & Zappala, D. When is a Tree Really a Truck? Exploring Mental Models of Encryption. Fourteenth Symposium On Usable Privacy And Security (SOUPS 2018). pp. 395–409 (2018, 8), https://www.usenix.org/conference/soups2018/presentation/wu

  14. Alaqra, A., Kane, B. & Fischer-Hübner, S. Machine Learning-Based Analysis of Encrypted Medical Data in the Cloud: Qualitative Study of Expert Stakeholders’ Perspectives. JMIR Human Factors. 8, e21810 (2021), https://humanfactors.jmir.org/2021/3/e21810/

    Article  Google Scholar 

  15. Shamir, A. How to share a secret. Communications Of The ACM. 22, 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  16. Framner, E., Fischer-Hübner, S., Lorünser, T., Alaqra, A. & Pettersson, J. Making secret sharing based cloud storage usable. Information & Computer Security. (2019)

    Google Scholar 

  17. European Data Protection Board Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. (2020), https://edpb.europa.eu/system/files/2021-06/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf

  18. European Data Protection Board Guidelines 05/2020 on consent under Regulation 2016/679. Version 1.1. Adopted on 4 May 2020. https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf (2020)

  19. Art. 29 Data Protection Working Party. Opinion 10/2004 on More Harmonised Information Provisions. European Commission. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2004/wp100_en.pdf (2004)

  20. Article 29 Working Party. Guidelines on transparency under Regulation 2016/679. European Commission. Adopted on 29 November 2017 As last Revised and Adopted on 11 April 2018. https://ec.europa.eu/newsroom/article29/items/622227/en (2018)

  21. Office of the Australian Information Commissioner. Guide to developing an APP privacy policy. https://www.oaic.gov.au/privacy/guidance-and-advice/guide-to-developing-an-app-privacy-policy (2014)

  22. OECD. Making Privacy Notices Simple. Digital Economy Papers 120. http://www.oecd-ilibrary.org/science-and-technology/making-privacy- notices-simple. (2006)

  23. McDonald, A., Reeder, R., Kelley, P. & Cranor, L. A comparative study of online privacy policies and formats. Privacy Enhancing Technologies: 9th International Symposium, PETS 2009, Seattle, WA, USA, August 5–7, 2009. Proceedings 9. pp. 37–55 (2009)

    Google Scholar 

  24. Kelley, P., Bresee, J., Cranor, L. & Reeder, R. A “nutrition label” for privacy. Proceedings Of The 5th Symposium On Usable Privacy And Security. pp. 1–12 (2009)

    Google Scholar 

  25. Kelley, P., Cesca, L., Bresee, J. & Cranor, L. Standardizing privacy notices: an online study of the nutrition label approach. Proceedings Of The SIGCHI Conference On Human Factors In Computing Systems. pp. 1573–1582 (2010)

    Google Scholar 

  26. Nielsen, J. Usability inspection methods. Conference Companion On Human Factors In Computing Systems. pp. 413–414 (1994)

    Google Scholar 

  27. Fischer-Hübner, S., Angulo, J. & Pulls, T. How can cloud users be supported in deciding on, tracking and controlling how their data are used?. Privacy And Identity Management For Emerging Services And Technologies: 8th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6 International Summer School, Nijmegen, The Netherlands, June 17–21, 2013, Revised Selected Papers 8. pp. 77–92 (2014)

    Google Scholar 

  28. Tschofenig, H., Volkamer, M., Jentzsch, N., Fischer-Hübner, S., Schiffner, S. & Tirtea, R. On the security, privacy and usability of online seals: An overview. (ENISA,2013)

    Google Scholar 

  29. Holtz, L., Nocun, K. & Hansen, M. Towards displaying privacy information with icons. Privacy And Identity Management For Life: 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, August 2–6, 2010, Revised Selected Papers 6. pp. 338–348 (2011)

    Google Scholar 

  30. Fischer-Hübner, S. & Zwingelberg, H (Ed.). UI Prototypes: Policy administration and presentation-Version 2. PrimeLife Project Deliverable D. 4.3. 2 (2010). (2000)

    Google Scholar 

  31. Angulo, J., Fischer-Hübner, S., Wästlund, E. & Pulls, T. Towards usable privacy policy display and management. Information Management & Computer Security. 20, 4–17 (2012)

    Article  Google Scholar 

  32. Smullen, D., Feng, Y., Aerin Zhang, S. & Sadeh, N. The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences. Proceedings On Privacy Enhancing Technologies. 2020, 195–215 (2020,1), https://petsymposium.org/popets/2020/popets-2020-0011.php

  33. Bahirat, P., He, Y., Menon, A. & Knijnenburg, B. A Data-Driven Approach to Developing IoT Privacy-Setting Interfaces. 23rd International Conference On Intelligent User Interfaces. pp. 165–176 (2018, 3), https://dl.acm.org/doi/10.1145/3172944.3172982

  34. Liu, B., Andersen, M., Schaub, F., Almuhimedi, H., Zhang, S., Sadeh, N., Acquisti, A. & Agarwal, Y. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. (Usenix Association, 2016)

    Google Scholar 

  35. Prictor, M., Lewis, M., Newson, A., Haas, M., Baba, S., Kim, H., Kokado, M., Minari, J., Molnár-Gábor, F., Yamamoto, B., Kaye, J. & Teare, H. Dynamic Consent: An Evaluation and Reporting Framework. Journal Of Empirical Research On Human Research Ethics. 15, 175–186 (2020, 7), http://journals.sagepub.com/doi/10.1177/1556264619887073

  36. Schlehahn, E., Murmann, P., Karegar, F. & Fischer-Hübner, S. Opportunities and challenges of dynamic consent in commercial big data analytics. Privacy And Identity Management. Data For Better Living: AI And Privacy: 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2. 2 International Summer School, Windisch, Switzerland, August 19–23, 2019, Revised Selected Papers 14. pp. 29–44 (2020)

    Google Scholar 

  37. Patrick, A. & Kenny, S. From privacy legislation to interface design: Implementing information privacy in human-computer interactions. Privacy Enhancing Technologies: Third International Workshop, PET 2003, Dresden, Germany, March 26–28, 2003. Revised Papers 3. pp. 107–124 (2003)

    Google Scholar 

  38. Kobsa, A. & Teltzrow, M. Contextualized communication of privacy practices and personalization benefits: Impacts on users’ data sharing and purchase behavior. Privacy Enhancing Technologies: 4th International Workshop, PET 2004, Toronto, Canada, May 26–28, 2004. Revised Selected Papers 4. pp. 329–343 (2005)

    Google Scholar 

  39. Angulo, J., Fischer-Hübner, S., Pulls, T. & Wästlund, E. Usable transparency with the data track: a tool for visualizing data disclosures. Proceedings Of The 33rd Annual ACM Conference Extended Abstracts On Human Factors In Computing Systems. pp. 1803–1808 (2015)

    Google Scholar 

  40. Rozenberg, B., Bozdemir, B., Ermis, O., Önen, M., Canard, S., ORA, B., Perez, A., Ituarte, N., Pulls, T., Fischer-Hübner, S. & Others D5. 4-PAPAYA PLATFORM GUIDE. (2021)

    Google Scholar 

  41. Sarathy, J., Song, S., Haque, A., Schlatter, T. & Vadhan, S. Don’t Look at the Data! How Differential Privacy Reconfigures the Practices of Data Science. Proceedings Of The 2023 CHI Conference On Human Factors In Computing Systems. pp. 1–19 (2023)

    Google Scholar 

  42. Nissim, K., Bembenek, A., Wood, A., Bun, M., Gaboardi, M., Gasser, U., O’Brien, D., Steinke, T. & Vadhan, S. Bridging the gap between computer science and legal approaches to privacy. Harv. JL & Tech.. 31 pp. 687 (2017)

    Google Scholar 

  43. Altman, M., Cohen, A., Nissim, K. & Wood, A. What a hybrid legal-technical analysis teaches us about privacy regulation: The case of singling out. BUJ Sci. & Tech. L.. 27 pp. 1 (2021)

    Google Scholar 

  44. Prokhorenkov, D. Alternative methodology and framework for assessing differential privacy constraints and consequences from a gdpr perspective. 2022 IEEE 12th Annual Computing And Communication Workshop And Conference (CCWC). pp. 0359–0364 (2022)

    Google Scholar 

  45. Gallagher, K., Patil, S. & Memon, N. New me: Understanding expert and non-expert perceptions and usage of the Tor anonymity network. Thirteenth Symposium On Usable Privacy And Security (SOUPS 2017). pp. 385–398 (2017)

    Google Scholar 

  46. Habib, H., Pearman, S., Wang, J., Zou, Y., Acquisti, A., Cranor, L., Sadeh, N. & Schaub, F. “It’s a Scavenger Hunt”: Usability of Websites’ Opt-Out and Data Deletion Choices. Proceedings Of The 2020 CHI Conference On Human Factors In Computing Systems. pp. 1–12 (2020)

    Google Scholar 

  47. Habib, H. & Cranor, L. Evaluating the usability of privacy choice mechanisms. Eighteenth Symposium On Usable Privacy And Security (SOUPS 2022). pp. 273–289 (2022)

    Google Scholar 

  48. Murmann, P. & Karegar, F. From design requirements to effective privacy notifications: Empowering users of online services to make informed decisions. International Journal Of Human-Computer Interaction. 37, 1823–1848 (2021)

    Article  Google Scholar 

  49. Ramokapane, K., Rashid, A. & Such, J. “I feel stupid I can’t delete...”: A Study of Users’ Cloud Deletion Practices and Coping Strategies. Thirteenth Symposium On Usable Privacy And Security (SOUPS 2017). pp. 241–256 (2017, 7)

    Google Scholar 

  50. Rossi, A. & Palmirani, M. Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection. Design Issues. 36, 82–96 (2020, 6)

    Google Scholar 

  51. Habib, H., Zou, Y., Yao, Y., Acquisti, A., Cranor, L., Reidenberg, J., Sadeh, N. & Schaub, F. Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts. Proceedings Of The 2021 CHI Conference On Human Factors In Computing Systems. (2021)

    Google Scholar 

  52. Harbach, M., Hettig, M., Weber, S. & Smith, M. Using personal examples to improve risk communication for security & privacy decisions. Proceedings Of The SIGCHI Conference on Human Factors in Computing Systems. pp. 2647–2656 (2014)

    Google Scholar 

  53. Tabassum, M., Alqhatani, A., Aldossari, M. & Richter Lipford, H. Increasing User Attention with a Comic-Based Policy. Proceedings Of The 2018 CHI Conference on Human Factors in Computing Systems. pp. 1–6 (2018)

    Google Scholar 

  54. Bravo-Lillo, C., Komanduri, S., Cranor, L., Reeder, R., Sleeper, M., Downs, J. & Schechter, S. Your attention please: Designing security-decision UIs to make genuine risks harder to ignore. Proceedings of the Ninth Symposium on Usable Privacy and Security. pp. 1–12 (2013)

    Google Scholar 

  55. Anderson, B., Jenkins, J., Vance, A., Kirwan, C. & Eargle, D. Your memory is working against you: How eye tracking and memory explain habituation to security warnings. Decision Support Systems. 92 pp. 3–13 (2016)

    Article  Google Scholar 

  56. Anderson, B., Vance, A., Kirwan, C., Jenkins, J. & Eargle, D. From warning to wallpaper: Why the brain habituates to security warnings and what can be done about it. Journal Of Management Information Systems. 33, 713–743 (2016)

    Article  Google Scholar 

  57. Luguri, J. & Strahilevitz, L. Shining a light on dark patterns. Journal Of Legal Analysis. 13, 43–109 (2021)

    Article  Google Scholar 

  58. Gray, C., Kou, Y., Battles, B., Hoggatt, J. & Toombs, A. The dark (patterns) side of UX design. Proceedings Of The 2018 CHI Conference On Human Factors In Computing Systems. pp. 1–14 (2018)

    Google Scholar 

  59. Bösch, C., Erb, B., Kargl, F., Kopp, H. & Pfattheicher, S. Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns.. Proc. Priv. Enhancing Technol.. 2016, 237–254 (2016)

    Article  Google Scholar 

  60. Mathur, A., Acar, G., Friedman, M., Lucherini, E., Mayer, J., Chetty, M. & Narayanan, A. Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites. Proc. ACM Hum.-Comput. Interact.. 3 (2019,11)

    Google Scholar 

  61. Emami-Naeini, P., Dheenadhayalan, J., Agarwal, Y. & Cranor, L. “nutrition” label for internet of things devices. IEEE Security & Privacy. 20, 31–39 (2021)

    Article  Google Scholar 

  62. Railean, A. & Reinhardt, D. Let there be lite: design and evaluation of a label for iot transparency enhancement. Proceedings Of The 20th International Conference On Human-Computer Interaction With Mobile Devices And Services Adjunct. pp. 103–110 (2018)

    Google Scholar 

  63. Railean, A. Improving IoT device transparency by means of privacy labels. (2022)

    Google Scholar 

  64. Alaqra, A., Karegar, F. & Fischer-Hübner, S. Structural and functional explanations for informing lay and expert users: the case of functional encryption. Proceedings On Privacy Enhancing Technologies. 4 pp. 359–380 (2023)

    Article  Google Scholar 

  65. Morel, V. & Fischer-Hübner, S. Automating privacy decisions-where to draw the line?. ArXiv Preprint ArXiv:2305.08747. (2023)

  66. Li, Y. Cross-cultural privacy differences. Modern Socio-technical Perspectives On Privacy. pp. 267–292 (2022)

    Google Scholar 

  67. Hofstede, G. & Others Organizations and cultures: Software of the mind. McGrawHill, New York. pp. 418–506 (1991)

    Google Scholar 

  68. Feng, Y., Yao, Y. & Sadeh, N. A design space for privacy choices: Towards meaningful privacy control in the internet of things. Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. pp. 1–16 (2021)

    Google Scholar 

  69. Fischer-Hübner, S., Angulo, J., Karegar, F. & Pulls, T. Transparency, privacy and trust–Technology for tracking and controlling my data disclosures: Does this work?. Trust Management X: 10th IFIP WG 11.11 International Conference, IFIPTM 2016, Darmstadt, Germany, July 18–22, 2016, Proceedings 10. pp. 3–14, Springer International Publishing (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  2. Department of Computer Science and Engineering, Chalmers University of Technology, Gothenburg, Sweden

    Simone Fischer-Hübner

  3. Department of Information Systems, Karlstad University, Karlstad, Sweden

    Farzaneh Karegar

Authors
  1. Simone Fischer-Hübner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Farzaneh Karegar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Simone Fischer-Hübner .

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Fischer-Hübner, S., Karegar, F. (2024). Addressing Challenges: A Way Forward. In: The Curious Case of Usable Privacy. Synthesis Lectures on Information Security, Privacy, and Trust. Springer, Cham. https://doi.org/10.1007/978-3-031-54158-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54158-2_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54157-5

  • Online ISBN: 978-3-031-54158-2

  • eBook Packages: Synthesis Collection of Technology (R0)

Publish with us

Policies and ethics

Search

Navigation