Abstract
This chapter provides an overview of solutions for achieving usable privacy. First, the need for combining human-centred and privacy by design approaches is highlighted. Moreover, it is discussed how important challenges for usable privacy can be approached by available solutions. These include example approaches for considering culturally dependent privacy personas, developing usable Privacy-Enhancing Technology (PET) configuration tools through interdisciplinary efforts, raising users’ attention to privacy as a secondary goal via engaging them with the policy content, designing usable multi-layered privacy notices and usable privacy management via semi-automation, and achieving usable transparency through usable explanations of PETs and different forms of visualisation of data disclosures. Finally, we discuss how fundamental legal privacy requirements map to Human-Computer Interaction (HCI) requirements and HCI solutions, focusing on the solutions discussed in this chapter.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
According to Hofstede [67], the individualism (versus collectivism) cultural dimension addresses the degree of interdependence that a society maintains between its members. In individualistic societies, people are supposed to care about themselves and their immediate family. In contrast, in collectivist societies, people belong to “groups” that take care of them in return for their loyalty.
- 2.
Despite the fact that secret sharing of personal data is information-theoretically secure when the Shamir scheme [15] is used, it remains pseudonymous data, and therefore personal data under GDPR, since it can be reconstructed with the help of other data shares.
- 3.
More precisely, it was developed for a privacy-enhancing data analytics application using differential privacy for federated learning.
References
Schaub, F., Balebako, R., Durity, A. & Cranor, L. A design space for effective privacy notices. Eleventh Symposium On Usable Privacy And Security (SOUPS 2015). pp. 1–17 (2015)
Tsormpatzoudi, P., Berendt, B. & Coudert, F. Privacy by design: from research and policy to practice-the challenge of multi-disciplinarity. Privacy Technologies And Policy: Third Annual Privacy Forum, APF 2015, Luxembourg, Luxembourg, October 7–8, 2015, Revised Selected Papers 3. pp. 199–212 (2016)
Cavoukian, A. & Others Privacy by design: The 7 foundational principles. Information And Privacy Commissioner Of Ontario, Canada. 5 pp. 12 (2009)
Fritsch, L., Fuglerud, K. & Solheim, I. Towards inclusive identity management. Identity In The Information Society. 3 pp. 515–538 (2010)
ETSI standard EN 301 549. Accessibility requirements for ICT products and services. https://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf (2021)
Islami, L., Fischer-Hübner, S. & Papadimitratos, P. Capturing drivers’ privacy preferences for intelligent transportation systems: An intercultural perspective. Computers & Security. 123 pp. 102913 (2022)
Pettersson, J., Fischer-Hübner, S., Danielsson, N., Nilsson, J., Bergmann, M., Clauss, S., Kriegelstein, T. & Krasemann, H. Making PRIME usable. Proceedings Of The 2005 Symposium On Usable Privacy And Security. pp. 53–64 (2005)
Karegar, F., Gerber, N., Volkamer, M. & Fischer-Hübner, S. Helping john to make informed decisions on using social login. Proceedings Of The 33rd Annual ACM Symposium On Applied Computing. pp. 1165–1174 (2018)
Karegar, F., Pettersson, J. & Fischer-Hübner, S. The dilemma of user engagement in privacy notices: Effects of interaction modes and habituation on user attention. ACM Transactions On Privacy And Security (TOPS). 23, 1–38 (2020)
Wilkinson, D., Bahirat, P., Namara, M., Lyu, J., Alsubhi, A., Qiu, J., Wisniewski, P. & Knijnenburg, B. Privacy at a glance: the user-centric design of glanceable data exposure visualizations. (Proceedings on Privacy Enhancing Technologies,2020)
Murmann, P., Beckerle, M., Fischer-Hübner, S. & Reinhardt, D. Reconciling the what, when and how of privacy notifications in fitness tracking scenarios. Pervasive And Mobile Computing. 77 pp. 101480 (2021)
Demjaha, A., Spring, J., Becker, I., Parkin, S. & Sasse, M. Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption. Proc. USEC. 2018 (2018)
Wu, J. & Zappala, D. When is a Tree Really a Truck? Exploring Mental Models of Encryption. Fourteenth Symposium On Usable Privacy And Security (SOUPS 2018). pp. 395–409 (2018, 8), https://www.usenix.org/conference/soups2018/presentation/wu
Alaqra, A., Kane, B. & Fischer-Hübner, S. Machine Learning-Based Analysis of Encrypted Medical Data in the Cloud: Qualitative Study of Expert Stakeholders’ Perspectives. JMIR Human Factors. 8, e21810 (2021), https://humanfactors.jmir.org/2021/3/e21810/
Shamir, A. How to share a secret. Communications Of The ACM. 22, 612–613 (1979)
Framner, E., Fischer-Hübner, S., Lorünser, T., Alaqra, A. & Pettersson, J. Making secret sharing based cloud storage usable. Information & Computer Security. (2019)
European Data Protection Board Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. (2020), https://edpb.europa.eu/system/files/2021-06/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf
European Data Protection Board Guidelines 05/2020 on consent under Regulation 2016/679. Version 1.1. Adopted on 4 May 2020. https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf (2020)
Art. 29 Data Protection Working Party. Opinion 10/2004 on More Harmonised Information Provisions. European Commission. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2004/wp100_en.pdf (2004)
Article 29 Working Party. Guidelines on transparency under Regulation 2016/679. European Commission. Adopted on 29 November 2017 As last Revised and Adopted on 11 April 2018. https://ec.europa.eu/newsroom/article29/items/622227/en (2018)
Office of the Australian Information Commissioner. Guide to developing an APP privacy policy. https://www.oaic.gov.au/privacy/guidance-and-advice/guide-to-developing-an-app-privacy-policy (2014)
OECD. Making Privacy Notices Simple. Digital Economy Papers 120. http://www.oecd-ilibrary.org/science-and-technology/making-privacy- notices-simple. (2006)
McDonald, A., Reeder, R., Kelley, P. & Cranor, L. A comparative study of online privacy policies and formats. Privacy Enhancing Technologies: 9th International Symposium, PETS 2009, Seattle, WA, USA, August 5–7, 2009. Proceedings 9. pp. 37–55 (2009)
Kelley, P., Bresee, J., Cranor, L. & Reeder, R. A “nutrition label” for privacy. Proceedings Of The 5th Symposium On Usable Privacy And Security. pp. 1–12 (2009)
Kelley, P., Cesca, L., Bresee, J. & Cranor, L. Standardizing privacy notices: an online study of the nutrition label approach. Proceedings Of The SIGCHI Conference On Human Factors In Computing Systems. pp. 1573–1582 (2010)
Nielsen, J. Usability inspection methods. Conference Companion On Human Factors In Computing Systems. pp. 413–414 (1994)
Fischer-Hübner, S., Angulo, J. & Pulls, T. How can cloud users be supported in deciding on, tracking and controlling how their data are used?. Privacy And Identity Management For Emerging Services And Technologies: 8th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6 International Summer School, Nijmegen, The Netherlands, June 17–21, 2013, Revised Selected Papers 8. pp. 77–92 (2014)
Tschofenig, H., Volkamer, M., Jentzsch, N., Fischer-Hübner, S., Schiffner, S. & Tirtea, R. On the security, privacy and usability of online seals: An overview. (ENISA,2013)
Holtz, L., Nocun, K. & Hansen, M. Towards displaying privacy information with icons. Privacy And Identity Management For Life: 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, August 2–6, 2010, Revised Selected Papers 6. pp. 338–348 (2011)
Fischer-Hübner, S. & Zwingelberg, H (Ed.). UI Prototypes: Policy administration and presentation-Version 2. PrimeLife Project Deliverable D. 4.3. 2 (2010). (2000)
Angulo, J., Fischer-Hübner, S., Wästlund, E. & Pulls, T. Towards usable privacy policy display and management. Information Management & Computer Security. 20, 4–17 (2012)
Smullen, D., Feng, Y., Aerin Zhang, S. & Sadeh, N. The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences. Proceedings On Privacy Enhancing Technologies. 2020, 195–215 (2020,1), https://petsymposium.org/popets/2020/popets-2020-0011.php
Bahirat, P., He, Y., Menon, A. & Knijnenburg, B. A Data-Driven Approach to Developing IoT Privacy-Setting Interfaces. 23rd International Conference On Intelligent User Interfaces. pp. 165–176 (2018, 3), https://dl.acm.org/doi/10.1145/3172944.3172982
Liu, B., Andersen, M., Schaub, F., Almuhimedi, H., Zhang, S., Sadeh, N., Acquisti, A. & Agarwal, Y. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. (Usenix Association, 2016)
Prictor, M., Lewis, M., Newson, A., Haas, M., Baba, S., Kim, H., Kokado, M., Minari, J., Molnár-Gábor, F., Yamamoto, B., Kaye, J. & Teare, H. Dynamic Consent: An Evaluation and Reporting Framework. Journal Of Empirical Research On Human Research Ethics. 15, 175–186 (2020, 7), http://journals.sagepub.com/doi/10.1177/1556264619887073
Schlehahn, E., Murmann, P., Karegar, F. & Fischer-Hübner, S. Opportunities and challenges of dynamic consent in commercial big data analytics. Privacy And Identity Management. Data For Better Living: AI And Privacy: 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2. 2 International Summer School, Windisch, Switzerland, August 19–23, 2019, Revised Selected Papers 14. pp. 29–44 (2020)
Patrick, A. & Kenny, S. From privacy legislation to interface design: Implementing information privacy in human-computer interactions. Privacy Enhancing Technologies: Third International Workshop, PET 2003, Dresden, Germany, March 26–28, 2003. Revised Papers 3. pp. 107–124 (2003)
Kobsa, A. & Teltzrow, M. Contextualized communication of privacy practices and personalization benefits: Impacts on users’ data sharing and purchase behavior. Privacy Enhancing Technologies: 4th International Workshop, PET 2004, Toronto, Canada, May 26–28, 2004. Revised Selected Papers 4. pp. 329–343 (2005)
Angulo, J., Fischer-Hübner, S., Pulls, T. & Wästlund, E. Usable transparency with the data track: a tool for visualizing data disclosures. Proceedings Of The 33rd Annual ACM Conference Extended Abstracts On Human Factors In Computing Systems. pp. 1803–1808 (2015)
Rozenberg, B., Bozdemir, B., Ermis, O., Önen, M., Canard, S., ORA, B., Perez, A., Ituarte, N., Pulls, T., Fischer-Hübner, S. & Others D5. 4-PAPAYA PLATFORM GUIDE. (2021)
Sarathy, J., Song, S., Haque, A., Schlatter, T. & Vadhan, S. Don’t Look at the Data! How Differential Privacy Reconfigures the Practices of Data Science. Proceedings Of The 2023 CHI Conference On Human Factors In Computing Systems. pp. 1–19 (2023)
Nissim, K., Bembenek, A., Wood, A., Bun, M., Gaboardi, M., Gasser, U., O’Brien, D., Steinke, T. & Vadhan, S. Bridging the gap between computer science and legal approaches to privacy. Harv. JL & Tech.. 31 pp. 687 (2017)
Altman, M., Cohen, A., Nissim, K. & Wood, A. What a hybrid legal-technical analysis teaches us about privacy regulation: The case of singling out. BUJ Sci. & Tech. L.. 27 pp. 1 (2021)
Prokhorenkov, D. Alternative methodology and framework for assessing differential privacy constraints and consequences from a gdpr perspective. 2022 IEEE 12th Annual Computing And Communication Workshop And Conference (CCWC). pp. 0359–0364 (2022)
Gallagher, K., Patil, S. & Memon, N. New me: Understanding expert and non-expert perceptions and usage of the Tor anonymity network. Thirteenth Symposium On Usable Privacy And Security (SOUPS 2017). pp. 385–398 (2017)
Habib, H., Pearman, S., Wang, J., Zou, Y., Acquisti, A., Cranor, L., Sadeh, N. & Schaub, F. “It’s a Scavenger Hunt”: Usability of Websites’ Opt-Out and Data Deletion Choices. Proceedings Of The 2020 CHI Conference On Human Factors In Computing Systems. pp. 1–12 (2020)
Habib, H. & Cranor, L. Evaluating the usability of privacy choice mechanisms. Eighteenth Symposium On Usable Privacy And Security (SOUPS 2022). pp. 273–289 (2022)
Murmann, P. & Karegar, F. From design requirements to effective privacy notifications: Empowering users of online services to make informed decisions. International Journal Of Human-Computer Interaction. 37, 1823–1848 (2021)
Ramokapane, K., Rashid, A. & Such, J. “I feel stupid I can’t delete...”: A Study of Users’ Cloud Deletion Practices and Coping Strategies. Thirteenth Symposium On Usable Privacy And Security (SOUPS 2017). pp. 241–256 (2017, 7)
Rossi, A. & Palmirani, M. Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection. Design Issues. 36, 82–96 (2020, 6)
Habib, H., Zou, Y., Yao, Y., Acquisti, A., Cranor, L., Reidenberg, J., Sadeh, N. & Schaub, F. Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts. Proceedings Of The 2021 CHI Conference On Human Factors In Computing Systems. (2021)
Harbach, M., Hettig, M., Weber, S. & Smith, M. Using personal examples to improve risk communication for security & privacy decisions. Proceedings Of The SIGCHI Conference on Human Factors in Computing Systems. pp. 2647–2656 (2014)
Tabassum, M., Alqhatani, A., Aldossari, M. & Richter Lipford, H. Increasing User Attention with a Comic-Based Policy. Proceedings Of The 2018 CHI Conference on Human Factors in Computing Systems. pp. 1–6 (2018)
Bravo-Lillo, C., Komanduri, S., Cranor, L., Reeder, R., Sleeper, M., Downs, J. & Schechter, S. Your attention please: Designing security-decision UIs to make genuine risks harder to ignore. Proceedings of the Ninth Symposium on Usable Privacy and Security. pp. 1–12 (2013)
Anderson, B., Jenkins, J., Vance, A., Kirwan, C. & Eargle, D. Your memory is working against you: How eye tracking and memory explain habituation to security warnings. Decision Support Systems. 92 pp. 3–13 (2016)
Anderson, B., Vance, A., Kirwan, C., Jenkins, J. & Eargle, D. From warning to wallpaper: Why the brain habituates to security warnings and what can be done about it. Journal Of Management Information Systems. 33, 713–743 (2016)
Luguri, J. & Strahilevitz, L. Shining a light on dark patterns. Journal Of Legal Analysis. 13, 43–109 (2021)
Gray, C., Kou, Y., Battles, B., Hoggatt, J. & Toombs, A. The dark (patterns) side of UX design. Proceedings Of The 2018 CHI Conference On Human Factors In Computing Systems. pp. 1–14 (2018)
Bösch, C., Erb, B., Kargl, F., Kopp, H. & Pfattheicher, S. Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns.. Proc. Priv. Enhancing Technol.. 2016, 237–254 (2016)
Mathur, A., Acar, G., Friedman, M., Lucherini, E., Mayer, J., Chetty, M. & Narayanan, A. Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites. Proc. ACM Hum.-Comput. Interact.. 3 (2019,11)
Emami-Naeini, P., Dheenadhayalan, J., Agarwal, Y. & Cranor, L. “nutrition” label for internet of things devices. IEEE Security & Privacy. 20, 31–39 (2021)
Railean, A. & Reinhardt, D. Let there be lite: design and evaluation of a label for iot transparency enhancement. Proceedings Of The 20th International Conference On Human-Computer Interaction With Mobile Devices And Services Adjunct. pp. 103–110 (2018)
Railean, A. Improving IoT device transparency by means of privacy labels. (2022)
Alaqra, A., Karegar, F. & Fischer-Hübner, S. Structural and functional explanations for informing lay and expert users: the case of functional encryption. Proceedings On Privacy Enhancing Technologies. 4 pp. 359–380 (2023)
Morel, V. & Fischer-Hübner, S. Automating privacy decisions-where to draw the line?. ArXiv Preprint ArXiv:2305.08747. (2023)
Li, Y. Cross-cultural privacy differences. Modern Socio-technical Perspectives On Privacy. pp. 267–292 (2022)
Hofstede, G. & Others Organizations and cultures: Software of the mind. McGrawHill, New York. pp. 418–506 (1991)
Feng, Y., Yao, Y. & Sadeh, N. A design space for privacy choices: Towards meaningful privacy control in the internet of things. Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. pp. 1–16 (2021)
Fischer-Hübner, S., Angulo, J., Karegar, F. & Pulls, T. Transparency, privacy and trust–Technology for tracking and controlling my data disclosures: Does this work?. Trust Management X: 10th IFIP WG 11.11 International Conference, IFIPTM 2016, Darmstadt, Germany, July 18–22, 2016, Proceedings 10. pp. 3–14, Springer International Publishing (2016)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Fischer-Hübner, S., Karegar, F. (2024). Addressing Challenges: A Way Forward. In: The Curious Case of Usable Privacy. Synthesis Lectures on Information Security, Privacy, and Trust. Springer, Cham. https://doi.org/10.1007/978-3-031-54158-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-54158-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54157-5
Online ISBN: 978-3-031-54158-2
eBook Packages: Synthesis Collection of Technology (R0)