Logo des Repositoriums

Auflistung nach Schlagwort "Data protection"

1 - 6 von 6
  • Konferenzbeitrag
    Deceptive patterns in consent dialogs on children’s websites
    (INFORMATIK 2023 - Designing Futures: Zukünfte gestalten, 2023) Lehtosalo, Suvi; Woods, Daniel W.
    Many privacy and data protection laws, such as Article 8 GDPR and the CCPA, establish different requirements when establishing a legal basis for collecting personal data about children. Our study asks whether and how children’s websites collect consent. We conduct an automated analysis of 2, 066 educational and gaming websites, and a manual analysis of 13 large sites. We measure the prevalence of deceptive patterns identified in prior work, plus a new design consideration, whether the dialog is addressed to the child user’s parent or guardian. A small minority of websites address dialogs for children, which suggest the majority of children’s websites in our sample may not comply with Article 8 GDPR.
  • Zeitschriftenartikel
    Im Spannungsfeld zwischen Sicherheit und Freiheit
    (HMD Praxis der Wirtschaftsinformatik: Vol. 58, No. 2, 2021) Lasarov, Wassili
    Um Infektionsketten in der Corona-Pandemie effektiv nachzuverfolgen und zu unterbrechen, wurde die Corona-Warn-App in Deutschland eingeführt. Diese sogenannte Tracing-App verfolgt Begegnungen zwischen den Anwendern der App und warnt sie, falls sie mit Infizierten in Kontakt getreten sind. In der Öffentlichkeit entbrannte im Zuge der Einführung der Corona-Warn-App eine intensive Diskussion über den Umgang mit persönlichen Daten bei der Verwendung der App (z. B. durch die vermeintliche Erfassung der Standortdaten) sowie über die Wirksamkeit der App (z. B. durch mangelnde Teilnahme, insbesondere von älteren Menschen). Die vorliegende Studie untersucht, welche Einflussfaktoren die Akzeptanz der Corona-Warn-App erhöhen oder mindern können. Es werden hierfür relevante Einflussfaktoren aus der bisherigen Literatur ermittelt und auf den Anwendungsfall der Corona-Warn-App übertragen. Mit diesen Faktoren wurde ein Kategorienschema entwickelt, auf dessen Basis in einer qualitativen Studie 967 Leserkommentare mittels Inhaltsanalyse untersucht wurden. Die Ergebnisse bestätigen, dass besonders drei Kategorien relevant in diesem Zusammenhang sind: Der Nutzen der Corona-Warn-App (37 % der Nennungen), Datenschutz, Privatsphäre, Transparenz und Vertrauen (26 %) sowie der Einfluss der sozialen Umwelt (8 %). Zum Schluss werden Implikationen für zukünftige Forschung kurz vorgestellt. One of the major challenges in slowing the spread of the coronavirus is that covid-19 may be contagious before symptoms are noticeable. For this reason, the German government launched a corona tracing app (“Corona-Warn-App”). Contact tracing for COVID-19 requires identifying people who may have been exposed to COVID-19 and following them up daily for 14 days from the last point of exposure. Therefore, the app warns users if they might have been in close contact with COVID-19-infected individuals. When systematically applied, contact tracing will break the chains of transmission of COVID-19 and is an essential public health tool for controlling the virus. The German corona tracing app has been discussed in public, particularly as many people have strong privacy concerns. Furthermore, many people questioned the effectiveness of the tracing-app (e.g., as many older people are not willing or capable of using the app). The present study sheds light on current research on individual privacy concerns in light of the launch of the corona tracing app. Building on this, the author presents psychological determinants of individual privacy concerns that have been discussed in research so far. The author analyses in a qualitative study 967 reader comments to determine whether the previously identified individual determinants are relevant in the case of the Corona-Warn-App. The results confirm that three categories in particular are relevant in this context: The functional utility of the app (37% of codings), data protection, privacy, transparency and trust (26%) and the influence of the social environment (8%). Finally, implications for further research are derived.
  • Zeitschriftenartikel
    Paradoxes Datenschutzverhalten
    (HMD Praxis der Wirtschaftsinformatik: Vol. 58, No. 6, 2021) Lasarov, Wassili; Hoffmann, Stefan
    Einhergehend mit der Digitalisierung vieler Lebensbereiche werden große Mengen persönlicher Daten von Konsument*innen durch Unternehmen und Institutionen erfasst und analysiert. Daher ist der verantwortungsvolle Umgang mit diesen Daten eines der drängendsten Themen der Gegenwart. Zwar gibt es zahlreiche gesetzliche Verordnungen (z. B. GDPR) sowie eine zunehmende Anzahl von Unternehmen, die sich freiwillig dem Datenschutz verpflichten, allerdings nutzen auch viele Unternehmen und Institutionen die Unachtsamkeit von Konsument*innen aus. Dies wird dadurch begünstigt, dass viele Konsument*innen zwar angeben, dass sie auf ihre Privatsphäre achten, aber nur wenige die dafür notwendigen Maßnahmen ergreifen. Diese Einstellungs-Verhaltens-Diskrepanz (Privatsphäre-Paradoxon) lässt sich einerseits durch ein rationales Kosten-Nutzen-Kalkül erklären, in dem Konsument*innen den Nutzen bestimmter Produkte (z. B. durch Personalisierung) mit der Preisgabe ihrer Daten verrechnen. Andererseits können situative Einflüsse (z. B. wenig Zeit) oder kognitive Verzerrungen (z. B. Kontrollillusion) Datenschutzbedenken in diesen Situationen verringern. Vor diesem Hintergrund führen wir in das Privatsphäre-Paradoxon ein und zeigen den Stand des Schrifttums auf, wobei wir auf situative und kognitiven Verzerrungen fokussieren. Abschließend wird das Konzept der drei Privatsphäre-Gaps eingeführt und ein Rahmen für zukünftige Forschung entwickelt. In the digital age, many companies and institutions collect and analyze unprecedented quantities of personal data amounts. Therefore, the responsible handling of this data is one of the most pressing issues of our time. Although many countries have adopted data protection laws and many companies voluntarily commit to data protection, there are still many organizations that are exploiting the lack of consumer awareness in situations where data privacy is relevant. Although consumers often state their concerns about their online privacy, only a small share of them actually take the necessary actions to preserve their privacy, referred to as the privacy paradox. On the one hand, the privacy paradox can result from an individual rational calculus where consumers offset the benefits of certain products against the protection of their data. On the other hand, there exist many situational influences (e.g., little time) or cognitive biases (e.g., control illusion) that might reduce consumer’s privacy concerns in certain situations. Against this backdrop, the paper first discusses the privacy paradox and captures the current state of privacy scholarship, focusing on the situational and cognitive biases. Finally, we introduce the concept of three privacy gaps and develop a framework for future research.
  • Zeitschriftenartikel
    Personal data management inside and out
    (Enterprise Modelling and Information Systems Architectures (EMISAJ) – International Journal of Conceptual Modeling: Vol. 15, Nr. 9, 2020) Labadie, Clément; Legner, Christine
    Personal data is increasingly positioned as a valuable asset. While individuals generate and expose ever-expanding volumes of personal information online, certain tech companies have built their business models on the personal data they gather. In this context, lawmakers are revising data protection regulations in order to provide individuals with enhanced rights and set new rules regarding the way corporations collect, manage, and share personal information. We argue that recent data protection regulatory frameworks such as the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) are fundamentally about data management. Yet, there have been no attempts to analyze the regulations in terms of their implications on the data life cycle. In this paper, we systematically analyze the GDPR and the CCPA, and identify their implications on the data life cycle. To synthesize our findings, we propose a semi-formal notation of the resulting changes on the personal data life cycle, in the form of a process and data model governed by business rules, consolidated in a reference personal data life cycle model for data protection. To the best of our knowledge, this study represents one of the first attempts to provide a data-centric view on data protection regulatory requirements.
  • Zeitschriftenartikel
    Privacy-Preserving Process Mining
    (Business & Information Systems Engineering: Vol. 61, No. 5, 2019) Mannhardt, Felix; Koschmider, Agnes; Baracaldo, Nathalie; Weidlich, Matthias; Michael, Judith
    Privacy regulations for data can be regarded as a major driver for data sovereignty measures. A specific example for this is the case of event data that is recorded by information systems during the processing of entities in domains such as e-commerce or health care. Since such data, typically available in the form of event log files, contains personalized information on the specific processed entities, it can expose sensitive information that may be traced back to individuals. In recent years, a plethora of methods have been developed to analyse event logs under the umbrella of process mining. However, the impact of privacy regulations on the technical design as well as the organizational application of process mining has been largely neglected. This paper set out to develop a protection model for event data privacy which applies the well-established notion of differential privacy. Starting from common assumptions about the event logs used in process mining, this paper presents potential privacy leakages and means to protect against them. The paper also shows at which stages of privacy leakages a protection model for event logs should be used. Relying on this understanding, the notion of differential privacy for process discovery methods is instantiated, i.e., algorithms that aim at the construction of a process model from an event log. The general feasibility of our approach is demonstrated by its application to two publicly available real-life events logs.
  • Zeitschriftenartikel
    Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI
    (i-com: Vol. 19, No. 1, 2020) Jakobi, Timo; Stevens, Gunnar; Seufert, Anna-Magdalena; Becker, Max; Grafenstein, Max von
    he GDPR regulates at present the handling with personal data fundamentally new and thereby opens new leeway. At the same time, it creates great uncertainty among those affected. One example of this is web tracking: It helps designers to improve the utility and usability of their websites based on, in part, extensive (personal) data collection, or enable operators to finance them. Against this background, in this article we first show the practical relevance of web tracking by collecting the web trackers of the 100 most popular pages of each of the 28 EU member states. Building on this, we show which data these trackers collect and analyze their legal bases. Finally, we discuss possible consequences in design and architecture for fulfilling the legally outlined requirements, taking into account a user’s perspective.