Logo des Repositoriums

Auflistung nach Schlagwort "privacy by design"

1 - 4 von 4
  • Zeitschriftenartikel
    Digital natives aren’t concerned much about privacy, or are they?
    (i-com: Vol. 22, No. 1, 2023) Maier, Edith; Doerk, Michael; Reimer, Ulrich; Baldauf, Matthias
    Voice assistants have become embedded in people’s private spaces and domestic lives where they gather enormous amounts of personal information which is why they evoke serious privacy concerns. The paper reports the findings from a mixed-method study with 65 digital natives, their attitudes to privacy and actual and intended behaviour in privacy-sensitive situations and contexts. It also presents their recommendations to governments or organisations with regard to protecting their data. The results show that the majority are concerned about privacy but are willing to disclose personal data if the benefits outweigh the risks. The prevailing attitude is one characterised by uncertainty about what happens with their data, powerlessness about controlling their use, mistrust in big tech companies and uneasiness about the lack of transparency. Few take steps to self-manage their privacy, but rely on the government to take measures at the political and regulatory level. The respondents, however, show scant awareness of existing or planned legislation such as the GDPR and the Digital Services Act, respectively. A few participants are anxious to defend the analogue world and limit digitalization in general which in their opinion only opens the gate to surveillance and misuse.
  • Zeitschriftenartikel
    DPMF: A Modeling Framework for Data Protection by Design
    (Enterprise Modelling and Information Systems Architectures (EMISAJ) – International Journal of Conceptual Modeling: Vol. 15, Nr. 10, 2020) Sion, Laurens; Dewitte, Pierre; Van Landuyt, Dimitri; Wuyts, Kim; Valcke, Peggy; Joosen, Wouter
    Building software-intensive systems that respect the fundamental rights to privacy and data protection requires explicitly addressing data protection issues at the early development stages. Data Protection by Design (DPbD)—as coined by Article 25(1) of the General Data Protection Regulation (GDPR)—therefore calls for an iterative approach based on (i) the notion of risk to data subjects, (ii) a close collaboration between the involved stakeholders and (iii) accountable decision-making. In practice, however, the legal reasoning behind DPbD is often conducted on the basis of informal system descriptions that lack systematicity and reproducibility. This affects the quality of Data Protection Impact Assessments (DPIA)—i.e. the concrete manifestation of DPbD at the organizational level. This is a major stumbling block when it comes to conducting a comprehensive and durable assessment of the risks that takes both the legal and technical complexities into account. In this article, we present DPMF, a data protection modeling framework that allows for a comprehensive and accurate description of the data processing operations in terms of the key concepts used in the GDPR. The proposed modeling approach supports the automation of a number of legal reasonings and compliance assessments (e.g., purpose compatibility) that are commonly addressed in a DPIA exercise and this support is strongly rooted upon the system description models. The DPMF is supported in a prototype modeling tool and its practical applicability is validated in the context of a realistic e-health system for a number of complementary development scenarios.
  • Konferenzbeitrag
    Privacy by Design Architecture Composed of Identity Agents Decentralizing Control over Digital Identity
    (Open Identity Summit 2020, 2020) Toth, Kalman C.; Cavoukian, Ann; Anderson-Priddy, Alan
    Proposed is an identity architecture that satisfies the principles of privacy by design, decentralizes control over digital identity from providers to users, mitigates breach and impersonation risks, and reduces dependency on remote access passwords. The architecture is composed of interoperating identity agents that work on behalf of their owners and deploy digital identities that are virtualized to look and behave like identities found in one’s wallet and contacts list. Encapsulating authentication data, identity agents strongly bind owners to their digital identities and private keys enabling them to prove who they are, protect their private data, secure transactions, conduct identity proofing, and reliably delegate consent. Identity agents also off-load application services from identity-related and privacy-related tasks. A gestalt privacy by design process has been used to discover the architecture’s privacy requirements and design elements and systematically reason about how the design elements satisfy the privacy requirements. Identity-related functionality has been intentionally compartmentalized within identity agents to focus development on creating trustworthy software. A reference model for development derived from the described identity architecture is proposed.
  • Konferenzbeitrag
    Towards an Architecture for Pseudonymous E-Commerce - Applying Privacy by Design to Online Shopping
    (SICHERHEIT 2018, 2018) Pape, Sebastian; Tasche, Daniel; Bastys, Iulia; Grosz, Akos; Laessig, Joerg; Rannenberg, Kai
    In this paper we apply privacy by design in e-commerce. We outline the requirements of a privacy-aware online shopping platform that satisfies the principle of data minimization and we suggest several architectures for building such a platform. We then compare them according to four dimensions: privacy threats, transparency, usability and compatibility with existing business models. Based on the comparison, we aim to build the selected platform in the next step.