Logo des Repositoriums
 
Workshopbeitrag

“Data Protection Can Sometimes Be a Nuisance” A Notification Study on Data Sharing Practices in City Apps

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Workshop Paper

Zusatzinformation

Datum

2024

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

Despite the strict requirements regarding the justification of data sharing imposed by the General Data Protection Regulation (GDPR), many mobile apps, even those provided by European states, share user data with third parties without justification or consent. To assess data sharing of city apps, we analyzed 138 apps from German cities for non-compliance with the GDPR. We found that 70 of these apps contacted third-party services outside the European Union without user consent, making them potentially non-compliant with current European privacy regulations. To investigate what information helps app vendors to remediate the issue, we sent three types of notifications to potentially non-compliant vendors: A generic one, one with detailed technical guidance to achieve compliance, and one with a detailed legal explanation. We observed a response rate of 37% and fix rates of approximately 17% for the two groups that received detailed notifications. Thereby, we found that both technical guidance and legal explanations significantly increase the number of fixed apps, compared to just sending generic notifications. While the response rate was higher than during comparable studies, we observed high distrust in our messages, similar to related work. Surprisingly, we found that many of the app vendors who promised to remediate the issue, did not do so successfully, while others silently patched their app.

Beschreibung

Drescher, Jan Niklas; Moser, Jakob; Strangmann, Nicolas; Spinner, Jonas; Herrmann, Dominik; Volkamer, Melanie (2024): “Data Protection Can Sometimes Be a Nuisance” A Notification Study on Data Sharing Practices in City Apps. Mensch und Computer 2024 - Workshopband. DOI: 10.18420/muc2024-mci-ws17-159. Gesellschaft für Informatik e.V.. MCI-WS17: Usable Security und Privacy Workshop. Karlsruhe. 1.-4. September 2024

Schlagwörter

Zitierform

Tags