“Data Protection Can Sometimes Be a Nuisance” A Notification Study on Data Sharing Practices in City Apps
| dc.contributor.author | Drescher, Jan Niklas | |
| dc.contributor.author | Moser, Jakob | |
| dc.contributor.author | Strangmann, Nicolas | |
| dc.contributor.author | Spinner, Jonas | |
| dc.contributor.author | Herrmann, Dominik | |
| dc.contributor.author | Volkamer, Melanie | |
| dc.date.accessioned | 2024-08-21T11:08:35Z | |
| dc.date.available | 2024-08-21T11:08:35Z | |
| dc.date.issued | 2024 | |
| dc.description.abstract | Despite the strict requirements regarding the justification of data sharing imposed by the General Data Protection Regulation (GDPR), many mobile apps, even those provided by European states, share user data with third parties without justification or consent. To assess data sharing of city apps, we analyzed 138 apps from German cities for non-compliance with the GDPR. We found that 70 of these apps contacted third-party services outside the European Union without user consent, making them potentially non-compliant with current European privacy regulations. To investigate what information helps app vendors to remediate the issue, we sent three types of notifications to potentially non-compliant vendors: A generic one, one with detailed technical guidance to achieve compliance, and one with a detailed legal explanation. We observed a response rate of 37% and fix rates of approximately 17% for the two groups that received detailed notifications. Thereby, we found that both technical guidance and legal explanations significantly increase the number of fixed apps, compared to just sending generic notifications. While the response rate was higher than during comparable studies, we observed high distrust in our messages, similar to related work. Surprisingly, we found that many of the app vendors who promised to remediate the issue, did not do so successfully, while others silently patched their app. | en |
| dc.identifier.doi | 10.18420/muc2024-mci-ws17-159 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/44292 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Mensch und Computer 2024 - Workshopband | |
| dc.relation.ispartofseries | Mensch und Computer | |
| dc.rights | https://creativecommons.org/licenses/by/4.0/ | |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | |
| dc.title | “Data Protection Can Sometimes Be a Nuisance” A Notification Study on Data Sharing Practices in City Apps | en |
| dc.type | Text/Workshop Paper | |
| gi.conference.date | 1.-4. September 2024 | |
| gi.conference.location | Karlsruhe | |
| gi.conference.sessiontitle | MCI-WS17: Usable Security und Privacy Workshop |
Dateien
Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- muc2024-mci-ws17-159.pdf
- Größe:
- 561.4 KB
- Format:
- Adobe Portable Document Format