Ebert, SarahKrauß, Anna-MagdalenaAnke, Jürgen2023-08-242023-08-242023https://dl.gi.de/handle/20.500.12116/42116In today’s digital age, safeguarding personal information has become crucial due to widespread data exchange and processing. Self-Sovereign Identity (SSI) empowers individuals to manage their digital identities themselves. To protect their privacy, users should be enabled to make informed decisions when sharing their data. To facilitate this, a decision model is proposed in this paper, aiming todetermine the appropriate threat level for data requests in SSI applications. For that, we used the General Data Protection Regulation (GDPR) as basis to identify several influencing factors. These factors were grouped into partial models such as the trustworthiness of the requesting party, the legitimacy of the request, and the value of that data. The decision model combines the results from these partial decision models to assign one of the three threat levels: low, medium, or high. In the future, this model has the potential to be integrated into SSI applications, enabling automatic assessment of requests for data and thus empower users to make informed decisions about sharing their data.decision modelself-sovereign identityusable securityprivacyGDPRthreat levelsText/Workshop Paper10.18420/muc2023-mci-ws11-322