A Case Study on the Implementation of the Right of Access in Privacy Dashboards

Tolsdorf, Jan; Fischer, Michael D.; Iacono, Luigi Lo

doi:10.1007/978-3-030-76663-4_2

Cited by 15 publications

(5 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors also emphasized the importance of using automation whenever possible when responding to SARs and developing templates that businesses can follow so that they can reach a state of "legal certainty," where they can be assured that they are in compliance with laws that provide users with the right to access their data. Tolsdorf et al [57] identified data incompleteness and inconsistency issues when evaluating the accuracy of information displayed in privacy dashboards for a number of service providers.…”

Section: Efficacy Of Subject Access Requestsmentioning

confidence: 99%

Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)

Samarin

Shayna

Zaina

et al. 2023

PoPETs

View full text Add to dashboard Cite

The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to "verifiable consumer requests" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to "right to know" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with "right to know" requests and other related regulations.

show abstract

Section: Efficacy Of Subject Access Requestsmentioning

confidence: 99%

Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)

Samarin

Shayna

Zaina

et al. 2023

PoPETs

View full text Add to dashboard Cite

show abstract

“…For example, similar to the Usable Privacy dashboard by Raschke et al [75] mentioned above, Olausson developed a dashboard specifically targeting nurses' work [67]. Tolsdorf et al [86] qualitatively compared ten implementations of dashboards, comparing their levels of compliance. Still, dashboard implementations are scarce in practice and are often only adopted by big players on the market.…”

Section: Data Subject Rights: Information Visualization For Interacti...mentioning

confidence: 99%

What HCI Can Do for (Data Protection) Law—Beyond Design

Jakobi

Grafenstein

2023

Human Factors in Privacy Research

View full text Add to dashboard Cite

Usable Privacy often works at the intersection of regulation to thrive for more usable solutions to normative provisions. The regulatory provisions themselves, or the legal standards of their implementation, however, typically remain unquestioned in the design process. This way, HCI falls short of its potential to inform regulation with insights on human expectations, attitudes, and behavior in the real world, to make law more effective. In this chapter, we present the extensive impulses that are also coming from legal sciences themselves motivating a more substantial collaboration of HCI and legal sciences. We turn to the example of data protection legislation and discuss the legislative intentions surrounding the landmark case of the European General Data Protection Regulation (GDPR). We show how GDPRs’ requirement of “effectiveness” of technical and organizational protection measures opens the door for more in-depth collaboration with HCI and provide examples of high potential for such joint research.

show abstract

“…To do this, users would first have to have an overview of what data is collected about them through the use of privacy-unfriendly and privacy-friendly communication channels, how this data is processed, and what tangible consequences this has for their life. We know from research that users find it very difficult to assess the last aspect [6,14,[16][17][18][19][20][21]40], while at least users from the scope of the General Data Protection Regulation (GDPR) would in principle be entitled to information on the first two points-but here, too, anecdotal research shows that practice in many large companies is unfortunately currently far from providing users with comprehensive information on these aspects, even upon request [31,38,39]. Often, therefore, users at this stage are left to speculate about the positive effect of their actions, while the negative effect, for example, in the form of reduced usability or not reaching out to certain people via digital channels such as messenger, is clearly evident and thus can potentially lead to a change in the goal of action towards less privacy-preserving behavior.…”

Section: Rubicon Modelmentioning

confidence: 99%

From the Privacy Calculus to Crossing the Rubicon: An Introduction to Theoretical Models of User Privacy Behavior

Gerber

Stöver

2023

Human Factors in Privacy Research

View full text Add to dashboard Cite

Several theories and behavioral models aiming to explain user privacy behavior, including the privacy paradox, have been proposed in the literature. In this chapter, we give an introduction to the behavioral models that are most frequently used in privacy research, as well as those that originate in other contexts but nevertheless have the potential to make a meaningful contribution to explaining user privacy behavior. We further discuss to what extent the behavioral models help us to explain and predict privacy behaviors. The renowned privacy calculus model, for example, falls short in this respect since it remains unclear which consequences are evaluated by the user, whereas other models such as the theory of planned behavior can offer novel insights when combined with models such as HAPA or COM-B that are so far unfathomed in the context of privacy research.

show abstract

A Case Study on the Implementation of the Right of Access in Privacy Dashboards

Cited by 15 publications

References 34 publications

Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)

Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)

What HCI Can Do for (Data Protection) Law—Beyond Design

From the Privacy Calculus to Crossing the Rubicon: An Introduction to Theoretical Models of User Privacy Behavior

Contact Info

Product

Resources

About