Applying Contextual Integrity to Open Data Publishing

Henriksen-Bulmer, Jane; Faily, Shamal

doi:10.14236/ewic/hci2017.95

Cited by 4 publications

(11 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One outcome of this study, was a data protection impact assessment, "the DPIA Data Wheel" (see Figure 2), devised to facilitate the charity's assessment of the privacy risks of their processing activities by including context as part of the design. In creating the DPIA Data Wheel, we sought to integrate CI to GDPR obligations around DPIA and establish how CI could be incorporated into the DPIA process, using the concepts devised in a pilot study, ContextuaL Integrity for Open Data (CLIFOD) [16] (see Section 3.1). This was done through an analysis that sought to first, align the guidance provided by the Information Commissioners Office (ICO) in the UK around DPIAs [17] with GDPR and advice from the EU (see Section 3.2).…”

Section: The Dpia Frameworkmentioning

confidence: 99%

“…From this, we expanded on the idea of using CI to understand privacy risks by applying the concepts of CI to the decision-making process for open data publication in a pilot study, CLIFOD. In that work, the CI principles were used to create a privacy risk assessment questionnaire to aid decision makers in assessing the risks of making data available in open format [16].…”

Section: Clifod Pilot Studymentioning

confidence: 99%

“…Following the pre-assessment, if a DPIA assessment is deemed necessary, users will move on to complete the rest of the privacy risk assessment by completing the Data Wheel. The Data Wheel was created around Nissenbaum's three key elements, with the CLIFOD translation of the three phases ("explanation, risk assessment and decision" [16]) used to delineate the assessment and create three overarching phases for the Data Wheel assessment. Figure 8 depicts the Data Wheel activity flow.…”

Section: The "Data Wheel"mentioning

confidence: 99%

“…• Phase 2 became "risk assessment"-this looks at the proposed change to the context and/or processing practice and what risks might be associated with these changes; and • Phase 3 became "decision", which asks that the consequences or potential consequences (i.e., the outcome) of making the change be considered [16].…”

mentioning

confidence: 99%

See 3 more Smart Citations

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

2020

Self Cite

View full text Add to dashboard Cite

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions.

show abstract

Section: The Dpia Frameworkmentioning

confidence: 99%

Section: Clifod Pilot Studymentioning

confidence: 99%

Section: The "Data Wheel"mentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…This work will, therefore, benefit any charity or SME dealing with vulnerable clients. Our approach builds on previous work using Nissenbaum's Contextual Integrity (CI) framework [21] to create a decision framework that assess privacy risks in Open Data [12], and expands on this to support the GDPR implementation and the DPIA framework.…”

Section: Introductionmentioning

confidence: 99%

Implementing GDPR in the Charity Sector: A Case Study

Henriksen-Bulmer

Faily

Jeary

2019

Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data

Self Cite

View full text Add to dashboard Cite

Due to their organisational characteristics, many charities are poorly prepared for the General Data Protection Regulation (GDPR). We present an exemplar process for implementing GDPR and the DPIA Data Wheel, a DPIA framework devised as part of the case study, that accounts for these characteristics. We validate this process and framework by conducting a GDPR implementation with a charity that works with vulnerable adults. This charity processes both special category (sensitive) and personally identifiable data. This GDPR implementation was conducted and devised for the charity sector, but can be equally applied in any organisation that need to implement GDPR or conduct DPIAs.

show abstract

Privacy Goals for the Data Lifecycle

et al. 2022

Self Cite

View full text Add to dashboard Cite

The introduction of Data Protection by Default and Design (DPbDD) brought in as part of the General Data Protection Regulation (GDPR) in 2018, has necessitated that businesses review how best to incorporate privacy into their processes in a transparent manner, so as to build trust and improve decisions around privacy best practice. To address this issue, this paper presents a 7-stage data lifecycle, supported by nine privacy goals that together, will help practitioners manage data holdings throughout data lifecycle. The resulting data lifecycle (7-DL) was created as part of the Ideal-Cities project, a Horizon-2020 Smart-city initiative, that seeks to facilitate data re-use and/or repurposed. We evaluate 7-DL through peer review and an exemplar worked example that applies the data lifecycle to a real-time life logging fire incident scenario, one of the Ideal-Cities use cases to demonstrate the applicability of the framework.

show abstract

Applying Contextual Integrity to Open Data Publishing

Cited by 4 publications

References 7 publications

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

Implementing GDPR in the Charity Sector: A Case Study

Privacy Goals for the Data Lifecycle

Contact Info

Product

Resources

About