Challenges in assessing privacy impact: Tales from the front lines

Ferra, Fenia; Wagner, Isabel; Boiten, Eerke Albert; Hadlington, Lee; Psychoula, Ismini; Snape, Richard H.

doi:10.1002/spy2.101

Cited by 7 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, defining privacy by sensitivity alone is problematic because sensitivity is usually at the discretion of the provider, who may not always act in the consumer's best interests [9][10][11]. There is also an inherent limitation in computing sensitivity as nuances of social interaction are often abstracted away [12], bounded by statistical models and computing resources. Even back in 1969, the measure of "sensitivity" is already recognized as being vary "…depends in large measure upon the context in which it was first given, and the context in which it is later used" [13].…”

Section: Introductionmentioning

confidence: 99%

Information Disclosure in Mobile Device: Examining the Influence of Information Relevance and Recipient

Leom¹,

Deegan²,

Martini³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Privacy enhancing technologies (PETs) in mobile platforms typically restrict undesired information flow based on its sensitivity. However, sensitivity is often regarded as dichotomous and inflexible to the everchanging contexts. Improving the effectiveness of PETs requires a better understanding of these contexts. In this paper, we examine the influence of contextual factors in users' mobile usage based on Nissenbaum's framework of contextual integrity. Specifically, we conducted a user study (n = 2889) to investigate the influence of relevance of information types on the willingness of disclosure towards typical groups of recipient. While the results suggest a significant relationship between information relevance (of different information) and willingness to disclose (to different recipients), closer examination reveals the relationship is not always clear-cut, and there is a potential influence of recipient. Therefore, incorporating the recipient factor can serve as a potential improvement to the existing approach in privacy management in the mobile device.

show abstract

Section: Introductionmentioning

confidence: 99%

Information Disclosure in Mobile Device: Examining the Influence of Information Relevance and Recipient

Leom¹,

Deegan²,

Martini³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…A privacy impact assessment (PIA) addresses the causes of data leakage and privacy breaches [ 19 ]. In PIA, the vital step is to identify information that will originate, terminate in, or pass through the IoT-enabled system.…”

Section: Literature Reviewmentioning

confidence: 99%

A Privacy Preservation Quality of Service (QoS) Model for Data Exposure in Android Smartphone Usage

Bakar

Singh

Shariff

2021

Sensors

View full text Add to dashboard Cite

An Android smartphone contains built-in and externally downloaded applications that are used for entertainment, finance, navigation, communication, health and fitness, and so on. The behaviour of granting permissions requested by apps might expose the Android smartphone user to privacy risks. The existing works lack a formalized mathematical model that can quantify user and system applications risks. No multifaceted data collector tool can also be used to monitor the collection of user data and the risk posed by each application. A benchmark of the risk level that alerts the user and distinguishes between acceptable and unacceptable risk levels in Android smartphone user does not exist. Hence, to address privacy risk, a formalized privacy model called PRiMo that uses a tree structure and calculus knowledge is proposed. An App-sensor Mobile Data Collector (AMoDaC) is developed and implemented in real life to analyse user data accessed by mobile applications through the permissions granted and the risks involved. A benchmark is proposed by comparing the proposed PRiMo outcome with the existing available testing metrics. The results show that Tools & Utility/Productivity applications posed the highest risk as compared to other categories of applications. Furthermore, 29 users faced low and acceptable risk, while two users faced medium risk. According to the benchmark proposed, users who faced risks below 25% are considered as safe. The effectiveness and accuracy of the proposed work is 96.8%.

show abstract

“…Verifying compliance of a system against the GDPR. Data protection impact assessment (DPIA) approaches [4], [22], [23] involve extensive reasoning about legal obligations at the basis of legal abstractions, typically encoded in models. These models can subsequently be analyzed to assess and identify problematic data processing operations.…”

Section: Translation Of Legal Obligations To Requirementsmentioning

confidence: 99%