The myth of individual control: Mapping the limitations of privacy self-management

Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Ullrich, Stefan

doi:10.2139/ssrn.3881776

Cited by 18 publications

(16 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Contrary to common belief many information technological areas such as (ethical and social) theory of computer science (Coy 1992;Capurro 1995), data processing in general (Steinmüller 1973;Pohle 2018), artificial intelligence (Coy/Bonsiepen 1989;Rost 2018b;Rehak 2021), blockchain technology (Rehak 2019), self-determination, consent and transparency (Solove 2013;Bergemann 2018;Crain 2016;Kröger et al 2021), and also precisely digital contact tracing applications (Bock et al 2020) have already been the topic of technically informed academic research producing many results and insights highly relevant for ethical analyses of the digital world. And if "the way forward may lie in designing the right policies" (Floridi 2020), we should all take into account the already existing legislation, its background and its genesis.…”

Section: A New Task For Ethics?mentioning

confidence: 95%

“…It can be said that data protection maintains the functional differentiation of modern societies and thus safeguarding many basic societal functions by making structural power asymmetries a central topic (Rost 2018). In addition to the structural nature of data processing, societies with division of labor can in principle not let the overstrained individual deal with all details of information processing, if they want to be fair (Hull 2015;Kröger et al 2021). The focus of data protection therefore does not lie on the "privacy" and "privacy decisions" of the individual data subject, but on the overall structural societal effects of data processing (Bock/Engeler 2016).…”

Section: Key Termsmentioning

confidence: 99%

“…Data protection continuously and critically evaluates its legal implementation in data protection law (Karg 2012). This difference can create peculiar situations, where certain measures are legally required although they have no proper data protection effect (Solove 2013;Crain 2016;Bergemann 2018;Kröger et al 2021) while at the same time some really useful data protection measures are not legally required (cf. SDM 2021).…”

Section: Key Termsmentioning

confidence: 99%

“…I outlined above, why the demand for legality is not self-evident and should be well-founded for an ethical analysis or an ethical argument. However, from a data protection perspective, the legality question is also only remotely relevant, since legality in itself does not prevent unwanted consequences of data processing (Solove 2013;Kröger et al 2021). The primary goal of data protection is the protection of people and society, not the protection of legal principles.…”

Section: First Step: Validationmentioning

confidence: 99%

See 3 more Smart Citations

Technologien der Krise

2022

View full text Add to dashboard Cite

Technologien der Krise Digitale Gesellschaft | Band 48 Dennis Krämer (Dr. phil.) ist Soziologe und aktuell Vertretungsprofessor für Sport-und Gesundheitssoziologie am Institut für Sportwissenschaften der Georg-August Universität Göttingen. In seiner Forschung beschäftigt er sich mit der Bedeutung von Technologien in Krisensituationen sowie mit der gesellschaftlichen Behandlung von Menschen mit Varianten der Geschlechtsentwicklung. 2020 wurde er mit dem Nachwuchspreis der Deutschen Gesellschaft für Soziologie sowie dem Wissenschaftspreis des Deutschen Olympischen Sportbunds ausgezeichnet. 2021 wurde er in die Global Young Faculty aufgenommen. Joschka Haltaufderheide (Dr. phil.) ist Philosoph und Medizinethiker. Er leitet den Arbeitsbereich Bio-und Gesundheitstechnologien am Institut für Medizinische Ethik und Geschichte der Medizin der Ruhr-Universität Bochum. Zu seinen Schwerpunkten gehören ethische Fragen der Gesundheitsversorgung mit soziotechnischen Arrangements, die Untersuchung mobiler Gesundheitsapplikationen in der Coronakrise und Fragen der postphänomenologischen Technikphilosophie im Gesundheitsbereich.

show abstract

Section: A New Task For Ethics?mentioning

confidence: 95%

Section: Key Termsmentioning

confidence: 99%

Section: Key Termsmentioning

confidence: 99%

Section: First Step: Validationmentioning

confidence: 99%

See 2 more Smart Citations

Technologien der Krise

2022

View full text Add to dashboard Cite

show abstract

“…A single assessment may address a set of similar processing operations that present similar high risks. (7) The assessment shall contain at least (a) a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller;…”

Section: Data Protection Impact Assessment (Dpia)mentioning

confidence: 99%

The Processing goes far beyond "the app" – Privacy issues of decentralized Digital Contact Tracing using the example of the German Corona-Warn-App

Rehak

Kühne²

2022

2022 6th International Conference on Cryptography, Security and Privacy (CSP)

View full text Add to dashboard Cite

Since SARS-CoV-2 started spreading in Europe in early 2020, there has been a strong call for technical solutions to combat or contain the pandemic, with contact tracing apps at the heart of the debates. The EU's General Data Protection Regulation (GDPR) requires controllers to carry out a data protection impact assessment (DPIA) where their data processing is likely to result in a high risk to the rights and freedoms (Art. 35 GDPR). A DPIA is a structured risk analysis that identifies and evaluates possible consequences of data processing relevant to fundamental rights in advance and describes the measures envisaged to address these risks or expresses the inability to do so. Based on the Standard Data Protection Model (SDM), wepresent the results of a scientific and methodologically clear DPIA. It shows that even a decentralized architecture involves numerous serious weaknesses and risks, including larger ones still left unaddressed in current implementations. It also found that none of the proposed designs operates on anonymous data or ensures proper anonymisation. It also showed that informed consent would not be a legitimate legal ground for the processing. For all points where data subjects' rights are still not sufficiently safeguarded, we briefly outline solutions.

show abstract

What HCI Can Do for (Data Protection) Law—Beyond Design

Jakobi

Grafenstein

2023

Human Factors in Privacy Research

View full text Add to dashboard Cite

Usable Privacy often works at the intersection of regulation to thrive for more usable solutions to normative provisions. The regulatory provisions themselves, or the legal standards of their implementation, however, typically remain unquestioned in the design process. This way, HCI falls short of its potential to inform regulation with insights on human expectations, attitudes, and behavior in the real world, to make law more effective. In this chapter, we present the extensive impulses that are also coming from legal sciences themselves motivating a more substantial collaboration of HCI and legal sciences. We turn to the example of data protection legislation and discuss the legislative intentions surrounding the landmark case of the European General Data Protection Regulation (GDPR). We show how GDPRs’ requirement of “effectiveness” of technical and organizational protection measures opens the door for more in-depth collaboration with HCI and provide examples of high potential for such joint research.

show abstract

The myth of individual control: Mapping the limitations of privacy self-management

Cited by 18 publications

References 27 publications

Technologien der Krise

Technologien der Krise

The Processing goes far beyond "the app" – Privacy issues of decentralized Digital Contact Tracing using the example of the German Corona-Warn-App

What HCI Can Do for (Data Protection) Law—Beyond Design

Contact Info

Product

Resources

About