Privacy and Economics
Permanent URI for this collection
1 - 5 of 5
ItemThe Unlikely Siblings in the GDPR Family: A Techno-Legal Analysis of Major Platforms in the Diffusion of Personal Data in Service Ecosystems( 2019-01-08)The digital age is characterized by hyper-connected services. Whenever we engage with an app we likely engage with a broader set of actors, often facilitated by a platform. Essentially, we engage with a service ecosystem posing particular challenges for privacy regulation. With GDPR taking effect we seek to understand the implications of it for privacy in such ecosystems. Interconnected services can facilitate the diffusion of personal data and thus impede with individual privacy rights. We apply a novel techno- legal analysis to the flow of personal information in service ecosystems. Based on two cases, we show that novel requirements arise for platforms as key actors in service ecosystems. Using our techno-legal analysis we conclude that two major platform providers, Apple and Facebook, have more in common from a legal perspective than the current rhetoric suggests. Based on the analysis, we discuss where privacy-preserving solutions in service ecosystems need to be positioned.
ItemATHiCC: An Anonymous, Asynchronous, Serverless Instant Messaging Protocol( 2019-01-08)Instant messaging has become a main form of communication between people. The ability to instantly send messages to each other, even when the recipient is offline, has become second nature and is taken for granted in modern society. However, this is not without a cost. In the case of instant messaging, that cost is privacy. Service providers use centralized servers to store these messages and can collect information using the messages ‘Metadata’ or even read the contents of messages. This paper presents a novel protocol, ATHiCC (Asynchronous Tor Hidden Chat Communication) that allows private and anonymous communication that doesn't require a server, and yet is still able to support asynchronous communication. A simulator was implemented to test the protocol and performance under various network conditions and topologies. The results of the simulation predict high delivery rates and low delays in message delivery under most conditions, even in small network topologies.
ItemMaking Sense of the General Data Protection Regulation—Four Categories of Personal Data Access Challenges( 2019-01-08)The General Data Protection Regulation (GDPR) was enforced in the pan-European area on May 25th, 2018. From the perspective of data access research, among others, this introduces significant changes into organizations and their practices. However, so far, there is limited research offering insights into such a new policy phenomenon for organizations from the perspective of access to personal data. This paper is based on an ethnographic study of a 2-day workshop in which five European insurance organizations came together to share the results of sensemaking in their organizations and knowledge around the GDPR. We examined how the participants interpreted the GDPR and the compliance challenges they faced. These challenges are categorized into four dimensions of personal data access, as follows: Procedure, Protection, Privacy, and Proliferation. These challenges are significant for any organization that acts as a processor and/or controller to consider.
ItemA Two-Pillar Approach to Analyze the Privacy Policies and Resource Access Behaviors of Mobile Augmented Reality Applications( 2019-01-08)Augmented reality (AR) gained much public attention since the success of Pokémon Go in 2016. Technology companies like Apple or Google are currently focusing primarily on mobile AR (MAR) technologies, i.e. applications on mobile devices, like smartphones or tablets. Associated privacy issues have to be investigated early to foster market adoption. This is especially relevant since past research found several threats associated with the use of smartphone applications. Thus, we investigate two of the main privacy risks for MAR application users based on a sample of 19 of the most downloaded MAR applications for Android. First, we assess threats arising from bad privacy policies based on a machine-learning approach. Second, we investigate which smartphone data resources are accessed by the MAR applications. Third, we combine both approaches to evaluate whether privacy policies cover certain data accesses or not. We provide theoretical and practical implications and recommendations based on our results.
ItemIntroduction to the Minitrack on Privacy and Economics( 2019-01-08)