Online privacy concerns and legal assurance: a user perspective

Since the emergence of the Internet and Social Media, privacy concerns and need for regulation in this area have been a frequent subject on the agenda of numerous stakeholders and policy-makers worldwide. Contributing to this debate, this paper builds on the responses of 553 Internet users to uncover users’ current privacy concerns and their attitudes towards legal assurances in this context. Our findings suggest that users have a complex attitude towards these issues. While they express strong concerns about privacy when asked directly, they often have difficulties formulating the exact nature of these concerns. In the Facebook context, Facebook itself is often mentioned as the primary source of threat, closely followed by marketing organizations. Users feel ill-protected by existing legal framework, especially when using Social Networking Sites. Reasons include common beliefs that the law is unable to address complexities of the Internet; local character of laws; possibilities to disregard the law, particularly since enforcement is difficult. Overall, positive changes in legal framework are desirable, with many respondents willing to pay more in taxes to ensure progress in this area.

Impact of online privacy concerns and brand reputation on consumer willingness to provide personal information

The aim of this research was to identify the role of brand reputation in encouraging consumer willingness to provide personal data online, for the benefits of personalisation. This study extends on Malhotra, Kim and Agarwal’s (2004) Internet Users Information Privacy Concerns Model, and uses the theoretical underpinning of Social Contract Theory to assess how brand reputation moderates the relationship between trusting beliefs and perceived value (Privacy Calculus framework) with willingness to give personal information. The research is highly relevant as most privacy research undertaken to date focuses on consumer related concerns. Very little research exists examining the role of brand reputation and online privacy. Practical implications of this research include gaining knowledge as to how to minimise online privacy concerns; improve brand reputation; and provide insight on how to reduce consumer resistance to the collection of personal information and encourage consumer opt-in.

Personal health data - Privacy policy harmonization and global enforcement

This workshop is jointly organized by EFMI Working Groups Security, Safety and Ethics and Personal Portable Devices in cooperation with IMIA Working Group "Security in Health Information Systems". In contemporary healthcare and personal health management the collection and use of personal health information takes place in different contexts and jurisdictions. Global use of health data is also expanding. The approach taken by different experts, health service providers, data subjects and secondary users in understanding privacy and the privacy expectations others may have is strongly context dependent. To make eHealth, global healthcare, mHealth and personal health management successful and to enable fair secondary use of personal health data, it is necessary to find a practical and functional balance between privacy expectations of stakeholder groups. The workshop will highlight these privacy concerns by presenting different cases and approaches. Workshop participants will analyse stakeholder privacy expectations that take place in different real-life contexts such as portable health devices and personal health records, and develop a mechanism to balance them in such a way that global protection of health data and its meaningful use is realized simultaneously. Based on the results of the workshop, initial requirements for a global healthcare information certification framework will be developed.

The legality of online Privacy-Enhancing Technologies

L’utilisation d’Internet prend beaucoup d’ampleur depuis quelques années et le commerce électronique connaît une hausse considérable. Nous pouvons présentement acheter facilement via Internet sans quitter notre domicile et avons accès à d’innombrables sources d’information. Cependant, la navigation sur Internet permet également la création de bases de données détaillées décrivant les habitudes de chaque utilisateur, informations ensuite utilisées par des tiers afin de cerner le profil de leur clientèle cible, ce qui inquiète plusieurs intervenants. Les informations concernant un individu peuvent être récoltées par l’interception de données transactionnelles, par l’espionnage en ligne, ainsi que par l’enregistrement d’adresses IP. Afin de résoudre les problèmes de vie privée et de s’assurer que les commerçants respectent la législation applicable en la matière, ainsi que les exigences mises de l’avant par la Commission européenne, plusieurs entreprises comme Zero-knowledge Systems Inc. et Anonymizer.com offrent des logiciels permettant la protection de la vie privée en ligne (privacy-enhancing technologies ou PETs). Ces programmes utilisent le cryptage d’information, une méthode rendant les données illisibles pour tous à l’exception du destinataire. L’objectif de la technologie utilisée a été de créer des systèmes mathématiques rigoureux pouvant empêcher la découverte de l’identité de l’auteur même par le plus déterminé des pirates, diminuant ainsi les risques de vol d’information ou la divulgation accidentelle de données confidentielles. Malgré le fait que ces logiciels de protection de la vie privée permettent un plus grand respect des Directives européennes en la matière, une analyse plus approfondie du sujet témoigne du fait que ces technologies pourraient être contraires aux lois concernant le cryptage en droit canadien, américain et français.

Fuzzy Web Knowledge Aggregation, Representation, and Reasoning for Online Privacy and Reputation Management

A social Semantic Web empowers its users to have access to collective Web knowledge in a simple manner, and for that reason, controlling online privacy and reputation becomes increasingly important, and must be taken seriously. This chapter presents Fuzzy Cognitive Maps (FCM) as a vehicle for Web knowledge aggregation, representation, and reasoning. With this in mind, a conceptual framework for Web knowledge aggregation, representation, and reasoning is introduced along with a use case, in which the importance of investigative searching for online privacy and reputation is highlighted. Thereby it is demonstrated how a user can establish a positive online presence.

Should I share this? : support awareness of social sharing practice that might compromise online privacy and reputation

Thesis (Master's)--University of Washington, 2016-06

Privacy Policies and Users’ Trust: Does Readability Matter?

Over the years, a drastic increase in online information disclosure spurs a wave of concerns from multiple stakeholders. Among others, users resent the “behind the closed doors” processing of their personal data by companies. Privacy policies are supposed to inform users how their personal information is handled by a website. However, several studies have shown that users rarely read privacy policies for various reasons, not least because limitedly readable policy texts are difficult to understand. Based on our online survey with over 440 responses, we examine the objective and subjective readability of privacy policies and investigate their impact on users’ trust in five big Internet services. Our findings show the stronger a user believes in having understood the privacy policy, the higher he or she trusts a web site across all companies we studied. Our results call for making readability of privacy policies more accessible to an average reader.

An Examination of Privacy Policies of Global On-line E-pharmacies

This paper investigates the differences in privacy policy functions among 90 online pharmacy websites in nine countries in Europe, Asia and North America. Results from this study show that the majority of websites do have privacy policies, but the level of functional protection of consumers varies widely. Even in those countries where strong privacy laws exist, the level of privacy protection adherence is often very low. Most studies of privacy policy issues have concentrated on websites from developed nations, with few studies of the pharmacy industry. A better understanding of this industry, as well as understanding the differences in privacy policy implementation among developing and developed countries, provides important lessons for both businesses and consumers.

Towards defining semantic foundations for purpose-based privacy policies

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.

Privacy-aware workflow management

Information security policies play an important role in achieving information security. Confidentiality, Integrity, and Availability are classic information security goals attained by enforcing appropriate security policies. Workflow Management Systems (WfMSs) also benefit from inclusion of these policies to maintain the security of business-critical data. However, in typical WfMSs these policies are designed to enforce the organisation’s security requirements but do not consider those of other stakeholders. Privacy is an important security requirement that concerns the subject of data held by an organisation. WfMSs often process sensitive data about individuals and institutions who demand that their data is properly protected, but WfMSs fail to recognise and enforce privacy policies. In this paper, we illustrate existing WfMS privacy weaknesses and introduce WfMS extensions required to enforce data privacy. We have implemented these extensions in the YAWL system and present a case scenario to demonstrate how it can enforce a subject’s privacy policy.

Tecnologias de informação e comunicação e o cidadão sénior : estudo sobre o impacto em variáveis psicossociais e a conceptualização de serviços com e para o cidadão sénior

Perante uma sociedade em célere envelhecimento demográfico e permanente avanço tecnológico, justifica-se a aposta em estudos que potenciem a ação comunicativa e a diminuição do isolamento social decorrente das perdas biopsicossociais associadas à idade sénior. Esta tese possui quatro objetivos de estudo: i) pretende-se investigar qual é o impacto da utilização das Tecnologias de Informação e Comunicação (TIC) no autoconceito (AC), no ânimo e na qualidade de vida (QV) de um grupo de seniores; ii) perceber se existe e qual a relação entre as variáveis independentes sexo, idade, estado civil, escolaridade, profissão, IPSS, regime de frequência, tempo na IPSS, orientação para frequentar a IPSS, visita de familiares e visita de amigos e as variáveis dependentes AC, ânimo, QV e respetivos fatores e domínios, nos momentos de pré e pós-teste; iii) perceber se a sua participação no processo de conceptualização de um serviço de comunicação assíncrona, email, influencia a sua usabilidade ao nível das componentes eficácia, eficiência e satisfação; iv) e sugerir a componente política da comunidade online sénior em desenvolvimento no âmbito do Projeto SEDUCE. Para o desenvolvimento do estudo estabeleceram-se parcerias com quatro Instituições Particulares de Segurança Social do concelho de Aveiro, integradas no âmbito do projeto SEDUCE. Os instrumentos utilizados para a avaliação do autoconceito, do ânimo e da qualidade de vida foram o Inventário Clínico de Auto-Conceito, a Escala de Ânimo do Centro Geriátrico de Philadelphia e a Escala de Qualidade de Vida da Organização Mundial de Saúde WHOQOL-Bref, respetivamente. No processo de conceptualização do serviço de email e da componente política da comunidade online utilizou-se a observação participativa e o contextual design. O estudo envolveu a participação de 42 seniores distribuídos por duas condições experimentais: 22 seniores do grupo experimental utilizaram as TIC duas vezes por semana (em sessões de 90 minutos cada, num total de 80 sessões) e 19 seniores do grupo de controlo passivo não experimentaram qualquer intervenção. Para a avaliação das variáveis psicossociais realizaram-se dois momentos de avaliação, antes e depois de 11 meses de intervenção, de Agosto de 2011 a Julho de 2012. Ao longo das sessões de envolvimento com as TIC observou-se que os seniores apresentam, continuamente, dificuldades em: manipular o rato e percecionar a sua ação no monitor; fazer a distinção entre teclas (enter, spacebar, delete, caps lock entre outras); em utilizar duplas teclas para colocar pontuação e acentuação; iniciar atividades no Microsoft Office Word; selecionar a informação disponibilizada em motores de pesquisa; perceber quais as zonas clicáveis; falta de confiança em efetivar ações; receio em iniciar nova atividades, pela falta de conhecimento e pelo medo de errar; memorizar endereços de email e passwords; e dar continuidade às tarefas. Na utilização do serviço de email consideram importante receber resposta quando enviam uma mensagem, assim como responder sempre aos remetentes; raramente colocam assunto nas mensagens; e expressam grande satisfação ao receber mensagens de familiares e/ou amigos. O processo de desenvolvimento de serviços com a participação ativa dos seniores revela-se exequível mas é necessário adaptar as práticas: os processos devem ser iterativos; evitar linguagem formal; clarificar o objetivo; deixar os seniores pensar em voz alta; dar-lhes tempo; mantê-los focados e não conduzi-los nas tarefas. Os resultados sugerem que houve aumento significativo do domínio físico da qualidade de vida do grupo experimental. Os participantes que exprimiram maiores níveis de satisfação ao utilizar as TIC apresentam uma perspetiva mais positiva sobre a maturidade psicológica e menos solidão e insatisfação. No grupo experimental e no grupo de controlo passivo verificam-se relações entre as variáveis independentes e as variáveis dependentes, quer no momento de pré-teste como de pós-teste. Conclui-se que a participação dos seniores no processo de conceptualização do serviço de email permitiu fomentar a componente eficácia da usabilidade mas não a satisfação ao utilizar o mesmo. Os resultados sobre a eficiência são inconclusivos. Sobre a componente política os seniores validam a existência de termos de utilização que orientem o comportamento de todos os utilizadores, assim como de uma política de privacidade. A área de registo proposta é adequada ao utilizador sénior.

Towards a Privacy-enhanced Social Networking Site

L’avénement des réseaux sociaux, tel que Facebook, MySpace et LinkedIn, a fourni une plateforme permettant aux individus de rester facilement connectés avec leurs amis, leurs familles ou encore leurs collègues tout en les encourageant activement à partager leurs données personnelles à travers le réseau. Avec la richesse des activités disponibles sur un réseau social, la quantité et la variété des informations personnelles partagées sont considérables. De plus, de part leur nature numérique, ces informations peuvent être facilement copiées, modifiées ou divulguées sans le consentement explicite de leur propriétaire. Ainsi, l’information personnelle révélée par les réseaux sociaux peut affecter de manière concrète la vie de leurs utilisateurs avec des risques pour leur vie privée allant d’un simple embarras à la ruine complète de leur réputation, en passant par l’usurpation d’identité. Malheureusement, la plupart des utilisateurs ne sont pas conscients de ces risques et les outils mis en place par les réseaux sociaux actuels ne sont pas suffisants pour protéger efficacement la vie privée de leurs utilisateurs. En outre, même si un utilisateur peut contrôler l’accès à son propre profil, il ne peut pas contrôler ce que les autres révèlent à son sujet. En effet, les “amis” d’un utilisateur sur un réseau social peuvent parfois révéler plus d’information à son propos que celui-ci ne le souhaiterait. Le respect de la vie privée est un droit fondamental pour chaque individu. Nous pré- sentons dans cette thèse une approche qui vise à accroître la prise de conscience des utilisateurs des risques par rapport à leur vie privée et à maintenir la souveraineté sur leurs données lorsqu’ils utilisent un réseau social. La première contribution de cette thèse réside dans la classification des risques multiples ainsi que les atteintes à la vie privée des utilisateurs d’un réseau social. Nous introduisons ensuite un cadre formel pour le respect de la vie privée dans les réseaux sociaux ainsi que le concept de politique de vie privée (UPP). Celle-ci définie par l’utilisateur offre une manière simple et flexible de spécifier et communiquer leur attentes en terme de respect de la vie privée à d’autres utilisateurs, tiers parties ainsi qu’au fournisseur du réseau social. Par ailleurs, nous dé- finissons une taxonomie (possiblement non-exhaustive) des critères qu’un réseau social peut intégrer dans sa conception pour améliorer le respect de la vie privée. En introduisant le concept de réseau social respectueux de la vie privée (PSNS), nous proposons Privacy Watch, un réseau social respectueux de la vie privée qui combine les concepts de provenance et d’imputabilité afin d’aider les utilisateurs à maintenir la souveraineté sur leurs données personnelles. Finalement, nous décrivons et comparons les différentes propositions de réseaux sociaux respectueux de la vie privée qui ont émergé récemment. Nous classifions aussi ces différentes approches au regard des critères de respect de la vie privée introduits dans cette thèse.

Priv-C : une politique de confidentialité personnalisable

Les politiques de confidentialité définissent comment les services en ligne collectent, utilisent et partagent les données des utilisateurs. Bien qu’étant le principal moyen pour informer les usagers de l’utilisation de leurs données privées, les politiques de confidentialité sont en général ignorées par ces derniers. Pour cause, les utilisateurs les trouvent trop longues et trop vagues, elles utilisent un vocabulaire souvent difficile et n’ont pas de format standard. Les politiques de confidentialité confrontent également les utilisateurs à un dilemme : celui d’accepter obligatoirement tout le contenu en vue d’utiliser le service ou refuser le contenu sous peine de ne pas y avoir accès. Aucune autre option n’est accordée à l’utilisateur. Les données collectées des utilisateurs permettent aux services en ligne de leur fournir un service, mais aussi de les exploiter à des fins économiques (publicités ciblées, revente, etc). Selon diverses études, permettre aux utilisateurs de bénéficier de cette économie de la vie privée pourrait restaurer leur confiance et faciliter une continuité des échanges sur Internet. Dans ce mémoire, nous proposons un modèle de politique de confidentialité, inspiré du P3P (une recommandation du W3C, World Wide Web Consortium), en élargissant ses fonctionnalités et en réduisant sa complexité. Ce modèle suit un format bien défini permettant aux utilisateurs et aux services en ligne de définir leurs préférences et besoins. Les utilisateurs ont la possibilité de décider de l’usage spécifique et des conditions de partage de chacune de leurs données privées. Une phase de négociation permettra une analyse des besoins du service en ligne et des préférences de l’utilisateur afin d’établir un contrat de confidentialité. La valeur des données personnelles est un aspect important de notre étude. Alors que les compagnies disposent de moyens leur permettant d’évaluer cette valeur, nous appliquons dans ce mémoire, une méthode hiérarchique multicritères. Cette méthode va permettre également à chaque utilisateur de donner une valeur à ses données personnelles en fonction de l’importance qu’il y accorde. Dans ce modèle, nous intégrons également une autorité de régulation en charge de mener les négociations entre utilisateurs et services en ligne, et de générer des recommandations aux usagers en fonction de leur profil et des tendances.