Abstract
Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy. In this paper, we explore these challenges from the perspective of digital ecosystems’ platform providers. To this end, we present the results of an interview study with seven data protection officers representing a total of 12 digital ecosystems in Germany. We identified current and future challenges for the implementation of data protection requirements, covering issues on legal obligations and data subject rights. Our results support stakeholders involved in the implementation of privacy protection measures in digital ecosystems, and form the foundation for future privacy-related studies tailored to the specifics of digital ecosystems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Unless otherwise stated, all articles mentioned refer to the GDPR [10].
- 2.
The Telecommunication Telemedia Data Protection Act (TTDSG) is the national adoption of the EU ePrivacy Directive in Germany. It further replaces previous regulations on data protection and secrecy for telecommunications services in Germany.
References
Almeida, J., da Cunha, P.R., Pereira, A.D.: GDPR-compliant data processing: practical considerations. In: Proceedings of the 18th European, Mediterranean, and Middle Eastern Conference (EMCIS), pp. 505–514 (2021)
Anwar, M.J., Gill, A.Q., Beydoun, G.: A review of information privacy laws and standards for secure digital ecosystems. In: Proceedings of the 29th Australasian Conference on Information Systems (ACIS), pp. 1–12 (2018)
Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Proceedings of the 4th Annual Privacy Forum, pp. 135–152 (2016)
Campbell, J.L., Quincy, C.D., Osserman, J., Pedersen, O.K.: Coding in-depth semistructured interviews. Sociol. Methods Res. 42, 294–320 (2013)
Chen, Z.T., Cheung, M.: Privacy perception and protection on Chinese social media. Ethics Inf. Technol. 20(4), 279–289 (2018)
da Conceição Freitas, M., da Silva, M.M.: GDPR compliance in SMEs: there is much to be done. J. Inf. Syst. Eng. Manag. 3(4), 30 (2018)
Drozd, O.: Privacy Pattern Catalogue: a tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In: Proceedings of the 10th IFIP International Summer School on Privacy and Identity Management, pp. 129–140 (2016)
EDPB: Guidelines 4/2019 on article 25 data protection by design and by default, version 2.0 (2020)
EDPB: Guidelines 3/2022 on dark patterns in social media platform interfaces: how to recognise and avoid them, version 1.0 (2022)
European Union: GDPR, Regulation (EU) 2016/679 (2016)
Fernandes, J., Machado, C., Amaral, L.: Identifying critical success factors for the general data protection regulation implementation in higher education institutions. Digital Policy, Regul. Gov. 24(4), 355–379 (2022)
Holler, M., van Giffen, B., Benzell, S., Ehrat, M.: The general data protection regulation in financial services industries: how do companies approach the implementation of the gdpr and what can we learn from their approaches? In: Proceedings of the 82th Jahrestagung des Verbands der Hochschullehrer für Betriebswirtschaft (VHB), pp. 1–11 (2020)
Kira, B., Sinha, V., Srinivasan, S.: Regulating digital ecosystems. Industr. Corp. Change 30(5), 1337–1360 (2021)
Koch, M., Krohmer, D., Naab, M., Rost, D., Trapp, M.: A matter of definition: criteria for digital ecosystems. Digital Business 2(2), 100027 (2022)
Lisiak-Felicka, D., Szmit, M.: GDPR implementation in public administrationin Poland - 1.5 year after: an empirical analysis. J. Econ. Manag. 43, 1–21 (2021)
McHugh, M.L.: Interrater reliability: the kappa statistic. Biochemia Medica 22(3), 276–282 (2012)
Nachira, F., Nicolai, A., Dini, P.: Digital business ecosystems. European Commission (2007)
Namara, M., Sloan, H., Knijnenburg, B.P.: The effectiveness of adaptation methods in improving user engagement and privacy protection on social network sites. In: Proceedings on Privacy Enhancing Technologies, vol. 2022, iss. 1, pp. 629–648 (2022)
Park, Y.J., Chung, J.E., Shin, D.H.: The structuration of digital ecosystem, privacy, and big data intelligence. Am. Behav. Sci. 62(10), 1319–1337 (2018)
Popescu, A., et al.: Increasing transparency and privacy for online social network users – USEMP value model, scoring framework and legal. In: Proceedings of the 4th Annual Privacy Forum (APF), pp. 38–59 (2016)
Poritskiy, N., Oliveira, F., Almeida, F.: The benefits and challenges of general data protection regulation for the information technology sector. Digital Policy, Regul. Gov. 21(5), 510–524 (2019)
Qiu, Y., Gopal, A., Hann, I.H.: Logic pluralism in mobile platform ecosystems. Inf. Syst. Res. 28(2), 225–249 (2017)
Ranzini, G., Etter, M., Lutz, C., Vermeulen, I.: Privacy in the sharing economy. Tech. rep., Ps2Share (2017)
Raschke, P., Küpper, A., Drozd, O., Kirrane, S.: Designing a GDPR-compliant and usable privacy dashboard. In: Proceedings of the 12th Annual IFIP Summer School on Privacy and Identity Management, pp. 221–236 (2017)
Sirur, S., Nurse, J.R., Webb, H.: Are We There Yet? Understanding the challenges faced in complying with the general data protection regulation (GDPR). In: Proceedings of the 2nd International Workshop on Multimedia Privacy and Security (MPS), pp. 88–95 (2018)
Spiekermann, S., Grossklags, J., Berendt, B.: E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. In: Proceedings of the 3rd ACM Conference on Electronic Commerce (EC), pp. 38–47 (2001)
Teixeira, G.A., da Silva, M.M., Pereira, R.: The critical success factors of GDPR implementation: a systematic literature review. Digital Policy, Regul. Gov. 21(4), 402–418 (2019)
Teixeira, G.A., da Silva, M.M., Pereira, R.: The critical success factors of GDPR implementation: a delphi study. In: Proceedings of the 29th International Conference on Information Systems Development (ISD), pp. 1–12 (2021)
Teubner, T., Flath, C.: Privacy in the sharing economy. J. Assoc. Inf. Syst. 20(3), 213–242 (2019)
Van Landuyt, D., Sion, L., Dewitte, P., Joosen, W.: The bigger picture. In: Proceedings of the 2nd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE), pp. 283–293 (2020)
Yun, H., Lee, G., Kim, D.J.: A chronological review of empirical research on personal information privacy concerns. Inf. Manag. 56(4), 570–601 (2019)
Acknowledgments
We thank Marian Hönscheid and Benedikt Malchow for helping us code the interviews. This research was supported by the project D’accord funded by the German Federal Ministry of Education and Research (grant number: 16KIS1508).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix – Semi-structured Interview
A Appendix – Semi-structured Interview
We conducted the semi-structured interview using the main questions below. The interviews were held in German. To ease understanding, we translated the interview questions from German to English in this paper. We also included optional questions. We asked these questions only when we still had sufficient time to ask them, and when study participants had not implicitly answered these questions in the previous ones.
1.1 A.1 Introduction
-
Please briefly introduce yourself, including your function in the company.
-
Please briefly introduce the digital ecosystem for which you are here today.
-
Please briefly describe your areas of responsibility in this digital ecosystem.
1.2 A.2 Detailed Description of the Ecosystem
-
Stakeholder
-
Who is involved in the digital ecosystem and with what motivation?
-
Which actors and participants are involved?
-
-
Data and purpose of use
-
What common personal data are processed in the digital ecosystem and for what purposes are they processed?
-
Optional: Are there any particularly sensitive personal data that you work with?
-
-
Data flow
-
Who gets access to the personal data? So who are the recipients of the personal data?
-
Optional: Where/how does which personal data flow to whom for which purpose?
-
Optional: To what extent does the broker influence data flows? Also on those of providers?
-
-
Data flow depth
-
Do you know what the recipients process the personal data for?
-
If external recipients: Do you know what external recipients process the personal data for?
-
How do you ensure that recipients use the data only for the intended purposes?
-
1.3 A.3 Privacy Challenges
-
Based on your comments and descriptions: In your opinion, what are the biggest challenges and problems in implementing the legal requirements for data protection?
-
What have been the biggest challenges in the past?
-
What do you think will be challenges to deal with in the future?
-
-
With our research, we want to strengthen the rights of data subjects and support digital ecosystems in their implementation. When you think about data subjects’ rights, what challenges do you face in implementing them in particular?
-
In your view, what responsibility does the provider of the digital ecosystem have to ensure data protection throughout the ecosystem and for all participants/actors?
-
How do you assess the responsibility for the various players in the digital Ecosystem for data protection?
-
Optional: How is data protection ensured, e.g. at the recipients’ side?
-
-
What do you think would be useful or helpful to make data protection in digital ecosystems more effective in the future?
1.4 A.4 Privacy Dashboards
-
Do the terms “privacy cockpits” or “privacy dashboards” mean anything to you?
-
Do you already use such tools or do you plan to use them in the future?
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wiefling, S., Tolsdorf, J., Lo Iacono, L. (2023). Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems. In: Katsikas, S., et al. Computer Security. ESORICS 2022 International Workshops. ESORICS 2022. Lecture Notes in Computer Science, vol 13785. Springer, Cham. https://doi.org/10.1007/978-3-031-25460-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-25460-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25459-8
Online ISBN: 978-3-031-25460-4
eBook Packages: Computer ScienceComputer Science (R0)