Abstract
Privacy enhancing technologies allow the minimization of risks to online data. However, the transparency of the minimization process is not so clear to all types of end users. Privacy Impact Assessments (PIAs) is a standardized tool that identifies and assesses privacy risks associated with the use of a system. In this work, we used the results of the PIA conducted in our use case to visualize privacy risks to end users in the form of User Interface (UI) mock ups. We tested and evaluated the UI mock-ups via walkthroughs to investigate users’ interests by observing their clicking behavior, followed by four focus group workshops. There were 13 participants (two expert groups and two lay user groups) in total. Results reveal general interests in the transparency provided by showing the risks reductions. Generally, although participants appreciate the concept of having detailed information provided about risk reductions and the type of risks, the visualization and usability of the PIA UIs require future development. Specifically, it should be tailored to the target group’s mental models and background knowledge.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Privacy impact assessment (pia)—cnil. https://www.cnil.fr/en/privacy-impact-assessment-pia. Accessed 23 Jan 2023
Alaqra, A.S., Fischer-Hübner, S., Framner, E.: Enhancing privacy controls for patients via a selective authentic electronic health record exchange service: qualitative study of perspectives by medical professionals and patients. J. Med. Internet Res. 20(12), e10954 (2018).
Alaqra, A.S., Kane, B., Fischer-Hübner, S.: Machine learning-based analysis of encrypted medical data in the cloud: qualitative study of expert stakeholders’ perspectives. JMIR Hum. Factors 8(3), e21810 (2021).
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16
Bozdemir, B., et al.: D3.3 complete specification and implementation of privacy preserving data analytics—Papaya (2020). https://www.papaya-project.eu/node/157
Bozdemir, B., et al.: D4.3 final report on platform implementation and PETs integration—Papaya (2021). https://www.papaya-project.eu/node/161
Camenisch, J., et al.: Trust in prime. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005, pp. 552–559. IEEE (2005)
Cavoukian, A.: Privacy by design, take the challenge (2009)
Cavoukian, A.: Privacy by design in law, policy and practice (2011)
Clarke, R.: Privacy impact assessments. Xamax Consultancy Pty Ltd. (1998)
Clarke, R.: Privacy impact assessment: its origins and development. Comput. Law Secur. Rev. 25(2), 123–135 (2009).
Demjaha, A., Spring, J.M., Becker, I., Parkin, S., Sasse, M.A.: Metaphors considered harmful? an exploratory study of the effectiveness of functional metaphors for end-to-end encryption. In: Proceedings of the USEC, vol. 2018. Internet Society (2018)
EU-GDPR: Article 35 EU general data protection regulation. Data protection impact assessment. (2022). https://gdpr-info.eu/art-35-gdpr/
Simone, F.-H., et al.: D3.4 transparent privacy preserving data analytics (2021). https://www.papaya-project.eu
Heurix, J., Zimmermann, P., Neubauer, T., Fenz, S.: A taxonomy for privacy enhancing technologies. Comput. Secur. 53, 1–17 (2015).
Karegar, F., Alaqra, A.S., Fischer-Hübner, S.: Exploring \(\{\)User-Suitable\(\}\) metaphors for differentially private data analyses. In: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), pp. 175–193 (2022)
Khare, R.: Privacy theater: why social networks only pretend to protect you (2022). https://techcrunch.com/2009/12/27/privacy-theater/
Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017).
Nanayakkara, P., Bater, J., He, X., Hullman, J., Rogers, J.: Visualizing privacy-utility trade-offs in differentially private data releases. Proc. Priv. Enhancing Technol. 2022(2), 601–618 (2022).
Acknowledgment
We would like to acknowledge the PAPAYA (H2020 the European Commission, Grant Agreement No. 786767) and the TRUEdig (Swedish Knowledge Foundation) projects for funding this work. We extend our thanks to the project members for contributing with their valuable inputs throughout the projects. We further thank Tobias Pulls and Jonathan Magnusson for their technical input of the PAPAYA tool, John Sören Pettersson for his input to the user studies, and Elin Nilsson for her help in implementing the mock ups in adobe and transcribing results.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alaqra, A.S., Fischer-Hübner, S., Karegar, F. (2023). Transparency of Privacy Risks Using PIA Visualizations. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-35822-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35821-0
Online ISBN: 978-3-031-35822-7
eBook Packages: Computer ScienceComputer Science (R0)