Abstract
Products and services are increasingly being offered in so-called “digital ecosystems”, where the processing of sensitive data plays a major role. In such ecosystems, the aim should always be to offer “data providers” (e.g., companies or consumers of goods and services) transparency and control over the processing of their data. This concept is called “data sovereignty.” However, it is extremely challenging to present complex processes, data flows and protective measures to users in an understandable and comprehensible way. Furthermore, it is important to make users aware of the consequences of their choices when it comes to settings and consent—without influencing them inappropriately. However, users of digital ecosystems are very heterogeneous in their needs and abilities. For appropriate transparency (e.g., user-friendly privacy statements, uniform icons, traceable data flows) and self-determination measures (e.g., end-to-end consent management), these needs, abilities and some fundamental limitations must be considered. With this paper, we discuss how ecosystem providers and participants can implement data sovereignty in a user-friendly way. We extend the human-centred design process to include data sovereignty aspects and show how data usage control can help to technically implement user needs.
This work is funded by the German Federal Ministry of Education and Research (BMBF), grant number 16KIS1507.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
References
Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9
Birolini, A.: Zuverlässigkeit von Geräten und Systemen. Springer, Heidelberg (2013)
Caraban, A., Karapanos, E., Gonçalves, D., Campos, P.: 23 ways to nudge: a review of technology-mediated nudging in human-computer interaction. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, CHI 2019, pp. 1–15. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3290605.3300733
Chiasson, S., van Oorschot, P., Biddle, R.: Even experts deserve usable security: design guidelines for security management systems. In: SOUPS Workshop on Usable IT Security Management (USM), pp. 1–4 (2007)
Clarke, S.: What is an end user software engineer? In: Burnett, M.H., Engels, G., Myers, B.A., Rothermel, G. (eds.) End-User Software Engineering. Dagstuhl Seminar Proceedings (DagSemProc), vol. 7081, p. 1. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Dagstuhl, Germany (2007). https://doi.org/10.4230/DagSemProc.07081.26. https://drops.dagstuhl.de/opus/volltexte/2007/1080
Deutschland sicher im Netz e.V.: DsiN-Sicherheitsindex 2021 (2021). https://www.sicher-im-netz.de/dsin-sicherheitsindex-2021
Ermakova, T., Fabian, B., Babina, E.: Readability of privacy policies of healthcare websites (2015)
European Union Agency for Fundamental Rights: Your rights matter: data protection and privacy: fundamental rights survey. Publications Office (2020). https://doi.org/10.2811/292617
Feth, D.: Transparency through contextual privacy statements. In: Burghardt, M., Wimmer, R., Wolff, C., Womser-Hacker, C. (eds.) Mensch und Computer 2017 - Workshopband. Gesellschaft für Informatik e.V., Regensburg (2017). https://doi.org/10.18420/muc2017-ws05-0406
Feth, D.: Modelling and presentation of privacy-relevant information for internet users. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 354–366. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_23
Feth, D., Polst, S.: Heuristics and models for evaluating the usability of security measures. In: Proceedings of Mensch Und Computer 2019, MuC 2019, pp. 275–285. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3340764.3340789
Garfinkel, S.: Design principles and patterns for computer systems that are simultaneously secure and usable. Ph.D. thesis, Massachusetts Institute of Technology (2005)
Green, M., Smith, M.: Developers are not the enemy!: the need for usable security APIs. IEEE Secur. Priv. 14(5), 40–46 (2016)
Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)
Jung, C., Dörr, J.: Data usage control. In: Otto, B., ten Hompel, M., Wrobel, S. (eds.) Designing Data Spaces, pp. 129–146. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-93975-5_8
Jung, C., Eitel, A., Feth, D.: Datensouveränität in Digitalen Ökosystemen: Daten nutzbar machen, Kontrolle behalten. In: Rohde, M., Bürger, M., Peneva, K., Mock, J. (eds.) Datenwirtschaft und Datentechnologie, pp. 203–220. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-662-65232-9_15
Kettner, S., Thorun, C., Spindler, G.: Innovatives datenschutz-einwilligungsmanagement. Forschungsvorhaben gefördert durch das BMJV, Berlin (2020)
Koch, M., Krohmer, D., Naab, M., Rost, D., Trapp, M.: A matter of definition: criteria for digital ecosystems. Digit. Bus. 2(2), 100027 (2022). https://doi.org/10.1016/j.digbus.2022.100027. https://www.sciencedirect.com/science/article/pii/S2666954422000072
Lo Iacono, L., Schmitt, H., Feth, D., et al.: Arbeitskreis usable security & privacy: nutzerzentrierter schutz sensibler daten (2018)
Milne, G.R., Culnan, M.J., Greene, H.: A longitudinal assessment of online privacy notice readability. J. Public Policy Mark. 25(2), 238–249 (2006)
Obar, J.A., Oeldorf-Hirsch, A.: The biggest lie on the internet: ignoring the privacy policies and terms of service policies of social networking services. Inf. Commun. Soc. 23(1), 128–147 (2020)
Ortloff, A.M., Güntner, L., Windl, M., Feth, D., Polst, S.: Evaluation kontextueller datenschutzerklärungen. In: Dachselt, R., Weber, G. (eds.) Mensch und Computer 2018 - Workshopband. Gesellschaft für Informatik e.V., Bonn (2018). https://doi.org/10.18420/muc2018-ws08-0541
Reidenberg, J.R., et al.: Disagreeable privacy policies: Mismatches between meaning and users’ understanding. Berkeley Tech. LJ 30, 39 (2015)
Rost, M., Bock, K.: Privacy by design und die neuen schutzziele. Datenschutz und Datensicherheit-DuD 35(1), 30–35 (2011)
Rudolph, M., Polst, S., Doerr, J.: Enabling users to specify correct privacy requirements. In: Knauss, E., Goedicke, M. (eds.) REFSQ 2019. LNCS, vol. 11412, pp. 39–54. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15538-4_3
Shneiderman, B., Leavitt, M., et al.: Research-Based Web Design & Usability Guidelines. Department of Health and Human Services, Washington DC (2006)
Shneiderman, B., Plaisant, C., Cohen, M.S., Jacobs, S., Elmqvist, N., Diakopoulos, N.: Designing the User Interface: Strategies for Effective Human-Computer Interaction. Pearson (2016)
Smith, S.L., Mosier, J.N.: Guidelines for Designing User Interface Software. Citeseer (1986)
Symantec: State of Privacy Report 2015 (2015)
Tsai, J.Y., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. Inf. Syst. Res. 22(2), 254–268 (2011)
Waldman, A.E.: Privacy, notice, and design. Stan. Tech. L. Rev. 21, 74 (2018)
Yee, K.-P.: User interaction design for secure systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278–290. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36159-6_24
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Feth, D. (2023). Usable Implementation of Data Sovereignty in Digital Ecosystems. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-35822-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35821-0
Online ISBN: 978-3-031-35822-7
eBook Packages: Computer ScienceComputer Science (R0)