Skip to main content
SpringerLink
Log in

Usable Implementation of Data Sovereignty in Digital Ecosystems

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14045))

Included in the following conference series:

  • 814 Accesses

Abstract

Products and services are increasingly being offered in so-called “digital ecosystems”, where the processing of sensitive data plays a major role. In such ecosystems, the aim should always be to offer “data providers” (e.g., companies or consumers of goods and services) transparency and control over the processing of their data. This concept is called “data sovereignty.” However, it is extremely challenging to present complex processes, data flows and protective measures to users in an understandable and comprehensible way. Furthermore, it is important to make users aware of the consequences of their choices when it comes to settings and consent—without influencing them inappropriately. However, users of digital ecosystems are very heterogeneous in their needs and abilities. For appropriate transparency (e.g., user-friendly privacy statements, uniform icons, traceable data flows) and self-determination measures (e.g., end-to-end consent management), these needs, abilities and some fundamental limitations must be considered. With this paper, we discuss how ecosystem providers and participants can implement data sovereignty in a user-friendly way. We extend the human-centred design process to include data sovereignty aspects and show how data usage control can help to technically implement user needs.

This work is funded by the German Federal Ministry of Education and Research (BMBF), grant number 16KIS1507.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.caruso-dataplace.com/.

  2. 2.

    https://www.advaneo.de/.

  3. 3.

    https://www.govdata.de/.

  4. 4.

    https://www.gaia-x.eu/.

  5. 5.

    https://www.internationaldataspaces.org/.

  6. 6.

    https://www.mydata-control.de/.

  7. 7.

    https://privacyiconsforum.eu/.

  8. 8.

    https://www.bitkom.org/Themen/Datenschutz-Sicherheit/Privacy-Icons.

  9. 9.

    https://www.baden-wuerttemberg.datenschutz.de/datenschutz-icons/.

  10. 10.

    https://www.usecured.de/.

References

  1. Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9

    Chapter  Google Scholar 

  2. Birolini, A.: Zuverlässigkeit von Geräten und Systemen. Springer, Heidelberg (2013)

    Google Scholar 

  3. Caraban, A., Karapanos, E., Gonçalves, D., Campos, P.: 23 ways to nudge: a review of technology-mediated nudging in human-computer interaction. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, CHI 2019, pp. 1–15. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3290605.3300733

  4. Chiasson, S., van Oorschot, P., Biddle, R.: Even experts deserve usable security: design guidelines for security management systems. In: SOUPS Workshop on Usable IT Security Management (USM), pp. 1–4 (2007)

    Google Scholar 

  5. Clarke, S.: What is an end user software engineer? In: Burnett, M.H., Engels, G., Myers, B.A., Rothermel, G. (eds.) End-User Software Engineering. Dagstuhl Seminar Proceedings (DagSemProc), vol. 7081, p. 1. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Dagstuhl, Germany (2007). https://doi.org/10.4230/DagSemProc.07081.26. https://drops.dagstuhl.de/opus/volltexte/2007/1080

  6. Deutschland sicher im Netz e.V.: DsiN-Sicherheitsindex 2021 (2021). https://www.sicher-im-netz.de/dsin-sicherheitsindex-2021

  7. Ermakova, T., Fabian, B., Babina, E.: Readability of privacy policies of healthcare websites (2015)

    Google Scholar 

  8. European Union Agency for Fundamental Rights: Your rights matter: data protection and privacy: fundamental rights survey. Publications Office (2020). https://doi.org/10.2811/292617

  9. Feth, D.: Transparency through contextual privacy statements. In: Burghardt, M., Wimmer, R., Wolff, C., Womser-Hacker, C. (eds.) Mensch und Computer 2017 - Workshopband. Gesellschaft für Informatik e.V., Regensburg (2017). https://doi.org/10.18420/muc2017-ws05-0406

  10. Feth, D.: Modelling and presentation of privacy-relevant information for internet users. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 354–366. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_23

    Chapter  Google Scholar 

  11. Feth, D., Polst, S.: Heuristics and models for evaluating the usability of security measures. In: Proceedings of Mensch Und Computer 2019, MuC 2019, pp. 275–285. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3340764.3340789

  12. Garfinkel, S.: Design principles and patterns for computer systems that are simultaneously secure and usable. Ph.D. thesis, Massachusetts Institute of Technology (2005)

    Google Scholar 

  13. Green, M., Smith, M.: Developers are not the enemy!: the need for usable security APIs. IEEE Secur. Priv. 14(5), 40–46 (2016)

    Article  Google Scholar 

  14. Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)

    Google Scholar 

  15. Jung, C., Dörr, J.: Data usage control. In: Otto, B., ten Hompel, M., Wrobel, S. (eds.) Designing Data Spaces, pp. 129–146. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-93975-5_8

    Chapter  Google Scholar 

  16. Jung, C., Eitel, A., Feth, D.: Datensouveränität in Digitalen Ökosystemen: Daten nutzbar machen, Kontrolle behalten. In: Rohde, M., Bürger, M., Peneva, K., Mock, J. (eds.) Datenwirtschaft und Datentechnologie, pp. 203–220. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-662-65232-9_15

    Chapter  Google Scholar 

  17. Kettner, S., Thorun, C., Spindler, G.: Innovatives datenschutz-einwilligungsmanagement. Forschungsvorhaben gefördert durch das BMJV, Berlin (2020)

    Google Scholar 

  18. Koch, M., Krohmer, D., Naab, M., Rost, D., Trapp, M.: A matter of definition: criteria for digital ecosystems. Digit. Bus. 2(2), 100027 (2022). https://doi.org/10.1016/j.digbus.2022.100027. https://www.sciencedirect.com/science/article/pii/S2666954422000072

  19. Lo Iacono, L., Schmitt, H., Feth, D., et al.: Arbeitskreis usable security & privacy: nutzerzentrierter schutz sensibler daten (2018)

    Google Scholar 

  20. Milne, G.R., Culnan, M.J., Greene, H.: A longitudinal assessment of online privacy notice readability. J. Public Policy Mark. 25(2), 238–249 (2006)

    Article  Google Scholar 

  21. Obar, J.A., Oeldorf-Hirsch, A.: The biggest lie on the internet: ignoring the privacy policies and terms of service policies of social networking services. Inf. Commun. Soc. 23(1), 128–147 (2020)

    Article  Google Scholar 

  22. Ortloff, A.M., Güntner, L., Windl, M., Feth, D., Polst, S.: Evaluation kontextueller datenschutzerklärungen. In: Dachselt, R., Weber, G. (eds.) Mensch und Computer 2018 - Workshopband. Gesellschaft für Informatik e.V., Bonn (2018). https://doi.org/10.18420/muc2018-ws08-0541

  23. Reidenberg, J.R., et al.: Disagreeable privacy policies: Mismatches between meaning and users’ understanding. Berkeley Tech. LJ 30, 39 (2015)

    Google Scholar 

  24. Rost, M., Bock, K.: Privacy by design und die neuen schutzziele. Datenschutz und Datensicherheit-DuD 35(1), 30–35 (2011)

    Article  Google Scholar 

  25. Rudolph, M., Polst, S., Doerr, J.: Enabling users to specify correct privacy requirements. In: Knauss, E., Goedicke, M. (eds.) REFSQ 2019. LNCS, vol. 11412, pp. 39–54. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15538-4_3

    Chapter  Google Scholar 

  26. Shneiderman, B., Leavitt, M., et al.: Research-Based Web Design & Usability Guidelines. Department of Health and Human Services, Washington DC (2006)

    Google Scholar 

  27. Shneiderman, B., Plaisant, C., Cohen, M.S., Jacobs, S., Elmqvist, N., Diakopoulos, N.: Designing the User Interface: Strategies for Effective Human-Computer Interaction. Pearson (2016)

    Google Scholar 

  28. Smith, S.L., Mosier, J.N.: Guidelines for Designing User Interface Software. Citeseer (1986)

    Google Scholar 

  29. Symantec: State of Privacy Report 2015 (2015)

    Google Scholar 

  30. Tsai, J.Y., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. Inf. Syst. Res. 22(2), 254–268 (2011)

    Article  Google Scholar 

  31. Waldman, A.E.: Privacy, notice, and design. Stan. Tech. L. Rev. 21, 74 (2018)

    Google Scholar 

  32. Yee, K.-P.: User interaction design for secure systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278–290. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36159-6_24

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer IESE, Fraunhofer-Platz 1, 67663, Kaiserslautern, Germany

    Denis Feth

Authors
  1. Denis Feth
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Denis Feth .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Feth, D. (2023). Usable Implementation of Data Sovereignty in Digital Ecosystems. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35822-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35821-0

  • Online ISBN: 978-3-031-35822-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation