Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

We introduce a new model for evaluating privacy that builds on the criteria proposed by the EuroPriSe certification scheme by adding usability criteria. Our model is visually represented through a cube, called Usable Privacy Cube (or UP Cube), where each of its three axes of variability captures, respectively: rights of the data subjects, privacy principles, and usable privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination of only rights and principles, forming the two axes at the basis of our UP Cube. In this way we also want to bring out two perspectives on privacy: that of the data subjects and, respectively, that of the controllers/processors. We define usable privacy criteria based on usability goals that we have extracted from the whole text of the General Data Protection Regulation. The criteria are designed to produce measurements of the level of usability with which the goals are reached. Precisely, we measure effectiveness, efficiency, and satisfaction, considering both the objective and the perceived usability outcomes, producing measures of accuracy and completeness, of resource utilization (e.g., time, effort, financial), and measures resulting from satisfaction scales. In the long run, the UP Cube is meant to be the model behind a new certification methodology capable of evaluating the usability of privacy, to the benefit of common users. For industries, considering also the usability of privacy would allow for greater business differentiation, beyond GDPR compliance.Comment: 41 pages, 2 figures, 1 table, and appendixe

Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

Benefits and risks of smart home technologies

Smart homes are a priority area of strategic energy planning and national policy. The market adoption of smart home technologies (SHTs) relies on prospective users perceiving clear benefits with acceptable levels of risk. This paper characterises the perceived benefits and risks of SHTs from multiple perspectives. A representative national survey of UK homeowners (n=1025) finds prospective users have positive perceptions of the multiple functionality of SHTs including energy management. Ceding autonomy and independence in the home for increased technological control are the main perceived risks. An additional survey of actual SHT users (n=42) participating in a smart home field trial identifies the key role of early adopters in lowering perceived SHT risks for the mass market. Content analysis of SHT marketing material (n=62) finds the SHT industry are insufficiently emphasising measures to build consumer confidence on data security and privacy. Policymakers can play an important role in mitigating perceived risks, and supporting the energy-management potential of a smart-home future. Policy measures to support SHT market development include design and operating standards, guidelines on data and privacy, quality control, and in situ research programmes. Policy experiences with domestic energy efficiency technologies and with national smart meter roll-outs offer useful precedents

Functional anonymisation: Personal data and the data environment

Anonymisation of personal data has a long history stemming from the expansion of the types of data products routinely provided by National Statistical Institutes. Variants on anonymisation have received serious criticism reinforced by much-publicised apparent failures. We argue that both the operators of such schemes and their critics have become confused by being overly focused on the properties of the data themselves. We claim that, far from being able to determine whether data are anonymous (and therefore non-personal) by looking at the data alone, any anonymisation technique worthy of the name must take account of not only the data but also their environment. This paper proposes an alternative formulation called functional anonymisation that focuses on the relationship between the data and the environment within which the data exist (their data environment). We provide a formulation for describing the relationship between the data and their environment that links the legal notion of personal data with the statistical notion of disclosure control. Anonymisation, properly conceived and effectively conducted, can be a critical part of the toolkit of the privacy-respecting data controller and the wider remit of providing accurate and usable data

Routes for breaching and protecting genetic privacy

We are entering the era of ubiquitous genetic information for research, clinical care, and personal curiosity. Sharing these datasets is vital for rapid progress in understanding the genetic basis of human diseases. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we technically map threats to genetic privacy and discuss potential mitigation strategies for privacy-preserving dissemination of genetic data.Comment: Draft for comment

A lightweight framework for secure life-logging in smart environments

As the world becomes an interconnected network where objects and humans interact with each other, new challenges and threats appear in the ecosystem. In this interconnected world, smart objects have an important role in giving users the chance for life-logging in smart environments. However, smart devices have several limitations with regards to memory, resources and computation power, hindering the opportunity to apply well-established security algorithms and techniques for secure life-logging on the Internet of Things (IoT) domain. The need for secure and trustworthy life-logging in smart environments is vital, thus, a lightweight approach has to be considered to overcome the constraints of smart objects. The purpose of this paper is to present in details the current topics of life-logging in smart environments, while describing interconnection issues, security threats and suggesting a lightweight framework for ensuring security, privacy and trustworthy life-logging. In order to investigate the efficiency of the lightweight framework and the impact of the security attacks on energy consumption, an experimental test-bed was developed including two interconnected users and one smart attacker, who attempts to intercept transmitted messages or interfere with the communication link. Several mitigation factors, such as power control, channel assignment and AES-128 encryption were pplied for secure life-logging. Finally, research into the degradation of the consumed energy regarding the described intrusions is presented

Furthering the Growth of Cloud Computing by Providing Privacy as a Service

The evolution of Cloud Computing as a viable business solution for providing hardware and software has created many security concerns. Among these security concerns, privacy is often overlooked. If Cloud Computing is to continue its growth, this privacy concern will need to be addressed. In this work we discuss the current growth of Cloud Computing and the impact the public sector and privacy can have in furthering this growth. To begin to provide privacy protection for Cloud Computing, we introduce privacy constraints that outline privacy preferences. We propose the expansion of Cloud Service Level Agreements (SLAs) to include these privacy constraints as Quality of Service (QoS) levels. This privacy QoS must be agreed upon along with the rest of the QoS terms within the SLA by the Cloud consumer and provider. Finally, we introduce Privacy as a Service (PraaS) to monitor the agreement and provide enforcement if necessary