Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Opportunities and Challenges of Dynamic Consent in Commercial Big Data Analytics
Kiel Germany.
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0003-2823-3837
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0002-6938-4466
2020 (English)In: Privacy and Identity Management. Data for Better Living: AI and Privacy, Proceedings of the IFIP Summer School / [ed] M. Friedewald, M. Önen, E. Lievens, S. Krenn, and S. Fricker, Springer, 2020, p. 29-44Conference paper, Published paper (Refereed)
Abstract [en]

In the context of big data analytics, the possibilities and demands of online data services may change rapidly, and with it change scenarios related to the processing of personal data. Such changes may pose challenges with respect to legal requirements such as a transparency and consent, and therefore call for novel methods to address the legal and conceptual issues that arise in its course. We define the concept of ‘dynamic consent’ as a means to meet the challenge of acquiring consent in a commercial use case that faces change with respect to re-purposing the processing of personal data with the goal to implement new data services. We present a prototypical implementation that facilitates incremental consent forms based on dynamic consent. We report the results gained via two focus groups which we used to evaluate our design, and derive from our findings implications for future directions.

Place, publisher, year, edition, pages
Springer, 2020. p. 29-44
Keywords [en]
Dynamic consent, EU General Data Protection Regulation (GDPR), Human-computer interaction (HCI), Notification, Re-purposing
National Category
Computer Sciences Computer and Information Sciences Human Computer Interaction Law
Research subject
Computer Science; Information Systems; Law
Identifiers
URN: urn:nbn:se:kau:diva-77400DOI: 10.1007/978-3-030-42504-3_3Scopus ID: 2-s2.0-85082402828ISBN: 978-3-030-42504-3 (electronic)OAI: oai:DiVA.org:kau-77400DiVA, id: diva2:1421211
Conference
IFIP Summer School 2019
Available from: 2020-04-02 Created: 2020-04-02 Last updated: 2022-10-05Bibliographically approved
In thesis
1. Information at Your Fingertips: Facilitating Usable Transparency via Privacy Notifications
Open this publication in new window or tab >>Information at Your Fingertips: Facilitating Usable Transparency via Privacy Notifications
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The General Data Protection Regulation stipulates legal rights of transparency and intervenability. Transparency provides data subjects with insight into how their personal data have been processed, clarifying what consequences will or may arise due to the processing of their data, whereas intervenability enables them to intervene in the process. Technological artefacts, transparency-enhancing tools (TETs) serve the purpose of conveying respective information precisely and intelligibily. However, despite being a prerequisite for transparency, many TETs available today lack usability in that they do not stringently reflect the needs of their users, which raises the question as to whether individual TETs fulfil their designated purpose.

The objective of this dissertation is to systematically apply principles pertaining to human-centred design to ascertain the qualities necessary to design TETs that facilitate transparency and advise means of intervenability with regard to the needs of their target audience. We classify the state of the art of usable TETs published in the literature and discuss the gaps therein. Contextualising our research in the domain of personal health tracking, we investigate to what extent customisation can help accommodate the needs of users of TETs. We introduce privacy notifications as a conceptual means to inform data subjects about facts worthy of their attention, and examine the immanent properties required to accomplish actual usability. We categorise the characteristics of privacy notifications in terms of what insight they convey, and how respective facts need to be presented to facilitate informed decision-making on the recipient's part. Based on findings obtained via quantitative and qualitative user studies, we elicit concomitant factors related to the parameterisation of privacy notifications. We present the prototypical implementation of TETs whose iterative evaluation provides us with a catalogue of design requirements that demonstrably reflect the needs of their users.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 55
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:28
Keywords
General Data Protection Regulation (GDPR), Human-centred design, Human-computer interaction (HCI), Information privacy, Intervenability, Mobile health (mhealth), Personal health tracking, Privacy notification, Transparency, Transparency-enhancing tool (TET), Usability
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-80075 (URN)978-91-7867-144-1 (ISBN)978-91-7867-148-9 (ISBN)
Public defence
2020-10-28, 21E415A, Sjökvistsalen, Karlstad, 09:00 (English)
Opponent
Supervisors
Note

Artikel 6 del av avhandlingen som manuskript, nu publicerad.

Available from: 2020-10-07 Created: 2020-09-04 Last updated: 2021-07-02Bibliographically approved
2. The Lord of Their Data Under the GDPR?: Empowering Users Through Usable Transparency, Intervenability, and Consent
Open this publication in new window or tab >>The Lord of Their Data Under the GDPR?: Empowering Users Through Usable Transparency, Intervenability, and Consent
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The challenges imposed by the ever-growing online data processing make it difficult for people to control their data, which inevitably imperils the privacy of their personal information and making informed decisions. Thus, there is an increasing need for different societal, technological, and legal solutions that empower users to take control of their data. The intervenability rights and the enhanced transparency and consent requirements in the General Data Protection Regulation (GDPR) aim to enable users to gain control of their data. However, these rights and requirements will not be beneficial for users in practice without considering their Human-Computer Interaction (HCI) implications.

The objective of this thesis is to propose usable tools and solutions which improve user-centred transparency, intervenability, and consent, thereby empowering users to take control of their data and make informed decisions. To this end, we employ quantitative and qualitative empirical HCI research methods and consider users through the development cycles of the proposed tools and solutions. We investigate how usable ex-post transparency can facilitate intervenability by implementing and testing Transparency-Enhancing Tools (TETs) that run on users' devices. Further, we analyse the effectiveness of engaging users with policy information through different types of interaction techniques on drawing user attention to consent form contents. We extend our investigation to the robustness of varying consent form designs to habituation. Moreover, we study how users perceive our design of adapted consent based on the demands and challenges of the technology at hand.

This thesis contributes to bridging the gap between legally compliant and usable tools and techniques that aim to enable users to maintain control of their data, resulting in several artefacts, design guidelines, and empirical contributions. The artefacts comprise prototypes and mockups of usable TETs and consent forms. The guidelines encompass a set of design requirements for ex-post TETs that run based on privacy notifications and recommendations on how to engage users with consent form contents. Finally, the empirical contributions include the analysis of the effectiveness of the proposed means and methods on enabling users to exercise their intervenability rights and provide informed consent.

Abstract [en]

The challenges imposed by the ever-growing online data processing make it difficult for people to control their data, which inevitably imperils the privacy of their personal information. Thus, there is an increasing need for different societal, technological, and legal solutions that empower users to take control of their data. The intervenability rights and the enhanced transparency and consent requirements in the General Data Protection Regulation (GDPR) aim to enable users to gain control of their data. However, they will not be beneficial for users in practice without considering their Human-Computer Interaction (HCI) implications.

The objective of this thesis is to propose usable tools and solutions which improve user-centred transparency, intervenability, and consent, thereby empowering users to take control of their data and make informed decisions. To this end, we investigate how usable ex-post transparency can facilitate intervenability by implementing and testing transparency-enhancing tools that run on users' devices. Further, we analyse the effectiveness of engaging users with policy information through different types of interaction techniques on drawing user attention to consent form contents. We extend our investigation to the robustness of varying consent form designs to habituation. Moreover, we study how users perceive our design of adapted consent based on the demands and challenges of the technology at hand. The outcome of this thesis includes several artefacts, design guidelines, and empirical analyses.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 57
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:36
Keywords
Control of personal data, Data privacy, GDPR, HCI, Informed consent, Transparency-enhancing tool, Usability, User interface design
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-81235 (URN)978-91-7867-170-0 (ISBN)978-91-7867-169-4 (ISBN)
Public defence
2020-12-09, 1B309 (Sjöströmsalen), 13:15 (English)
Opponent
Supervisors
Note

Artikel 2 del av avhandlingen som manuskript, nu publicerad.

Available from: 2020-11-20 Created: 2020-11-05 Last updated: 2021-09-01Bibliographically approved

Open Access in DiVA

fulltext-manuscript(286 kB)142 downloads
File information
File name FULLTEXT02.pdfFile size 286 kBChecksum SHA-512
4aca50e3ca1b3a059d465eef3cd2c7c11946bd4d42e80a0eb4d85632e00d8fcf2e70d39340e3e8a6668917af8f4b5501d12504efe92beb68a885b471f4f8eb8f
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Murmann, PatrickKaregar, FarzanehFischer-Hübner, Simone

Search in DiVA

By author/editor
Murmann, PatrickKaregar, FarzanehFischer-Hübner, Simone
By organisation
Department of Mathematics and Computer Science (from 2013)Department of Computer ScienceCentre for HumanIT
Computer SciencesComputer and Information SciencesHuman Computer InteractionLaw

Search outside of DiVA

GoogleGoogle Scholar
Total: 142 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 498 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf