Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This?
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Privacy and Security, PRISEC)ORCID iD: 0000-0003-2823-3837
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Privacy and Security, PRISEC)ORCID iD: 0000-0001-6459-8409
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Privacy and Security, PRISEC)ORCID iD: 0000-0002-6938-4466
2017 (English)In: Privacy and Identity Management. Facing up to Next Steps. Privacy and Identity 2016. IFIP Advances in Information and Communication Technology., Springer, 2017, Vol. 498, p. 164-181Conference paper, Published paper (Refereed)
Abstract [en]

A transparency enhancing tool called Data Track has been developed at Karlstad University. The latest stand-alone version of the tool allows users to visualize their data exports. For analyzing the users’ perceptions of the Data Track in regard to transparency features and the concepts of data export and data portability, we have conducted a qualitative user study. We observed that although users had rather little interest in the visualization of derived data activities revealed in the Google location file, they were interested in other kinds of derived data like usage patterns for different service providers. Also, as earlier user studies revealed, we again confirmed that it is confusing for users to differentiate between locally and remotely stored and controlled data. Finally, in spite of being concerned about the security of the data exported to their machines, for exercising data portability rights pursuant to the General Data Protection Regulation, most participants would prefer to first export and edit the data before uploading it to another service provider and would appreciate using a tool such as the Data Track for helping them in this context.

Place, publisher, year, edition, pages
Springer, 2017. Vol. 498, p. 164-181
Series
IFIP Advances in Information and Communication Technology book series, ISSN 1868-4238
Keywords [en]
Transparency Enhancing Tools, Data portability, visualization, Data Track
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-64555DOI: 10.1007/978-3-319-55783-0_12ISI: 000460572100012ISBN: 978-3-319-55782-3 (print)ISBN: 978-3-319-55783-0 (electronic)OAI: oai:DiVA.org:kau-64555DiVA, id: diva2:1149533
Conference
The 11th International IFIP Summer School on Privacy and Identity Management, August 21-26, 2016, Karlstad, Sweden
Available from: 2017-10-16 Created: 2017-10-16 Last updated: 2020-11-05Bibliographically approved
In thesis
1. Towards Improving Transparency, Intervenability, and Consent in HCI
Open this publication in new window or tab >>Towards Improving Transparency, Intervenability, and Consent in HCI
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Transparency of personal data processing is enforced by most Western privacy laws, including the new General Data Protection Regulation (GDPR) which will be effective from May 2018. The GDPR specifies that personal data shall be processed lawfully, fairly, and in a transparent manner. It strengthens people's rights for both ex-ante and ex-post transparency and intervenability. Equally important is the strict legal requirements for informed consent established by the GDPR.

On the other hand, the legal privacy principles have Human-Computer Interaction (HCI) implications. People should comprehend the principles, be aware of when the principles may be used, and be able to use them. Transparent information about personal data processing should be concise, intelligible, and provided in an easily accessible form, pursuant to the GDPR. Nonetheless, the answer to the question about how HCI implications can be addressed depends on the attempts to decrease the gap between legal and user-centric transparency, intervenability, and consent. Enhancing individuals' control in a usable way helps people to be aware of the flow of their personal information, control their data, make informed decisions, and finally preserve their privacy.

The objective of this thesis is to propose usable tools and solutions, to enhance people's control and enforce legal privacy principles, especially transparency, intervenability, and informed consent. To achieve the goal of the thesis, different ways to improve ex-ante transparency and informed consent are investigated by designing and testing new solutions to make effective consent forms. Moreover, ex-post transparency and intervenability are improved by designing a transparency enhancing tool and investigating users' perceptions of data portability and transparency in the tool. The results of this thesis contribute to the body of knowledge by mapping legal privacy principles to HCI solutions, unveiling HCI problems and answers when aiming for legal compliance, and proposing effective designs to obtain informed consent.    

Abstract [en]

The new General Data Protection Regulation (GDPR) strengthens people’s rights for transparency, intervenability, and consent. The legal privacy principles have Human-Computer Interaction (HCI) implications. Besides aiming for legal compliance, it is of paramount importance to investigate how to provide individuals with usable and user-centric transparency, intervenability, and consent.

The objective of this thesis is to propose usable tools and solutions, to enhance people's control and enforce legal privacy principles, especially transparency, intervenability, and informed consent. To achieve the goal of the thesis, different ways to improve ex-ante transparency and informed consent are investigated by designing and testing new solutions to make effective consent forms. Moreover, ex-post transparency and intervenability are improved by designing a transparency enhancing tool and investigating users' perceptions of data portability and transparency in the tool. The results of this thesis contribute to the body of knowledge by mapping legal privacy principles to HCI solutions, unveiling HCI problems and answers when aiming for legal compliance, and proposing effective designs to obtain informed consent.    

Place, publisher, year, edition, pages
Karlstad University Press, 2018. p. 39
Series
Karlstad University Studies, ISSN 1403-8099 ; 2018:9
Keywords
GDPR, Informed Consent, Intervenability, Transparency, Usable Privacy
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-66109 (URN)978-91-7063-838-1 (ISBN)978-91-7063-933-3 (ISBN)
Presentation
2018-03-15, 12 B 252, Universitetsgatan 2, Karlstad, 09:00 (English)
Opponent
Supervisors
Note

The 3. article was in manuscript form at the time of the licentiate defense: Karegar, F. / User Evaluations of an App Interface for Cloud-based Identity Management / / Manuskript (preprint)

Available from: 2018-02-22 Created: 2018-02-05 Last updated: 2019-06-10Bibliographically approved
2. The Lord of Their Data Under the GDPR?: Empowering Users Through Usable Transparency, Intervenability, and Consent
Open this publication in new window or tab >>The Lord of Their Data Under the GDPR?: Empowering Users Through Usable Transparency, Intervenability, and Consent
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The challenges imposed by the ever-growing online data processing make it difficult for people to control their data, which inevitably imperils the privacy of their personal information and making informed decisions. Thus, there is an increasing need for different societal, technological, and legal solutions that empower users to take control of their data. The intervenability rights and the enhanced transparency and consent requirements in the General Data Protection Regulation (GDPR) aim to enable users to gain control of their data. However, these rights and requirements will not be beneficial for users in practice without considering their Human-Computer Interaction (HCI) implications.

The objective of this thesis is to propose usable tools and solutions which improve user-centred transparency, intervenability, and consent, thereby empowering users to take control of their data and make informed decisions. To this end, we employ quantitative and qualitative empirical HCI research methods and consider users through the development cycles of the proposed tools and solutions. We investigate how usable ex-post transparency can facilitate intervenability by implementing and testing Transparency-Enhancing Tools (TETs) that run on users' devices. Further, we analyse the effectiveness of engaging users with policy information through different types of interaction techniques on drawing user attention to consent form contents. We extend our investigation to the robustness of varying consent form designs to habituation. Moreover, we study how users perceive our design of adapted consent based on the demands and challenges of the technology at hand.

This thesis contributes to bridging the gap between legally compliant and usable tools and techniques that aim to enable users to maintain control of their data, resulting in several artefacts, design guidelines, and empirical contributions. The artefacts comprise prototypes and mockups of usable TETs and consent forms. The guidelines encompass a set of design requirements for ex-post TETs that run based on privacy notifications and recommendations on how to engage users with consent form contents. Finally, the empirical contributions include the analysis of the effectiveness of the proposed means and methods on enabling users to exercise their intervenability rights and provide informed consent.

Abstract [en]

The challenges imposed by the ever-growing online data processing make it difficult for people to control their data, which inevitably imperils the privacy of their personal information. Thus, there is an increasing need for different societal, technological, and legal solutions that empower users to take control of their data. The intervenability rights and the enhanced transparency and consent requirements in the General Data Protection Regulation (GDPR) aim to enable users to gain control of their data. However, they will not be beneficial for users in practice without considering their Human-Computer Interaction (HCI) implications.

The objective of this thesis is to propose usable tools and solutions which improve user-centred transparency, intervenability, and consent, thereby empowering users to take control of their data and make informed decisions. To this end, we investigate how usable ex-post transparency can facilitate intervenability by implementing and testing transparency-enhancing tools that run on users' devices. Further, we analyse the effectiveness of engaging users with policy information through different types of interaction techniques on drawing user attention to consent form contents. We extend our investigation to the robustness of varying consent form designs to habituation. Moreover, we study how users perceive our design of adapted consent based on the demands and challenges of the technology at hand. The outcome of this thesis includes several artefacts, design guidelines, and empirical analyses.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 57
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:36
Keywords
Control of personal data, Data privacy, GDPR, HCI, Informed consent, Transparency-enhancing tool, Usability, User interface design
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-81235 (URN)978-91-7867-170-0 (ISBN)978-91-7867-169-4 (ISBN)
Public defence
2020-12-09, 1B309 (Sjöströmsalen), 13:15 (English)
Opponent
Supervisors
Note

Artikel 2 del av avhandlingen som manuskript, nu publicerad.

Available from: 2020-11-20 Created: 2020-11-05 Last updated: 2021-09-01Bibliographically approved

Open Access in DiVA

fulltext(1588 kB)603 downloads
File information
File name FULLTEXT01.pdfFile size 1588 kBChecksum SHA-512
019504ffbe306305afc608f16bb1f85760f725448300dfe480924f7568e9da619a52f95175d5cb7ffe15075f0586fae4451ac86507dd2de621583deffd79c9b6
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records

Karegar, FarzanehPulls, TobiasFischer-Hübner, Simone

Search in DiVA

By author/editor
Karegar, FarzanehPulls, TobiasFischer-Hübner, Simone
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 603 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 779 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf