kau.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Identification of Compositional Risks in Data Protection Impact Assessments and beyond
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0009-0002-2310-6820
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
University of Oslo, Norway.
University of Oslo, Norway.
2025 (English)In: Proceedings - 10th IEEE European Symposium on Security and Privacy Workshops, IEEE, 2025, p. 251-259Conference paper, Published paper (Refereed)
Abstract [en]

When personal data is processed in a distributed manner by cooperating service providers, privacy risks may emerge solely from the choice of data processors included in the composition. For instance, different data processors may unknowingly rely on the same cloud provider, allowing for unintended linkability of personal data at that very provider. As such compositional risks to privacy are beyond the scope of each individual risk assessment, they are likely to be overseen when performing a data protection impact assessment. In this paper, we propose a novel protocol to detect and manage such compositional risks to privacy. Following an initial problem definition and requirements elicitation, we elaborate how our protocol identifies candidates for compositional risks and how this information may be used to improve the results of a data protection impact assessment over service compositions including multiple data processors. 
Place, publisher, year, edition, pages
IEEE, 2025. p. 251-259
Keywords [en]
Data privacy, Cloud providers, Compositional risk, Data processors, Data protection impact assessments, DPIA, Privacy, Privacy risks, Risk detections, Risks assessments, Service provider, Risk assessment
National Category
Computer Sciences Software Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-107431DOI: 10.1109/EuroSPW67616.2025.00035ISI: 001576286100029Scopus ID: 2-s2.0-105016554511OAI: oai:DiVA.org:kau-107431DiVA, id: diva2:2011027
Conference
2025 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Venice, Italy, June 30- July 4, 2025.
Available from: 2025-11-03 Created: 2025-11-03 Last updated: 2026-02-12Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Graßhoff, HenrikJensen, Meiko

Search in DiVA

By author/editor
Graßhoff, HenrikJensen, Meiko
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer SciencesSoftware Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 75 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Karlstad University
|
University Library
|
Researchers support