Article

How ordinary internet users can have a chance to influence privacy policies

Authors:

John Sören Pettersson,

Simone Fischer-Hubner,

Marco Casassa Mont,

Siani PearsonAuthors Info & Claims

NordiCHI '06: Proceedings of the 4th Nordic conference on Human-computer interaction: changing roles

Pages 473 - 476

https://doi.org/10.1145/1182475.1182540

Published: 14 October 2006 Publication History

Get Access

Abstract

By 'Obligation Management' we refer to the definition, automated enforcement, and monitoring of privacy obligation policies. Privacy policies are nowadays found on most organisations' web pages, especially when data is directly collected from the user/customer. The paper demonstrates how users can influence rather than merely accept a privacy policy, and further relates this to the larger framework within which policy compliance should be discussed. Four problem areas are identified (from design studies and user tests with paper and computer-based mock-ups): trustworthiness, enterprise perspective, phrases, and obligation setting relative to data or data collection purpose.

References

[1]

Article 29 Data Protection Working Party. Opinion on More Harmonised In-formation provisions. 11987/04/EN WP 100, November 25, 2004.

Google Scholar

[2]

Borking, J., Raab, C. Law, PETs and Other Technologies for Privacy Protection. Journal of Information, Law and Technology 1 (2001).

Google Scholar

[3]

Cameron, K, Jones, M. B. Design Rationale behind the Identity Meta-system Architecture. (2006) http://research.microsoft.com/~mbj/papers/Identity_Metasystem_Design_Rationale.pdf

Google Scholar

[4]

Casassa Mont, M. Dealing with Privacy Obligations. In Trust and Privacy in Digital Business, Springer (2004), LNCS 3184, 120--131.

Google Scholar

[5]

Casassa Mont, M. Pearson, S, Thyne, R. A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises. Proc. TrustBus 2006.

Digital Library

Google Scholar

[6]

Karat, J, Karat, C-M, Brodie, C, Feng, J. Privacy in information technology: Designing to enable privacy policy management in organizations. Int. J. Human-Computer Studies 63 (2005), 153--174.

Digital Library

Google Scholar

[7]

Lips M, Leenes, R. Requirements Version 0 - Part 2, December 13, 2005. http://www.prime-project.eu

Google Scholar

[8]

Pettersson, JS, Fischer-Hübner, S, Bergmann, M. Outlining "Data Track": Privacy-friendly Data Maintenance for End-users. Proc. ISD 2006, Springer.

Google Scholar

[9]

Platform for Privacy Preferences 1.1 (P3P1.1) Specification. (Eds. Cranor et al.). W3C Working Draft 10 February 2006. http://www.w3.org/TR/2006/WD-P3P11-20060210/

Google Scholar

[10]

Sommer, D. (ed.), 2005. PRIME Architecture V1, D14.2.b, http://www.prime-project.eu/prime_products

Google Scholar

Cited By

View all

Machuletz DBöhme R(2020)Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPRProceedings on Privacy Enhancing Technologies10.2478/popets-2020-00372020:2(481-498)Online publication date: 8-May-2020
https://doi.org/10.2478/popets-2020-0037
Pötzsch SBorcea-Pfitzmann KHansen MLiesebach KPfitzmann ASteinbrecher S(2011)Requirements for identity management from the perspective of multilateral interactionsDigital privacy10.5555/1996594.1996619(609-649)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.5555/1996594.1996619
Kolter JKernchen TPernul G(2009)Collaborative Privacy – A Community-Based Privacy InfrastructureEmerging Challenges for Security, Privacy and Trust10.1007/978-3-642-01244-0_20(226-236)Online publication date: 2009
https://doi.org/10.1007/978-3-642-01244-0_20

Index Terms

How ordinary internet users can have a chance to influence privacy policies

Recommendations

Refinement checking for privacy policies

This paper presents a framework for analysis and comparison of privacy policies expressed in P3P (Platform for Privacy Preferences). In contrast to existing approaches to policy analysis, which focus on demonstrations of equality or equivalence of ...
PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies
Trust, Privacy and Security in Digital Business
Abstract
The General Data Protection Regulation (GDPR) makes the creation of compliant privacy policies a complex process. Our goal is to support policy authors during the creation of privacy policies, by providing them feedback on the privacy policy they ...
Efficient comparison of enterprise privacy policies
SAC '04: Proceedings of the 2004 ACM symposium on Applied computing

Enterprise privacy policies often reflect different legal regulations, promises made to customers, as well as more restrictive enterprise-internal practices. The notion of policy refinement is fundamental for privacy policies, as it allows one to check ...

Reviews

Reviewer: Alan M Arnfeld

An increasing concern for many Internet users is the management of their private data. When interacting with individual Web sites, it is a common experience to be asked to provide personal data, such as name and address. On e-commerce sites, further private data is required, such as payment details and permission to market further products to the individual. This paper discusses an emerging field called obligation management, describing the processes and procedures by which an individual could be allowed greater control over the data he or she provides. This research originated in a European research program concerned with developing processes, procedures, and tools to allow individuals greater control over the management of their personal data (https://www.prime-project.eu/). A prototype Web service is introduced that presents an additional screen to the Web user, allowing the user to define controls and parameters for private data (for example, to set up alerts should personal data be passed to third parties). This is a good introduction to the topic for a wider audience. Unfortunately, the paper has only limited information about the usability testing and human-computer interaction (HCI) design conducted through this program. There is also a clear need for further research on the impact of these additional controls on e-commerce revenue. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

NordiCHI '06: Proceedings of the 4th Nordic conference on Human-computer interaction: changing roles

October 2006

517 pages

ISBN:1595933255

DOI:10.1145/1182475

Editors:
Anders Mørch
University of Oslo, Norway
,
Konrad Morgan
University of Bergen, Norway
,
Tone Bratteteig
University of Oslo, Norway
,
Gautam Ghosh
Userminded, Norway
,
Dag Svanaes
Norwegian University of Science and Technology, Trondheim, Norway

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

NORDICHI06

NORDICHI06: The 4th Nordic Conference on Human-Computer Interaction

October 14 - 18, 2006

Oslo, Norway

Acceptance Rates

Overall Acceptance Rate 379 of 1,572 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
508
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Machuletz DBöhme R(2020)Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPRProceedings on Privacy Enhancing Technologies10.2478/popets-2020-00372020:2(481-498)Online publication date: 8-May-2020
https://doi.org/10.2478/popets-2020-0037
Pötzsch SBorcea-Pfitzmann KHansen MLiesebach KPfitzmann ASteinbrecher S(2011)Requirements for identity management from the perspective of multilateral interactionsDigital privacy10.5555/1996594.1996619(609-649)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.5555/1996594.1996619
Kolter JKernchen TPernul G(2009)Collaborative Privacy – A Community-Based Privacy InfrastructureEmerging Challenges for Security, Privacy and Trust10.1007/978-3-642-01244-0_20(226-236)Online publication date: 2009
https://doi.org/10.1007/978-3-642-01244-0_20

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Refinement checking for privacy policies

PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies

Efficient comparison of enterprise privacy policies

Reviews

Access critical reviews of Computing literature here