Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SoK: The Gap Between Data Rights Ideals and Reality (2312.01511v1)

Published 3 Dec 2023 in cs.CY and cs.DB

Abstract: As information economies burgeon, they unlock innovation and economic wealth while posing novel threats to civil liberties and altering power dynamics between individuals, companies, and governments. Legislatures have reacted with privacy laws designed to empower individuals over their data. These laws typically create rights for "data subjects" (individuals) to make requests of data collectors (companies and governments). The European Union General Data Protection Regulation (GDPR) exemplifies this, granting extensive data rights to data subjects, a model embraced globally. However, the question remains: do these rights-based privacy laws effectively empower individuals over their data? This paper scrutinizes these approaches by reviewing 201 interdisciplinary empirical studies, news articles, and blog posts. We pinpoint 15 key questions concerning the efficacy of rights allocations. The literature often presents conflicting results regarding the effectiveness of rights-based frameworks, but it generally emphasizes their limitations. We offer recommendations to policymakers and Computer Science (CS) groups committed to these frameworks, and suggest alternative privacy regulation approaches.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (247)
  1. Privacy and human behavior in the age of information. Science 347, 6221 (2015), 509–514.
  2. aepd 2021. exercise your rights. https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos.
  3. Assessing country-level privacy risk for digital payment systems. computers & security 99 (2020), 102065.
  4. Design of a Compliance Index for Privacy Policies: A Study of Mobile Wallet and Remittance Services. IEEE Transactions on Engineering Management (2020).
  5. Learning from Enforcement Cases to Manage GDPR Risks. MIS Quarterly Executive 20, 3 (2021).
  6. GDPR reality check-claiming and investigating personally identifiable data from companies. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).
  7. Privacy by design in aged care monitoring devices? Well, not quite yet!. In 32nd Australian Conference on Human-Computer Interaction.
  8. Privacy policies over time: Curation and analysis of a million-document dataset. In Proceedings of the Web Conference 2021. 2165–2176.
  9. Privacy policies of mobile apps - A usability study. In IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops.
  10. When GDPR Meets CRAs (Credit Reference Agencies): Looking through the Lens of Twitter. In 13th International Conference on Security of Information and Networks.
  11. A-PPL: an accountability policy language. In Data privacy management, autonomous spontaneous security, and security assurance. Springer, 319–326.
  12. Jack M Balkin. 2015. Information Fiduciaries and the First Amendment. UCDL Rev. 49 (2015), 1183.
  13. Jack M Balkin. 2020. THE FIDUCIARY MODEL OF PRIVACY. Harv. L. Rev. F. 134 (2020), 11.
  14. Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text. Association for Computing Machinery, 1943–1954.
  15. Ayodele A Barrett and Machdel Matthee. 2018. A critical analysis of informed use of context-aware technologies. In Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists. 126–134.
  16. Catherine Barrett. 2020. EMERGING TRENDS FROM THE FIRST YEAR OF EU GDPR ENFORCEMENT. Scitech Lawyer 16, 3 (2020), 22–35.
  17. Ethical Design in e-Commerce: Case Studies. In Social Computing and Social Media: Experience Design and Social Network Analysis: 13th International Conference, SCSM 2021, Held as Part of the 23rd HCI International Conference, HCII 2021, Virtual Event, July 24–29, 2021, Proceedings, Part I. Springer, 421–436.
  18. Are you sure, you want a cookie?–The effects of choice architecture on users’ decisions about sharing private online data. Computers in Human behavior 120 (2021), 106729.
  19. bbc 2019. Introducing the BBC Box. https://www.bbc.co.uk/rd/blog/2019-06-bbc-box-personal-data-privacy.
  20. It’s not just about the product: How persuasive communication affects the disclosure of personal health information. ACM SIGMIS Database: the DATABASE for Advances in Information Systems 51, 1 (2020), 37–50.
  21. Felix Beierle. 2021. TYDR: Track Your Daily Routine. In Integrating Psychoinformatics with Ubiquitous Social Networking. Springer, 39–64.
  22. Privacy in mobile health applications for breast cancer patients. In 2019 IEEE 32nd International Symposium on Computer-Based Medical Systems (CBMS). IEEE, 634–639.
  23. Assessment of the fairness of privacy policies of Mobile health apps: scale development and evaluation in Cancer apps. JMIR mHealth and uHealth 8, 7 (2020), e17134.
  24. Colin J Bennett. 2018. The European General Data Protection Regulation: An instrument for the globalization of privacy standards? Information Polity (2018).
  25. Sebastian Benthall and Salome Vilijoen. 2021. Data Market Discipline: From Financial Regulation to Data Governance. J. Int’l & Comp. L. 8 (2021), 459.
  26. Seeing is Believing? Effects of Visualization on Smart Device Privacy Perceptions. Association for Computing Machinery, New York, NY, USA, 4183–4192.
  27. Five years of the right to be forgotten. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 959–972.
  28. bfdi 2020. Leaflet to information, correction and deletion rights in Germany. https://www.bfdi.bund.de/SharedDocs/Downloads/EN/Datenschutz/Leaflet_SIS.html.
  29. Explainable machine learning in deployment. In Proceedings of the 2020 conference on fairness, accountability, and transparency. 648–657.
  30. “I Never Thought About Securing My Machine Learning Systems”: A Study of Security and Privacy Awareness of Machine Learning Practitioners. In Mensch und Computer 2021.
  31. Security analysis of subject access request procedures: How to authenticate data subjects safely when they request for their data. In Privacy Technologies and Policy: 7th Annual Privacy Forum, APF 2019, Rome, Italy, June 13–14, 2019, Proceedings 7. Springer, 182–209.
  32. Marc H Bornstein and Jerome S Bruner. 2014. Interaction in human development. Psychology Press.
  33. Understanding the family perspective on the storage, sharing and handling of family civic data. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems.
  34. Misplaced Confidences: Privacy and the Control Paradox. Social Psychological and Personality Science 4, 3 (2013), 340–347.
  35. Virginia Braun and Victoria Clarke. 2019. Reflecting on reflexive thematic analysis. Qualitative research in sport, exercise and health 11, 4 (2019), 589–597.
  36. Michael Brown and Carrie Klein. 2020. Whose data? Which rights? Whose power? A policy discourse analysis of student privacy policy documents. The Journal of Higher Education 91, 7 (2020), 1149–1178.
  37. Birgit Brüggemeier and Philip Lalone. 2022. Perceptions and reactions to conversational privacy initiated by a conversational user interface. Computer Speech & Language 71 (2022), 101269.
  38. GDPR: when the right to access personal data becomes a threat. In 2020 IEEE International Conference on Web Services (ICWS).
  39. GDPiRated – Stealing Personal Information On- and Offline. In European Symposium on Research in Computer Security. Springer, 367–386.
  40. “It did not give me an option to decline”: A Longitudinal Analysis of the User Experience of Security and Privacy in Smart Home Products. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–16.
  41. Farah Chanchary and Sonia Chiasson. 2015. User perceptions of sharing, advertising, and tracking. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). 53–67.
  42. Temporal mode-checking for runtime monitoring of privacy policies. In International Conference on Computer Aided Verification. Springer, 131–149.
  43. Which Strategies are Used in the Design of Technical LA Infrastructure?: A Qualitative Interview Study. In 2020 IEEE Global Engineering Education Conference (EDUCON).
  44. cnil 2022. The CNIL website. https://www.cnil.fr/en/search/data%20rights.
  45. cnpd 2022. Right of access to data. https://www.cnpd.pt/cidadaos/direitos/direito-de-acesso-aos-dados/.
  46. Julie E. Cohen. 2021. How (Not) to Write a Privacy Law. https://s3.amazonaws.com/kfai-documents/documents/306f33954a/3.23.2021-Cohen.pdf.
  47. Commission Nationale de l’Informatique et des Libertés. 2018. Blockchain and the GDPR: Solutions for a responsible use of the blockchain in the context of personal data.
  48. Commission Nationale de l’Informatique et des Libertés. 2019. Online targeted advertisement: what action plan for the CNIL? https://www.cnil.fr/en/online-targeted-advertisement-what-action-plan-cnil.
  49. Commission Nationale de l’Informatique et des Libertés. 2021. First G7 of Data Protection Authorities: an international debate on cooperation in digital regulation.
  50. A comparison of data protection legislation and policies across the EU. Computer Law & Security Review 34, 2 (2018), 234–243.
  51. A. Da Veiga. 2018. An information privacy culture instrument to measure consumer privacy expectations and confidence. Information and Computer Security 26, 3 (2018), 338–364.
  52. A comparison of compliance with data privacy requirements in two countries. In 26th European Conference on Information Systems. University of Portsmouth.
  53. Brian Daigle and Mahnaz Khan. 2020. The EU general data protection regulation: an analysis of enforcement trends by EU data protection authorities. J. Int’l Com. & Econ. (2020), 1.
  54. darkpatters 2018. DECEIVED BY DESIGN: How tech companies use dark patterns to discourage us from exercising our rights to privacy. https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf.
  55. datainuse 2022. Encryption of data in use: A new standard in data protection. https://www.cynance.co/encryption-of-data-in-use-data-protection/.
  56. Kevin E Davis and Florencia Marotta-Wurgler. 2019. Contracting for personal data. NYUL Rev. 94 (2019), 662.
  57. Who needs to know what, when?: Broadening the Explainable AI (XAI) Design Space by Looking at Explanations Across the AI Lifecycle. In Designing Interactive Systems Conference 2021. 1591–1602.
  58. Personal Information Leakage by Abusing the {{\{{GDPR}}\}}’Right of Access’. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). 371–385.
  59. “It’s Your Private Information. It’s Your Life.” Young People’s views of personal data use by online technologies. In Proceedings of the interaction design and children conference. 121–134.
  60. Daria Dubrova. 2018. GDPR IMPLEMENTATION FOR BUSINESS: CHALLENGES AND OPPORTUNITIES.
  61. Melanie Duckert and Louise Barkhuus. 2022. Protecting Personal Health Data through Privacy Awareness: A study of perceived data privacy among people with chronic or long-term illness. Proceedings of the ACM on Human-Computer Interaction (2022).
  62. Does context in privacy communication really matter?—a survey on consumer concerns and preferences. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. 1–11.
  63. edpb 2020. Contribution of the EDPB to the evaluation of the GDPR under Article 97. https://edpb.europa.eu/sites/default/files/files/file1/edpb_contributiongdprevaluation_20200218.pdf.
  64. Lilian Edwards. 2004. The Problem With Privacy–A Modest Proposal. (2004).
  65. Bringing transparency design into practice. In 23rd international conference on intelligent user interfaces. 211–223.
  66. eurobarometer 2019. Eurobarometer 91.2 March 2019 ZA No. 7562. https://www.gesis.org/en/eurobarometer-data-service/survey-series/standard-special-eb/study-overview/eurobarometer-912-za7562-march-2019.
  67. An empirical evaluation of GDPR compliance violations in Android mHealth apps. In 2020 IEEE 31st International Symposium on Software Reliability Engineering (ISSRE).
  68. Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google’s My Activity. In 30th USENIX Security Symposium (USENIX Security 21). 483–500.
  69. SPECIAL: Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance. (2018).
  70. Christian Fuchs. 2011. Towards an alternative concept of privacy. Journal of Information, Communication and Ethics in Society 9, 4 (2011), 220–237.
  71. Helping mobile application developers create accurate privacy labels. In 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 212–230.
  72. Revealing the landscape of privacy-enhancing technologies in the context of data markets for the IoT: A systematic literature review. Journal of Network and Computer Applications 207 (2022), 103465. https://doi.org/10.1016/j.jnca.2022.103465
  73. GDPR.EU. 2019. GDPR Small Business Survey.
  74. germ-conf 2022. The BfDI takes the Chair of the Data Protection Conference 2022. https://www.bfdi.bund.de/SharedDocs/Pressemitteilungen/EN/2022/01_Chair-Data-Protection-Conference.html;jsessionid=D80C8F734E2F4D5A0BD151459C183768.intranet242?nn=253682.
  75. germ-dark 2022. New guidelines on Article 60 of the GDPR and “dark patterns”. https://www.bfdi.bund.de/SharedDocs/Pressemitteilungen/EN/2022/04_Guidlines-on-dark-patterns.html?nn=355282.
  76. Bryce Goodman and Seth Flaxman. 2017. European Union regulations on algorithmic decision-making and a “right to explanation”. AI magazine (2017).
  77. The Case for Establishing a Collective Perspective to Address the Harms of Platform Personalization. Vanderbilt Journal of Entertainment & Technology Law, Forthcoming (2022).
  78. Sukeshini A. Grandhi and Linda Plotnick. 2022. Do I Spit or Do I Pass? Perceived Privacy and Security Concerns of Direct-to-Consumer Genetic Testing. Proceedings of the ACM on Human-Computer Interaction (PACMHCI) 6, GROUP, Article 19 (2022), 26 pages. https://doi.org/10.1145/3492838
  79. Dark patterns and the legal requirements of consent banners: An interaction criticism perspective. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–18.
  80. Casandra Grundstrom and Maria Karampela. 2018. A transforming insurance company and the 4 types of health data challenges that Arise: a Finnish case study. In Proceedings of the 12th EAI International Conference on Pervasive Computing Technologies for Healthcare. 310–317.
  81. A Comparative Study of Dark Patterns Across Web and Mobile Modalities. Proceedings of the ACM on Human-Computer Interaction (PACMHCI) (2021).
  82. Andreas Gutmann and Mark Warner. 2019. Fight to be forgotten: Exploring the efficacy of data erasure in popular operating systems. In Privacy Technologies and Policy: 7th Annual Privacy Forum, APF 2019, Rome, Italy, June 13–14, 2019, Proceedings 7. Springer, 45–58.
  83. "It’s a Scavenger Hunt": Usability of Websites’ Opt-Out and Data Deletion Choices.
  84. An empirical analysis of data deletion and opt-out choices on 150 websites. In Proceedings of the 15th Symposium on Usable Privacy and Security.
  85. Designing for the better by taking users into account: A qualitative evaluation of user control mechanisms in (news) recommender systems. In Proceedings of the 13th ACM Conference on Recommender Systems.
  86. Woodrow Hartzog and Neil M Richards. 2022. Legislating Data Loyalty. (2022).
  87. A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps. Empirical software engineering 26, 3 (2021), 1–51.
  88. Claudia E Haupt. 2020. PLATFORMS AS TRUSTEES: INFORMATION FIDUCIARIES AND THE VALUE OF ANALOGY. Harv. L. Rev. F. 134 (2020), 34.
  89. Eelco Herder and Olaf van Maaren. 2020. Privacy dashboards: the impact of the type of personal data and user control on trust and perceived risk. In Adjunct publication of the 28th ACM conference on user modeling, adaptation and personalization. 169–174.
  90. The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law (2019).
  91. Aspen Hopkins and Serena Booth. 2021. Machine learning practices outside big tech: How resource constraints challenge responsible development. In Proceedings of the 2021 AAAI/ACM Conference on AI, Ethics, and Society.
  92. Xuehui Hu and Nishanth Sastry. 2019. Characterising third party cookie usage in the EU after GDPR. In Proceedings of the 10th ACM Conference on Web Science. 137–141.
  93. Aziz Z Huq. 2021. The Public Trust in Data. Geo. LJ 110 (2021), 333.
  94. Empirical Results on the Collaboration Between Enterprise Architecture and Data Protection Management during the Implementation of the GDPR. In HICSS. 1–10.
  95. ico 2022. Individuals’ rights . https://ico.org.uk/for-organisations/accountability-framework/individuals-rights/.
  96. Information Commissioner’s Office. 2021. Update report into adtech and real time bidding.
  97. Information Commissioner’s Office. 2022a. Guidance on AI and data protection.
  98. Information Commissioner’s Office. 2022b. How do we ensure individual rights in our AI systems?
  99. Information Commissioner’s Office. 2022c. Make a complaint.
  100. Ireland-paralysis 2022. Decision on whether the European Commission collects sufficient information to monitor Ireland’s implementation of the EU’s General Data Protection Regulation (GDPR) (Case 97/2022/PB). https://www.ombudsman.europa.eu/en/decision/en/164337.
  101. Irish Council for Civil Liberties. 2021. Europe’s enforcement paralysis. https://www.iccl.ie/wp-content/uploads/2021/09/Europes-enforcement-paralysis-2021-ICCL-report-on-GDPR-enforcement.pdf.
  102. Irish Data Protection Commission. 2022. One-Stop-Shop Cross-Border Complaint Statistics. https://www.dataprotection.ie/sites/default/files/uploads/2022-10/04.10.22%20Cross%20border%20complaint%20stats%202018%20to%20Sept%202022.pdf.
  103. Edward J Janger and Paul M Schwartz. 2001. The gramm-leach-bliley act, information privacy, and the limits of default rules. Minn. L. Rev. 86 (2001), 1219.
  104. Marko Jäntti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. In 2020 14th International Conference on Innovations in Information Technology (IIT). IEEE, 57–62.
  105. A Study of South Asian Websites on Privacy Compliance. IEEE Access (2020).
  106. Iris Jennes and Wendy Van den Broeck. 2017. The Social Construction of Targeted Television Advertising: The Importance of" Social Arrangements" in the Development of Targeted Television Advertising in Flanders. In Proceedings of the 2017 ACM International Conference on Interactive Experiences for TV and Online Video. 41–50.
  107. Terms and conditions apply: Critical issues for readability and jargon in mental health depression apps. Internet interventions (2021).
  108. Laurence Kalman. 2019. New european data privacy and cyber security laws: One year later. Commun. ACM (2019).
  109. Georgios Kampanos and Siamak F Shahandashti. 2021. Accept all: The landscape of cookie banners in Greece and the UK. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings. Springer, 213–227.
  110. Helping john to make informed decisions on using social login. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1165–1174.
  111. The dilemma of user engagement in privacy notices: Effects of interaction modes and habituation on user attention. ACM Transactions on Privacy and Security (TOPS) 23, 1 (2020), 1–38.
  112. "How I Know For Sure": People’s Perspectives on Solely Automated Decision-Making (SADM). In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). 159–180.
  113. The unbearable lightness of consent: Mapping MOOC providers’ response to consent. In Proceedings of the fifth annual ACM conference on learning at scale. 1–11.
  114. Lina M Khan and David E Pozen. 2019. A skeptical view of information fiduciaries. Harv. L. Rev. 133 (2019), 497.
  115. Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & security 64 (2017), 122–134.
  116. Dark patterns in the wild: Review of cookie disclaimer designs on top 500 german websites. In Proceedings of the 2021 European Symposium on Usable Security. 1–8.
  117. How do app vendors respond to subject access requests? A longitudinal privacy study on iOS and Android Apps. In Proceedings of the 15th International Conference on Availability, Reliability and Security. 1–10.
  118. The Right to Data Portability: conception, status quo, and future directions. Informatik Spektrum 44, 4 (2021), 264–272.
  119. Has the GDPR hype affected users’ reaction to cookie disclaimers? Journal of Cybersecurity (2020).
  120. Re-thinking Digital Health: Data, Appisation and the (im)possibility of ‘Opting out’. Digital Health (2019).
  121. Alexa, are you listening? Privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. Proceedings of the ACM on Human-Computer Interaction 2, CSCW (2018), 1–31.
  122. Christophe Lazaro and Daniel Le Metayer. 2015. Control over personal data: True remedy or fairy tale. SCRIPTed 12 (2015), 3.
  123. Daniel Le Métayer. 2016. Whom to trust? Using technology to enforce privacy. Enforcing Privacy: Regulatory, Legal and Technological Approaches (2016), 395–437.
  124. Coconut: An IDE plugin for developing privacy-friendly apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, 4 (2018), 1–35.
  125. How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit. Proceedings of the ACM on Human-Computer Interaction (2021).
  126. Honeysuckle: Annotation-guided code generation of in-app privacy notices. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 5, 3 (2021).
  127. Measuring the effectiveness of privacy policies for voice assistant applications. In Annual Computer Security Applications Conference. 856–869.
  128. Have You Been Properly Notified? Automatic Compliance Analysis of Privacy Policy Text with GDPR Article 13. In Proceedings of the Web Conference 2021. Association for Computing Machinery, 2154–2164.
  129. Protecting Privacy on Mobile Apps: A Principal–Agent Perspective. ACM Transactions on Computer-Human Interaction (TOCHI) 29, 1, Article 7 (jan 2022), 32 pages. https://doi.org/10.1145/3475797
  130. Natasha Lomas. 2018. France records big jump in privacy complaints since GDPR.
  131. Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process. In Proceedings of the 33rd Annual ACM conference on human factors in computing systems.
  132. Aale Luusua and Johanna Ylipulli. 2021. Nordic cities meet artificial intelligence: city officials’ views on artificial intelligence and citizen data in Finland. In C&T’21: Proceedings of the 10th International Conference on Communities & Technologies-Wicked Problems in the Age of Tech. 51–60.
  133. Conceptualising contestability: Perspectives on contesting algorithmic decisions. Proceedings of the ACM on Human-Computer Interaction 5, CSCW1 (2021), 1–25.
  134. An empirical study on the impact of GDPR and right to be forgotten-organisations and users perspective. In Proceedings of the 15th international conference on availability, reliability and security.
  135. Do you know where your data are? secure data capsules for deployable data protection. In 13th Workshop on Hot Topics in Operating Systems (HotOS XIII).
  136. A demonstration of the solid platform for social web applications. In Proceedings of the 25th international conference companion on world wide web. 223–226.
  137. All in one! user perceptions on centralized IoT privacy settings. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems.
  138. Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites. Proceedings of the ACM on Human-Computer Interaction (PACMHCI) (2019).
  139. Maryam Mehrnezhad. 2020. A Cross-Platform Evaluation of Privacy Notices and Tracking Practices. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 97–106.
  140. Maryam Mehrnezhad and Teresa Almeida. 2021. Caring for intimate data in fertility technologies. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–11.
  141. Owning and sharing: Privacy perceptions of smart speaker users. Proceedings of the ACM on Human-Computer Interaction 5, CSCW1 (2021), 1–29.
  142. I. Milkaite and E. Lievens. 2020. Child-friendly transparency of data processing in the EU: from legal requirements to platform policies. Journal of Children and Media (2020).
  143. Towards new privacy regulations in europe: Users’ privacy perception in recommender systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11342 LNCS (2018), 319–330.
  144. Analyzing GDPR compliance through the lens of privacy policy. In Heterogeneous Data Management, Polystores, and Analytics for Healthcare. Springer, 82–95.
  145. Disclosure Antecedents in an Online Service Context: The Role of Sensitivity of Information. Journal of Service Research (2012).
  146. Towards queryable user profiles: Introducing conversational agents in a platform for holistic user modeling. In Adjunct publication of the 28th ACM conference on user modeling, adaptation and personalization. 213–218.
  147. myactivity 2022. Google’s My Activity. https://myactivity.google.com/myactivity.
  148. Share First, Ask Later (or Never?) Studying Violations of {{\{{GDPR’s}}\}} Explicit Consent in Android Apps.
  149. nor-com 2021. How to complain to the Norwegian Data Protection Authority. https://www.datatilsynet.no/en/about-us/contact-us/how-to-complain-to-the-norwegian-dpa/.
  150. Data protection and tech startups: The need for attention, support, and scrutiny. Policy & Internet (2021).
  151. Futures for Health Research Data Platforms From the Participants’ Perspectives. In Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society.
  152. Information design in an aged care context: Views of older adults on information sharing in a care triad. In Proceedings of the 13th EAI international conference on pervasive computing technologies for healthcare. 101–110.
  153. Jonathan A Obar and Anne Oeldorf-Hirsch. 2020. The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society 23, 1 (2020), 128–147.
  154. Implementing electric consent aimed at people living with dementia and their caregivers: Did we forget those who forget?. In 54th Hawaii International Conference on System Sciences, Kauai, Hawaii, USA, 4-8 January 2021. University of Hawai’i at Manoa, 3893–3902.
  155. Will EU’s GDPR Act as an Effective Enforcer to Gain Consent? IEEE Access (2021).
  156. Will EU’s GDPR act as an effective enforcer to gain consent? IEEE Access 9 (2021), 79477–79490.
  157. J. Ostheimer and S. Iqbal. 2019. Privacy in online dating: Does it matter?. In ACM International Conference Proceeding Series.
  158. “You Gotta Watch What You Say”: Surveillance of Communication with Incarcerated People. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–18.
  159. M. Paliński. 2021. Paying with your data. privacy tradeoffs in ride-hailing services. Applied Economics Letters (2021).
  160. Cookie synchronization: Everything you always wanted to know but were afraid to ask. In The World Wide Web Conference. 1432–1442.
  161. Privacy concerns regarding wearable IoT devices: How it is influenced by GDPR?. In Proceedings of the Annual Hawaii International Conference on System Sciences, Vol. 2020-January. 4388–4397.
  162. Assessing privacy policies of Internet of Things services. In IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 156–169.
  163. pew-privacy 2019. Americans’ attitudes and experiences with privacy policies and laws. https://www.pewresearch.org/internet/2019/11/15/americans-attitudes-and-experiences-with-privacy-policies-and-laws/.
  164. Pew Research Center. 2019. Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/.
  165. Benjamin Phillips. 2021. UK further education sector journey to compliance with the general data protection regulation and the data protection act 2018. Computer Law & Security Review (2021).
  166. Jean Piaget. 2013. The mechanisms of perception. Routledge.
  167. Evaluating privacy-determining user privacy expectations on the web. computers & security 105 (2021), 102241.
  168. Alexa, we need to talk: a data literacy approach on voice assistants. In Designing Interactive Systems Conference 2021. 495–507.
  169. por-ml 2021. Data Protection: The challenges of Artificial Intelligence. https://www.cnpd.pt/comunicacao-publica/calendario-de-eventos/protecao-de-dados-os-desafios-da-inteligencia-artificial/.
  170. The benefits and challenges of general data protection regulation for the information technology sector. Digital Policy, Regulation and Governance (2019).
  171. Jon Porter. 2019. GDPR MAKES IT EASIER TO GET YOUR DATA, BUT THAT DOESN’T MEAN YOU’LL UNDERSTAND IT.
  172. Wanda Presthus and Kaja Felix Sønslien. 2021. An analysis of violations and sanctions following the GDPR. International Journal of Information Systems and Project Management (2021).
  173. Wanda Presthus and Hanne Sørum. 2018. Are consumers concerned about privacy? An online survey emphasizing the general data protection regulation. Procedia Computer Science 138 (2018), 603–611.
  174. Wanda Presthus and Hanne Sørum. 2019. Consumer perspectives on information privacy following the implementation of the GDPR. International Journal of Information Systems and Project Management (2019).
  175. Wanda Presthus and Hanne Sørum. 2021. A three-year study of the GDPR and the consumer. In 14th IADIS International Conference Information Systems 2021. 153–160.
  176. S. Prior and N. Coull. 2020. Parents unwittingly leak their children’s data: A GDPR time bomb? Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2020).
  177. Alexandr Railean and Delphine Reinhardt. 2018. Let There Be LITE: Design and Evaluation of a Label for IoT Transparency Enhancement. In Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services Adjunct (Barcelona, Spain). Association for Computing Machinery, New York, NY, USA, 103–110.
  178. reg-eval 2020. The EDPB has reached an agreement on the evaluation of the GDPR. https://www.bfdi.bund.de/SharedDocs/Pressemitteilungen/EN/2020/04_EDSA-Evaluierungsverfahren-DSGVO.html?nn=355282.
  179. Priscilla M Regan. 1995. Legislating privacy: Technology, social values, and public policy. Univ of North Carolina Press.
  180. Do patients want to know who accesses their personal health information?: A questionnaire to university students. In 2018 13th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 1–6.
  181. K. Renaud and L. A. Shepherd. 2018. How to make privacy policies both GDPR-compliant and usable. In 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2018.
  182. “Why should I trust you?” Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. 1135–1144.
  183. From social netizens to data citizens: Variations of GDPR awareness in 28 European countries. Computer Law & Security Review 42 (2021), 105585.
  184. Jukka Ruohonen and Kalle Hjerppe. 2022. The GDPR enforcement fines at glance. Information Systems 106 (2022), 101876.
  185. A Data-Driven Analysis of Blockchain Systems’ Public Online Communications on GDPR. In 2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS). IEEE, 22–31.
  186. Waliyah Sahqani and Luca Turchet. 2021. Co-designing Employees’ Data Privacy: a Technology Consultancy Company Use Case. In 2021 28th Conference of Open Innovations Association (FRUCT).
  187. The living room of the future. In Proceedings of the 2019 ACM International Conference on Interactive Experiences for TV and Online Video.
  188. Human Data Interaction in Data-Driven Media Experiences: An Exploration of Data Sensitive Responses to the Socio-Technical Challenges of Personal Data Leverage. In ACM International Conference on Interactive Media Experiences. 108–119.
  189. Automatic assessment of privacy policies under the GDPR. Applied Sciences 11, 4 (2021), 1762.
  190. Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (Auckland, New Zealand) (Asia CCS ’19). Association for Computing Machinery, New York, NY, USA, 340–351.
  191. Supraja Sankaran and Panos Markopoulos. 2021. “It’s like a puppet master”: User Perceptions of Personal Autonomy when Interacting with Intelligent Technologies. In Proceedings of the 29th ACM Conference on User Modeling, Adaptation and Personalization.
  192. Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens. In Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society. 187–194.
  193. Policy-carrying data: A privacy abstraction for attaching terms of service to mobile data. In Proceedings of the 16th International Workshop on Mobile Computing Systems and Applications. 129–134.
  194. Bootstrapping privacy compliance in big data systems. In 2014 IEEE Symposium on Security and Privacy. IEEE, 327–342.
  195. Informing the Design of Privacy-Empowering Tools for the Connected Home. Association for Computing Machinery, New York, NY, USA, 1–14.
  196. Privacy during Pandemic: A Global View of Privacy Practices around COVID-19 Apps. In ACM SIGCAS Conference on Computing and Sustainable Societies. 215–229.
  197. Maria Sideri and Stefanos Gritzalis. 2020. Are We Really Informed on the Rights GDPR Guarantees?. In International Symposium on Human Aspects of Information Security and Assurance. Springer, 315–326.
  198. Are we there yet? Understanding the challenges faced in complying with the General Data Protection Regulation (GDPR). In Proceedings of the 2nd International Workshop on Multimedia Privacy and Security.
  199. Ido Sivan-Sevilla. 2022. Varieties of enforcement strategies post-GDPR: a fuzzy-set qualitative comparative analysis (fsQCA) across data protection authorities. Journal of European Public Policy (2022), 1–34.
  200. Daniel J. Solove. 2023. The Limitations of Privacy Rights. Notre Dame Law Review 98 (2023). Forthcoming.
  201. Nuanwan Soonthornphisaj and Sarach Tuomchomtam. 2019. Internet User Perception on Data Privacy Protection: Big Data Analytics on Twitter. In FSDM. 170–180.
  202. A Gender Perspective on GDPR and Information Privacy. Procedia Computer Science 196 (2022), 175–182.
  203. Hanne Sørum and Wanda Presthus. 2020. Dude, where’s my data? The GDPR in practice, from a consumer’s point of view. Information Technology & People (2020).
  204. sp-sem 2021. Seminario ‘Privacidad, sostenibilidad e innovación’ de los cursos de verano de la UIMP. https://www.aepd.es/es/la-agencia/agenda/seminario-privacidad-sostenibilidad-e-innovacion-de-los-cursos-de-verano-de-la.
  205. Synthetic Data – Anonymisation Groundhog Day. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1451–1468. https://www.usenix.org/conference/usenixsecurity22/presentation/stadler
  206. No to cookies: Empowering impact of technical and legal knowledge on rejecting tracking cookies. Computers in Human Behavior 120 (2021), 106750.
  207. Artur Strzelecki and Mariia Rizun. 2020. Consumers’ security and trust for online shopping after GDPR: examples from Poland and Ukraine. Digital Policy, Regulation and Governance (2020).
  208. Alanoud Subahi and George Theodorakopoulos. 2018. Ensuring compliance of IoT devices with their Privacy Policy Agreement. In 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud). IEEE, 100–107.
  209. “They See You’re a Girl if You Pick a Pink Robot with a Skirt”: A Qualitative Study of How Children Conceptualize Data Processing and Digital Privacy Risks. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–34.
  210. Child Safety in the Smart Home: Parents’ Perceptions, Needs, and Mitigation Strategies. Proceedings of the ACM on Human-Computer Interaction (2021).
  211. Ruoxi Sun and Minhui Xue. 2020. Quality Assessment of Online Automated Privacy Policy Generators: An Empirical Study. In Proceedings of the Evaluation and Assessment in Software Engineering. 270–275.
  212. A large-scale exploration of terms of service documents on the web. In Proceedings of the 21st ACM Symposium on Document Engineering. 1–4.
  213. PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics. 15–21.
  214. tiktok 2020. TikTok and Whatsapp privacy policies ‘among hardest to understand’. https://www.netimperative.com/2020/11/25/tiktok-and-whatsapp-privacy-policies-among-hardest-to-understand/.
  215. A Case Study on the Implementation of the Right of Access in Privacy Dashboards. In Annual Privacy Forum. Springer, 23–46.
  216. Ppl: Primelife privacy policy engine. In 2011 IEEE International Symposium on Policies for Distributed Systems and Networks. IEEE, 184–185.
  217. The exercisability of the right to data portability in the emerging Internet of Things (IoT) environment. new media & society 23, 10 (2021), 2861–2881.
  218. “Your hashed IP address: Ubuntu." perspectives on transparency tools for online advertising. In Proceedings of the 35th Annual Computer Security Applications Conference. 702–717.
  219. A Study on Subject Data Access in Online Advertising After the GDPR. In Data Privacy Management, Cryptocurrencies and Blockchain Technology.
  220. “At the End of the Day Facebook Does What It Wants” How Users Experience Contesting Algorithmic Content Moderation. Proceedings of the ACM on human-computer interaction 4, CSCW2 (2020), 1–22.
  221. Tales from the porn: A comprehensive privacy analysis of the web porn ecosystem. In Proceedings of the Internet Measurement Conference. 245–258.
  222. Co-constitutive complexity. Nordicom Review 42, 1 (2021), 124–140.
  223. GDPR Compliance in the Design of the INFORM e-Learning Platform: a Case Study. In 2019 13th International Conference on Research Challenges in Information Science (RCIS). IEEE, 1–12.
  224. CompLicy: Evaluating the GDPR Alignment of Privacy Policies-A Study on Web Platforms. In International Conference on Research Challenges in Information Science. Springer, 152–168.
  225. Pursuing usable and useful data downloads under GDPR/CCPA access rights via Co-design. In Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021.
  226. Salome Viljoen. 2021. A Relational Theory of Data Governance. Yale LJ 131 (2021), 573.
  227. Data dashboard: exploring centralization and customization in personal data curation. In Proceedings of the 2020 ACM Designing Interactive Systems Conference. 311–326.
  228. Keeping and Discarding Personal Data: Exploring a Design Space. In Proceedings of the 2019 on Designing Interactive Systems Conference.
  229. Implementing GDPR in Social Networks Using Trust and Context. In Cyber Security Cryptography and Machine Learning: 5th International Symposium, CSCML 2021, Be’er Sheva, Israel, July 8–9, 2021, Proceedings 5. Springer, 497–503.
  230. Lev S Vygotsky. 1991. Genesis of the higher mental functions. (1991).
  231. Regulating transparency? Facebook, twitter and the German network enforcement act. In Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency. 261–271.
  232. Ari Ezra Waldman. 2021. The new privacy law. UC Davis Law Review 55 (2021).
  233. Riverbed: Enforcing user-defined privacy constraints in distributed web services. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). 615–630.
  234. {{\{{PrivGuard}}\}}: Privacy Regulation Compliance Made Easier. In 31st USENIX Security Symposium (USENIX Security 22). 3753–3770.
  235. J. Wettlaufer and H. Simo. 2020. Decision support for mobile app selection via automated privacy assessment. IFIP Advances in Information and Communication Technology (2020).
  236. Trust and commitment: Effect of applying consumer data rights on U.S. Consumers’ attitudes toward online retailers in big data era. Journal of Consumer Behaviour 20, 6 (2021), 1575–1590.
  237. Josephine Wolff and Nicole Atallah. 2021. Early GDPR penalties: Analysis of implementation and fines through May 2020. Journal of Information Policy 11 (2021), 63–103.
  238. Janis Wong and Tristan Henderson. 2018. How Portable is Portable? Exercising the GDPR’s Right to Data Portability. In Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers. 911–920.
  239. Hansol Woo and Jinho Yoo. 2020. Comparing User Rights in the Privacy Policies Presented by Major Websites in Korea, the United States, and the United Kingdom. International Journal of Engineering Research and Technology (2020).
  240. Defending my castle: A co-design study of privacy mechanisms for smart homes. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems.
  241. Razieh Nokhbeh Zaeem and K Suzanne Barber. 2020. The effect of the GDPR on privacy policies: Recent progress and future promise. ACM Transactions on Management Information Systems (TMIS) 12, 1 (2020), 1–20.
  242. The GDPR at the organizational level: a comparative study of eight European countries. (2021).
  243. “Did you know this camera tracks your mood?”: Understanding Privacy Expectations and Preferences in the Age of Video Analytics. Proceedings on Privacy Enhancing Technologies 2021, 2 (2021).
  244. Facial recognition: Understanding privacy concerns and attitudes across increasingly diverse deployment scenarios. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). 243–262.
  245. How does misconfiguration of analytic services compromise mobile privacy?. In 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). IEEE, 1572–1583.
  246. Transparency by default: GDPR Patterns for Agile Development. In International Conference on Electronic Government and the Information Systems Perspective.
  247. Zoe Zwiebelmann and Tristan Henderson. 2021. Data Portability as a Tool for Audit. In Adjunct Proceedings of the 2021 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2021 ACM International Symposium on Wearable Computers. 276–280.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now