Post on 07-Apr-2017
transcript
Privacy Languages: Are we there yet to enable user controls?
Jun Zhao, Reuben Binns, Max Van Kleek and Nigel ShadboltPersonal Data and Privacy Lab
Department of Computer ScienceUniversity of Oxford
Dominic DifranzoECS, Faculty of Physical
Sciences and EngineeringUniversity of Southampton
Motivation
Personal data is one of the most valuable commodities
● The revenue of digital advertising in the EU in 2014 is estimated to be €30.7bn1
However,
● Users have limited knowledge about how their data are used● Users have no control of how they expect their data to be used
1. Interactive Advertising Bureau AdEx Benchmark research, http://www.iabuk.net/about/press/archive/eu-online-advertising-reaches-landmark-307bn
Tracking is ubiquitous
● There is 99.5% chance that a user will become tracked by all top 10 trackers within 30 clicks on top search results. (Gomer et al 2013)
● Users have little awareness and control
https://www.mozilla.org/en-US/lightbeam/ http://research.microsoft.com/apps/pubs/default.aspx?id=201586
Beyond the webWeb browsing is just part of a wider sphere of potential privacy harms, including:
- Employment- Health- Finance- Consumer spending
How can people express their wishes about the use of their personal data in these domains?
An example scenario: sharing of medical data
Users
- Want controls E.g, no commercial use
- Limited time + capacity to read and process notifications
Information controller
- Show commitment E.g research purpose only
- Act according to socially and/or legally binding agreements
Existing privacy enhancement approaches● Organisation-centric approaches
○ Structured privacy policy from information controllers, like P3P (https://www.w3.org/P3P/)
○ Standardisation effort: Do Not Track, and P3P
● User-centric approaches
○ More usable privacy notifications, like privacy nutrition labels
○ Browser plug-in developments, e.g. Mozilla Privacy Icons, ToS;DR
○ Privacy preference languages
Credit of privacy nutrition label to: https://cups.cs.cmu.edu/privacyLabel/files/CHI-privacyFinal2010
Users remain the weak points
Users
Control remains a weak point
- A lot of past efforts- But little uptake- Why?
Information controller
- Show commitment- Act on social and legal
binding
Our privacy language reviewPrivacy languages
● A declarative language for specifying both users’ privacy preferences and information controllers’ privacy policies in a machine-readable way+
Existing reviews
● Kumaraguru et al 2007 and Kolter 2009: focused on the purpose of languages only ● Belanger and Crossler 2011: a review of privacy in Management Information Systems ● Kasem-Madani and Meier 2015: more focus on security
Our goal
● A user-centric review: focusing on the support for users, instead of organisations● Gaining insights on design a user-centric language that is easy-to-use
+Becker et al. Practical Generic Privacy Language. Information Systems Security. Springer Berlin Heidelberg, 2010. 125-139.
Methodology of the review
● 18 privacy languages from existing review literature ● Limited to academic efforts● Eliminated those languages that describe access control only● 10 languages in the review● Assessment through 3 dimensions
○ Their design purpose○ Their user-facing tooling support○ Their consideration of interoperability
Purpose of the languages
● More emphasis on information controllers (i.e. through policy languages), than users (i.e. through preference languages)
● Some preference languages are too simple, and with limited expressivity
● Other preference languages are way too complicated to be used by end users
● Nothing we can use off-the-shelf
Tooling support
● Motivation○ Easy-to-use user facing tool is critical for adoptions of any proposed languages○ Been shown as a critical barrier to the adoptions of standards like P3P
● Observations○ Very few languages come with a user-facing tool (3 out of 10)○ Very limited usability studies (except one tool) to ensure that these tools are
truly usable for the end users●
Interoperability
● Motivation○ Privacy is a ubiquitous issue, given the fast
development of mobile devices and IoTs○ Privacy languages from different devices, users and
platforms must be interchangeable● Observations
○ Pros: Languages are defined in standard formats, like XML or RDF
○ Cons: standardisation efforts (like P3P) have failed, with the lack of social agreements and legal enforcements
Reflections
● Strengths○ Extensive understanding on privacy scenarios and challenges
● Weaknesses○ Existing languages are either too complicated for normal web users or too
simplistic to cope with the diverse requirements
○ Limited tooling development for end users
Future work● A first-step towards user-centric privacy ---
enabling users to gain control● Easy-to-use privacy preference language● Easy-to-use user-facing tools● Tracking breakage of terms on a
decentralised Web (of Things)