Privacy-Sovereign Interaction: Enabling Privacy-Sovereignty for End-Users in the Digital Era

As a result of the ongoing digitization, people are increasingly interacting with digital data. Since these data can contain sensitive personal information, the privacy of users plays a central role in the digitization. However, current technologies often do not reflect the capabilities and knowledge of their users sufficiently or do not offer options for individual privacy protection. As a result, users can be overwhelmed when trying to enforce personal privacy preferences or can have difficulties making privacy decisions. Consequently, the privacy-sovereignty of users in the digital world is limited. This thesis investigates mechanisms and principles that enable users to interact sovereignly in the digital world in the scope of information privacy. The three main contributions of this thesis are as follows: The first main contribution explores privacy protection through two-factor authentication. First, user experiences and preferences are captured in an interview study. Based on the results, requirements for usable and customizable two-factor authentication are described. A concept for two-factor authentication utilizing individualizable 3D-printed objects is developed, implemented, and evaluated to realize these requirements. The second main contribution explores individual verifiability of private data in the context of Internet voting. First, a categorization of existing cryptographic schemes that particularly considers voters is developed. Then, the categories of schemes are evaluated in a user study. Interface realizations of the category that performed best in this investigation are evaluated in more depth and refined in three consecutive studies. The third main contribution deals with the data of people in environments that are equipped with IoT devices. First, individual perceptions and mental models of privacy in these environments are examined. Based on this, a concept for personal privacy assistance based on privacy profiles is presented and investigated in a large scale study. All contributions were specifically investigated in the context of privacy-sovereign interaction. The results presented in this thesis are empirically supported by fifteen studies.