PrivacyInsight: The Next Generation Privacy Dashboard

Transparency is an integral part of European data protection. In particular, the right of access allows the data subject to verify if his personal data is processed in a lawful manner. The data controller has the full obligation to provide all information on personal data processing in an easily accessible way. Privacy dashboards are promising tools for this purpose. However, there is not yet any privacy dashboard available which allows full access to all personal data. Particularly, information flows remain unclear. We present the next generation privacy dashboard PrivacyInsight. It provides full access to all personal data along information flows. Additionally, it allows exercising the data subject’s further rights. We evaluate PrivacyInsight in comparison with existing approaches by means of a user study. Our results show that PrivacyInsight is the most usable and most feature complete existing privacy dashboard.

[1]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[2]  Michael Netter,et al.  Visualizing Past Personal Data Disclosures , 2010, 2010 International Conference on Availability, Reliability and Security.

[3]  Oscar Mauricio Serrano Jaimes,et al.  EVALUACION DE LA USABILIDAD EN SITIOS WEB, BASADA EN EL ESTANDAR ISO 9241-11 (International Standard (1998) Ergonomic requirements For office work with visual display terminals (VDTs)-Parts II: Guidance on usability , 2012 .

[4]  Erik Wästlund,et al.  End User Transparency Tools : UI Prototypes , 2010 .

[5]  Elahe Kani-Zabihi,et al.  Increasing Service Users' Privacy Awareness by Introducing On-Line Interactive Privacy Features , 2011, NordSec.

[6]  Christoph Bier How Usage Control and Provenance Tracking Get Together - A Data Protection Perspective , 2013, 2013 IEEE Security and Privacy Workshops.

[7]  Jeff Sauro,et al.  The Factor Structure of the System Usability Scale , 2009, HCI.

[8]  Cláudio T. Silva,et al.  Provenance for Computational Tasks: A Survey , 2008, Computing in Science & Engineering.

[9]  Hans Hedbom,et al.  A Survey on Transparency Tools for Enhancing Privacy , 2008, FIDIS.

[10]  Thilo Weichert Auskunftsanspruch in verteilten Systemen , 2006, Datenschutz und Datensicherheit - DuD.

[11]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[12]  Erik Wästlund,et al.  Usable Transparency with the Data Track: A Tool for Visualizing Data Disclosures , 2015, CHI Extended Abstracts.

[13]  Martin Schrepp,et al.  Construction and Evaluation of a User Experience Questionnaire , 2008, USAB.

[14]  Philip T. Kortum,et al.  Determining what individual SUS scores mean: adding an adjective rating scale , 2009 .

[15]  Christian Schaefer,et al.  Usage Control Enforcement with Data Flow Tracking for X11 , 2009, STM 2009.

[16]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[17]  Roel Peeters,et al.  Distributed privacy-preserving transparency logging , 2013, WPES.

[18]  J. B. Brooke,et al.  SUS: A 'Quick and Dirty' Usability Scale , 1996 .

[19]  Thijs Veugen,et al.  Transparency Enhancing Tools (TETs): An Overview , 2013, 2013 Third Workshop on Socio-Technical Aspects in Security and Trust.

[20]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[21]  Alexander Pretschner,et al.  State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition , 2009, 2009 Third International Conference on Network and System Security.

[22]  Tobias Pulls,et al.  How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used? , 2013, Privacy and Identity Management.

[23]  Erik Wästlund,et al.  PET-USES: Privacy-Enhancing Technology - Users' Self-Estimation Scale , 2009, PrimeLife.

[24]  Luc Moreau,et al.  Provenance-Based Auditing of Private Data Use , 2008, BCS Int. Acad. Conf..

[25]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[26]  Alexander Pretschner,et al.  Representation-Independent Data Usage Control , 2011, DPM/SETOP.