B.Sc. in Information and Communication Systems Engineering from the University of the Aegean
M.Sc. in Information Systems from the Athens University of Economics and Business
• Privacy in Social Networking Services
• Privacy-by-Design
• Privacy Enhancing Technologies (PETs)
• Privacy Impact Assessment (PIA)
• Privacy Awareness
Abstract
(Purpose) This paper aims to practically guide privacy impact assessment (PIA) implementation by proposing a PIA process incorporating best practices from existing PIA guidelines and privacy research.
(Design/methodology/approach) This paper critically reviews and assesses generic PIA methods proposed by related research, data protection authorities and standard’s organizations, to identify best practices and practically support PIA practitioners. To address identified gaps, best practices from privacy literature are proposed.
(Findings) This paper proposes a PIA process based on best practices, as well as an evaluation framework for existing PIA guidelines, focusing on practical support to PIA practitioners.
(Practical implications) The proposed PIA process facilitates PIA practitioners in organizing and implementing PIA projects. This paper also provides an evaluation framework, comprising a comprehensive set of 17 criteria, for PIA practitioners to assess whether PIA methods/guidelines can adequately support requirements of their PIA projects (e.g. special legal framework and needs for PIA project organization guidance).
(Originality/value) This research extends PIA guidelines (e.g. ISO 29134) by providing comprehensive and practical guidance to PIA practitioners. The proposed PIA process is based on best practices identified from evaluation of nine commonly used PIA methods, enriched with guidelines from privacy literature, to accommodate gaps and support tasks that were found to be inadequately described or lacking practical guidance.
Abstract
(Purpose) In the Web 2.0 era, users massively communicate through social networking services (SNS),
often under false expectations that their communications and personal data are private. This paper aims to
analyze privacy requirements of personal communications over a public medium.
(Design/methodology/approach) This paper systematically analyzes SNS services as communication
models and considers privacy as an attribute of users’ communication. A privacy threat analysis for each
communication model is performed, based on misuse scenarios, to elicit privacy requirements per
communication type.
(Findings) This paper identifies all communication attributes and privacy threats and provides a
comprehensive list of privacy requirements concerning all stakeholders: platform providers, users and third
parties.
(Originality/value) Elicitation of privacy requirements focuses on the protection of both the
communication’s message and metadata and takes into account the public–private character of the medium
(SNS platform). The paper proposes a model of SNS functionality as communication patterns, along with a
method to analyze privacy threats. Moreover, a comprehensive set of privacy requirements for SNS designers,
third parties and users involved in SNS is identified, including voluntary sharing of personal data, the role of
the SNS platforms and the various types of communications instantiating in SNS.
Abstract
Built-in privacy is important for promoting users’ privacy and trust in Social Networking Services
(SNS). Up to now, privacy research has its focus on the development and employment of Privacy Enhancing
Technologies as add-on applications and on investigating users’ privacy preferences. This
paper draws on the principles of privacy-by-design and extends previous literature by identifying privacy
requirements for the development of privacy-friendly SNS platforms. The paper also evaluates currently
embedded privacy practices in four popular SNS platforms (Facebook, Google+, Twitter and Pinterest)
to assess the level of built-in privacy and proposes a list of guidelines and tools SNS platform designers
can employ.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Abstract
The importance of Privacy Ιmpact Αssessment (PIA) has been emphasized by privacy researchers and its conduction is provisioned in legal frameworks, such as the European Union’s General Data Protection Regulation. However, it is still a complicated and bewildering task for organizations processing personal data, as available methods and guidelines fail to provide adequate guidance confusing organisations and PIA practitioners. This paper analyzes the interplay among PIA stakeholders and proposes an organizational scheme for successful PIA projects.
Abstract
Privacy Impact Assessment (PIA) methods guide the implementation of Privacy-by-Design principles and are provisioned in the European Union’s General Data Protection Regulation. As implementing a PIA is still an intricate task for organizations, this paper provides a critical review and assessment of generic PIA methods proposed by related research, Data Protection Authorities and Standard’s Or-ganizations. The evaluation framework is based on a comprehensive set of criteria elicited through a systematic analysis of relevant literature. This paper also identifies elements of PIA methods that re-quire further support or clarification as well as issues that still remain open, such as the need for im-plementation of supporting tools.
Abstract
This paper discusses the effectiveness of privacy practices and tools employed by Web 2.0 service providers to facilitate users protect their privacy and respond to public pressure. By experimenting on three recently introduced tools, which claim to offer users access and choice on the data stored about them, we analyse their privacy preserving features. Research results indicate their limited effectiveness with regard to user privacy. We discuss discrepancy between stated goals of these privacy enhancing tools and actual goals these tools accomplish.
Abstract
This paper discusses the low adoption of PETs among SNS users, based on the results of an empirical investigation among users of social networking services. 170 members of 5 popular social networks provided information on how they protect their privacy, as well as on the most important factors guiding their decision to use privacy preserving tools or not. Research findings suggest that awareness of PETs is still low among social network users and that quality, effectiveness, cost and ease of use are critical factors influencing PETs adoption. A small number of users was also found not to employ any PETs, despite the fact that they reported being familiar with some of them. This paper enhances our understanding of PETs diffusion from the perspective of users and argues that usability aspects need to guide their design and implementation.
Abstract
Members of online social networks are often under an illusion of privacy, underestimating privacy risks related to their personal information published in their profiles. Current literature identifies privacy awareness as a key factor for enhancing user privacy. This paper identifies awareness raising applications and explores the effectiveness of awareness tools and practices currently employed by six popular SNS platforms, through a combined approach of literature review and experimental use. Our findings illustrate that awareness practices differ significantly among platforms and fail to promote awareness. We also show that effective awareness raising tools, such as privacy signalling and visualization applications, are overlooked and propose directions to further enhance privacy awareness mechanisms in SNS platforms.
Abstract
Built-in privacy emerges as a necessity to keep users’ interest and trust in Social Networking Services. However, extant
literature is dominated by research on developing and/or employing Privacy-Enhancing Technologies as add-ons and on
exploring users’ privacy preferences, failing to provide explicit guidance on how to inscribe privacy from the early stages
of SNS implementation. In this paper we draw upon the principles of privacy-by-design to propose a list of privacy
requirements to drive privacy-friendly SNS design and discuss their implementation in four popular SNS platforms.
Abstract
Privacy concerns are rising among SNS users. However, privacy enhancing technologies are not, yet, widely deployed, moreover the rate at which their deployment has grown over the last few years has not been substantial. This is surprising given the fact that PETs are widely recognized as effective at reducing privacy risks. This paper discusses this paradox and tries to answer the question why PETs adoption by social network users is limited. It presents a framework of key factors that facilitates understanding of the issue and can serve as a guide for future research and practice.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.