Christian Zimmermann

• Dr. rer. pol.; CIPP/E; CIPT
• Engineer at Bosch

We argue for the use of Privacy Dashboards as enablers for privacy-enabled data-driven business models. Specifically, while dashboards are succesful instruments in business intelligence tools, their use in privacy protection is far less well-understood. Addressing this problem at the technical level, this paper provides a classification scheme for...

Personal data has emerged as a crucial asset of the digital economy. However, unregulated markets for personal data severely threaten consumers’ privacy. Based upon a commodity-centric notion of privacy, this paper takes a principal-agent perspective on data-centric business. Specifically, this paper presents an economic model of the privacy proble...

Privacy is a multi-faceted, interdisciplinary concept, with varying meaning to different people and disciplines. To most researchers, anonymity is the “holy grail” of privacy research, as it suggests that it may be possible to avoid personal information altogether. However, time and time again, anonymization has been shown to be infeasible. Even de...

Assistance systems equipped with artificial intelligence are present in many Internet of Things applications to address information overload and provide automation. These assistant systems blur the boundaries between classical and individual information systems; display behavior classically associated with humans, and aggregate a wide range of info...

Using V2X communication in platoons promises benefits regarding energy efficiency and fleet management. It is also a safety critical process with the potential to cause dangers to life and limb which needs to be secured against attackers. We propose two protocols for secure platoon communication and provide a comparative analysis of those protocols...

IoT devices, whether connected to the Internet or operating in a private network, are vulnerable to cyber attacks from external or internal attackers or insiders who may succeed in physically compromising an IoT device. Once compromised, the IoT device can join a botnet to participate in large-scale distributed attacks (potentially recruiting addit...

Autonomous vehicles are continually being developed and are the focus of many research projects. While the focus so far has been primarily on technical features and the implementation of autonomous vehicles, we are turning to the consumer side to analyze the preferences of potential users regarding teleoperable robotaxis. After all, user acceptance...

Digital assistants (DA) perform routine tasks for users by interacting with the Internet of Things (IoT) devices and digital services. To do so, such assistants rely heavily on personal data, e.g. to provide personalized responses. This leads to privacy concerns for users and makes privacy features an important component of digital assistants. This...

The GDPR enshrines the privacy by design paradigm in law, making sound privacy engineering methods more important than ever. Integrating automation and extensive tool support into the privacy engineering process has the potential to support organizations in streamlining the implementation of privacy and data protection by design and reducing its co...

Full print available here: https://dl.gi.de/bitstream/handle/20.500.12116/31780/B1-3.pdf Durch agile Prozesse und Praktiken können Firmen in komplexen, offenen Ökosystemen flexbiler und effizienter agieren. Agile Methoden werden auch in Anwendungsfeldern verwendet, die sich durch besondere Datenschutz- und Sicherheitsanforderungen auszeichnen. All...

Intelligent transport systems (ITS) rely on V2X communication for allowing coordination and cooperation of traffic participants and increasing traffic efficiency and safety. Communication between traffic participants needs to be secured, especially with respect to authenticity and integrity. Further, a high level of privacy-preservation needs to be...

Communication in a Cooperative Intelligent Transportation System needs to be protected against attacks in order to ensure trust in received data in terms of data integrity and sender authenticity. In addition, the reliability of communication channels should be considered, which is not possible with a single technology or physical channel that cann...

Social Network Services (SNS) business models highly depend on the gathering and analysation of user data to obtain an advantage in competition for advertising clients. Nevertheless, an extensive collection and analysis of this data poses a threat to users’ privacy. Based on an economic perspective it seems rational for Social Network Operators (SN...

Video surveillance is an omnipresent phenomenon in today’s metropolitan life. Mainly intended to solve crimes, to prevent them by realtime-monitoring or simply as a deterrent, video surveillance has also become interesting in economical contexts; e.g. to create customer profiles and analyse patterns of their shopping behaviour. The extensive use of...

Video surveillance is an omnipresent phenomenon in today’s metropolitan life. Mainly intended to solve crimes, to prevent them by realtime-monitoring or simply as a deterrent, video surveillance has also become interesting in economical contexts; e.g. to create customer profiles and analyse patterns of their shopping behaviour. The extensive use of...

Providers of leading digital services follow a data-centric business model that enables them to provide their users with highly beneficial, personalized services but also threatens the users’ privacy. These threats need to be addressed, not only to protect the users’ privacy, but also to establish stable and sustainable markets for digital services...

Over the last decades, personal data has become a crucial asset for digital services. The exploit a tion of this asset, however, entai ls severe threats to privacy. Recently, so - called Privacy Dashboards have been presented, which are tools that allow users to gain insight and exercise control over data that a digital service provider has a...

A variety of Transparency-Enhancing Technologies has been presented during the past years. However, investigation of frameworks for classification and assessment of Transparency-Enhancing Technologies has lacked behind. The lack of precise classification and categorization approaches poses an obstacle not only to systematic requirements analysis fo...

Big Data has developed into a key factor of the economy that benefits users and providers of data-centric services. However, the analysis of growing volumes of users data in data-centric services also presents significant privacy challenges. The objective of this workshop is to bring researchers and practitioners together to explore transparency-ba...

While accountability is increasingly discussed as a privacy principle, it is far from clear how to achieve privacy protection through accountability. Moreover, it is even unclear how to define accountability in this context. This paper provides a conceptualization of accountability for the context of privacy protection based upon a review of the li...

Protection of today’s interconnected and complex information infrastructures is of high priority. Traditionally, protection means robustness: preventively identify the threats to business processes and propose countermeasures within the context of a risk analysis. This, however, only covers known risks having punctual effects upon the IT infrastruc...

Full text from: https://dl.gi.de/handle/20.500.12116/18263 In contrast to traditional file systems designed for hard disks, the file systems used within smartphones and embedded devices have not been fully analyzed from a forensic perspective. Many modern smartphones make use of the NAND flash file system YAFFS2. In this paper we provide an overvi...

YAFFS2 is a file system which is used in many modern smartphones. Allthough YAFFS2 is an open standard and there exists an open source implementation, the behavior of YAFFS2 is not very well understood. Additionally , several aspects like wear-leveling and garbage-collection are not well-specified in the standard so that their actual behavior has t...

Modern smartphones are not only used for communication via phone calls but also for a variety of other purposes such as emailing or storing personal data. To enable these services, most smartphones possess a large memory capacity to save files and application data. As smartphones are not only used for legal purposes but also for criminal actions, t...