No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Evaluating the Effectiveness of Privacy and Security Promotion Strategies
Abstract
Privacy and security concerns are one of the relevant action fields of regulators. The rise of privacy concerns is, due to the capabilities of computing systems to aggregate information to generate profiles or other aggregates that impact the personal life of people. This has led to regulations like the UE General Data Protection Regulation (GDPR) and to the spread of initiatives aiming to raise awareness in people. Data show that privacy problems are known to people; however, practice of privacy and security aware behavior seems to be oddly not part of the habits of the same population. In this paper we propose a model of privacy and security effectiveness promotion strategies and a related evaluation method. The strategies we are interested in aim at aligning actual behavior to awareness levels. We derive an example of strategy starting from literature data and propose an analysis method that is based on Pythia, a tool for the analysis of graph-based probabilistic cause-and-effect models.KeywordsPrivacySecurityPrivacy awarenessSecurity awarenessPrivacy paradoxRisk analysisGDPR
... This phenomenon is observable in various contexts. For instance, Iacono et al. [19] highlight this trend in recent years, where there is a growing concern about cybercrime but a reduced inclination to take measures to protect against such risks. The cause of the privacy paradox is a subject of much debate in the academic literature. ...
Despite growing concerns about privacy and an evolution in laws protecting users’ rights, there remains a gap between how industries manage data and how users can express their preferences. This imbalance often favors industries, forcing users to repeatedly define their privacy preferences each time they access a new website. This process contributes to the privacy paradox. We propose a user support tool named the User Privacy Preference Management System (UPPMS) that eliminates the need for users to handle intricate banners or deceptive patterns. We have set up a process to guide even a non-expert user in creating a standardized personal privacy policy, which is automatically applied to every visited website by interacting with cookie banners. The process of generating actions to apply the user’s policy leverages customized Large Language Models. Experiments demonstrate the feasibility of analyzing HTML code to understand and automatically interact with cookie banners, even implementing complex policies. Our proposal aims to address the privacy paradox related to cookie banners by reducing information overload and decision fatigue for users. It also simplifies user navigation by eliminating the need to repeatedly declare preferences in intricate cookie banners on every visited website, while protecting users from deceptive patterns.
We review different streams of social science literature on privacy with the goal of understanding consumer privacy decision making and deriving implications for policy. We focus on psychological and economic factors influencing both consumers' desire and consumers' ability to protect their privacy, either through individual action or through the implementation of regulations applying to firms. Contrary to depictions of online sharing behaviors as careless, we show how consumers fundamentally care about online privacy, and present evidence of numerous actions they take to protect it. However, we also document how prohibitively difficult it is to attain desired, or even desirable, levels of privacy through individual action alone. The remaining instrument for privacy protection is policy intervention. However, again for both psychological and economic reasons, the collective impetus for adequate intervention is often countervailed by powerful interests that oppose it.
A process that can be used to assist analysts in developing domain specific Timed Influence Nets (TIN) is presented. The process
can be used to represent knowledge about a situation that includes descriptions of cultural behaviors and actions that may
influence such behaviors. One of the main challenges in using TINs has been the difficulty in formulating them. Many Subject
Matter Experts have difficulty in expressing their knowledge in the TIN representation. The ontology based meta modeling approach
described in this paper provides potential assistance to these modelers so that they can quickly create new models for new
situations and thus can spend more time doing analysis. The paper describes the theoretic concepts used and a process that
leads to an automated TIN generation. A simple example is provided to illustrate the technique.
Influence networks are Bayesian networks whose probabilities are approximated via expert provided influence constants. They
represent a modeling and analysis formalism for addressing complex decision problems. In this paper, we present a comprehensive
theory of influence networks that incorporates design constraints for consistency, temporal issues and a dynamic programming
evolution of the influence constants. We also include numerical evaluations for several example timed influence networks.
The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs.
Artificial intelligence of things technology provides smart surveillance capability for personal data digitalization. It will invade individuals’ information, physical, and social spaces and raise contextual privacy concerns while providing personalized services, which has not been explored in previous research. We theorize three types of smart surveillance and identify three subdimensions of contextual personalization and privacy concerns. Grounded in surveillance theory and personalization-privacy paradox, we examined the different trade-offs of contextual personalization and privacy concerns underlying the three types of smart surveillance on users’ behavioral intention in smart home context. The results also indicated that transparency can lessen the trade-off effects.
Purpose
The COVID-19 pandemic represents a unique challenge for public health worldwide. In this context, smartphone-based tracking apps play an important role in controlling transmission. However, privacy concerns may compromise the population’s willingness to adopt this mobile health (mHealth) technology. Based on the privacy calculus theory, this study aims to examine what factors drive or hinder adoption and disclosure, considering the moderating role of age and health status.
Design/methodology/approach
A cross-sectional survey was conducted in a European country hit by the pandemic that has recently launched a COVID-19 contact-tracing app. Data from 504 potential users was analyzed through partial least squares structural equation modeling.
Findings
Results indicate that perceived benefits and privacy concerns impact adoption and disclosure and confirm the existence of a privacy paradox. However, for young and healthy users, only benefits have a significant effect. Moreover, older people value more personal than societal benefits while for respondents with a chronical disease privacy concerns outweigh personal benefits.
Originality/value
The study contributes to consumer privacy research and to the mHealth literature, where privacy issues have been rarely explored, particularly regarding COVID-19 contact-tracing apps. The study re-examines the privacy calculus by incorporating societal benefits and moving from a traditional “self-focus” approach to an “other-focus” perspective. This study further adds to prior research by examining the moderating role of age and health condition, two COVID-19 risk factors. This study thus offers critical insights for governments and health organizations aiming to use these tools to reduce COVID-19 transmission rates.
Blockchain technologies and distributed ledgers enable the design and implementation of trustable data logging systems that can be used by multiple parties to produce a non-repudiable database. The case of Internet of Vehicles may greatly benefit of such a possibility to track the chain of responsibility in case of accidents or damages due to bad or omitted maintenance, improving the safety of circulation and helping granting a correct handling of related legal issues. However, there are privacy issues that have to be considered, as tracked information potentially include data about private persons (position, personal habits), commercially relevant information (state of the fleet of a company, freight movement and related planning, logistic strategies), or even more critical knowledge (e.g., considering vehicles belonging to police, public authorities, governments or officers in sensible positions). In the European Union, all this information is covered by the General Data Protection Regulation (GDPR).
In this paper we propose a reference model for a system that manages relevant information to show how blockchain can support GDPR compliant solutions for Internet of Vehicles, taking as a reference an integrated scenario based on Italy, and analyze a subset of its use cases to show its viability with reference to privacy issues.
Although survey results show that the privacy of their personal data is an important issue for online users worldwide, most users rarely make an effort to protect this data actively and often even give it away voluntarily. Privacy researchers have made several attempts to explain this dichotomy between privacy attitude and behavior, usually referred to as ‘privacy paradox’. While they proposed different theoretical explanations for the privacy paradox, as well as empirical study results concerning the relationship of individual factors on privacy behavior and attitude, no comprehensive explanation for the privacy paradox has been found so far. We aim to shed light on the privacy paradox phenomenon by summarizing the most popular theoretical privacy paradox explanations and identifying the factors that are most relevant for the prediction of privacy attitude and behavior. Since many studies focus on the behavioral intention instead of the actual behavior, we decided to consider this topic as well. Based on a literature review, we identify all factors that significantly predict one of the three privacy aspects and report the corresponding standardized effect sizes (β). The results provide strong evidence for the theoretical explanation approach called ‘privacy calculus’, with possibly gained benefits being among the best predictors for disclosing intention as well as actual disclosure. Other strong predictors for privacy behavior are privacy intention, willingness to disclose, privacy concerns and privacy attitude. Demographic variables play a minor role, only gender was found to weakly predict privacy behavior. Privacy attitude was best predicted by internal variables like trust towards the website, privacy concerns or computer anxiety. Despite the multiplicity of survey studies dealing with user privacy, it is not easy to draw overall conclusions, because authors often refer to slightly different constructs. We suggest the privacy research community to agree on a shared definition of the different privacy constructs to allow for conclusions beyond individual samples and study designs.
Il curioso caso della divergenza tra consapevolezza e comportamenti in materia di sicurezza informatica dopo la crisi pandemica: quando non bastano norme ed esperienza
- M Iacono
- M Mastroianni
Iacono, M., Mastroianni, M.: Il curioso caso della divergenza tra consapevolezza e
comportamenti in materia di sicurezza informatica dopo la crisi pandemica: quando
non bastano norme ed esperienza, Edizioni Scientifiche Italiane, pp. 107-118 (2022)