I Agree: Customize Your Personal Data Processing with the CoRe User Interface | SpringerLink
Skip to main content
Springer Nature Link
Log in

I Agree: Customize Your Personal Data Processing with the CoRe User Interface

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11711))

Included in the following conference series:

Abstract

The General Data Protection Regulation (GDPR) requires, except for some predefined scenarios (e.g., contract performance, legal obligations, vital interests, etc.), obtaining consent from the data subjects for the processing of their personal data. Companies that want to process personal data of the European Union (EU) citizens but are located outside the EU also have to comply with the GDPR. Existing mechanisms for obtaining consent involve presenting the data subject with a document where all possible data processing, done by the entire service, is described in very general terms. Such consent is neither specific nor informed. In order to address this challenge, we introduce a consent request (CoRe) user interface (UI) with maximum control over the data processing and a simplified CoRe UI with reduced control options. Our CoRe UI not only gives users more control over the processing of their personal data but also, according to the usability evaluations reported in the paper, improves their comprehension of consent requests.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    In GDPR such cases are defined in Article 6(1)(b-f).

  2. 2.

    The online version of the prototype is available at: https://bit.ly/2Z1yrKs.

  3. 3.

    The online version of the prototype is available at: https://bit.ly/2U6TkQw.

  4. 4.

    Norwegian Consumer Council Report. https://bit.ly/2N1TRRC.

  5. 5.

    Our questionnaire is available at: http://tiny.cc/z6d14y.

  6. 6.

    The online version of the prototype is available at: https://bit.ly/2Z1yrKs.

  7. 7.

    The source code of the maximum control UI is available at: http://tiny.cc/rh2z4y.

  8. 8.

    Welie.com, Patterns in interaction design. https://bit.ly/2uWvFsf.

  9. 9.

    Usability evaluation tasks are available at: https://bit.ly/2IaRUDk.

  10. 10.

    English version of the prototype is available at: https://bit.ly/2U6TkQw.

  11. 11.

    German version of the prototype is available at: https://bit.ly/2G2V6gR.

  12. 12.

    The source code of the simplified UI is available at: https://bit.ly/2uWtHYM.

  13. 13.

    Usability evaluation tasks are available at: https://bit.ly/2KChPpF.

References

  1. Acquisti, A., Adjerid, I., Brandimarte, L.: Gone in 15 seconds: The limits of privacy transparency and control. IEEE Secur. Priv. 11(4), 72–74 (2013)

    Article  Google Scholar 

  2. Bastien, J.C.: Usability testing: some current practices and research questions. Int. J. Med. Inform. (2010)

    Google Scholar 

  3. Benedek, J., Miner, T.: Measuring desirability: New methods for evaluating desirability in a usability lab setting. In: Proceedings of UPA (2002)

    Google Scholar 

  4. Borgesius, F.Z.: Informed consent: We can do better to defend privacy. IEEE Secur. Priv. 13(2), 103–107 (2015)

    Article  Google Scholar 

  5. Brewer, M.B., Crano, W.D.: Research design and issues of validity. In: Handbook of Research Methods in Social and Personality Psychology, pp. 3–16 (2000)

    Google Scholar 

  6. Charters, E.: The use of think-aloud methods in qualitative research: An introduction to think-aloud methods. Brock Educ. J. 12(2) (2003)

    Google Scholar 

  7. Checkland, P., Holwell, S.: Action research. In: Kock, N. (ed.) Information Systems Action Research. ISIS, vol. 13, pp. 3–17. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-36060-7_1

    Chapter  Google Scholar 

  8. Costante, E., Sun, Y., Petković, M., den Hartog, J.: A machine learning solution to assess privacy policy completeness: (short paper). In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, pp. 91–96. ACM (2012)

    Google Scholar 

  9. Friedman, B., Howe, D.C., Felten, E.: Informed consent in the Mozilla browser: Implementing value-sensitive design. In: Proceedings of the 35th Annual Hawaii International Conference on System Sciences, pp. 10–pp. IEEE (2002)

    Google Scholar 

  10. Hartson, H.R., Castillo, J.C., Kelso, J., Neale, W.C.: Remote evaluation: the network as an extension of the usability laboratory. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 228–235. ACM (1996)

    Google Scholar 

  11. Ivory, M.Y., Hearst, M.A.: The state of the art in automating usability evaluation of user interfaces. ACM Comput. Surv. (CSUR) 33(4), 470–516 (2001)

    Article  Google Scholar 

  12. Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A nutrition label for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security. ACM (2009)

    Google Scholar 

  13. Liccardi, I., Pato, J., Weitzner, D.J.: Improving mobile app selection through transparency and better permission analysis. J. Priv. Confidentiality 5(2), 1–55 (2014)

    Google Scholar 

  14. MacKenzie, I.S.: User studies and usability evaluations: from research to products. In: Proceedings of the 41st Graphics Interface Conference, pp. 1–8. Canadian Information Processing Society (2015)

    Google Scholar 

  15. McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. ISJLP 4 (2008)

    Google Scholar 

  16. McDonald, A.M., Reeder, R.W., Kelley, P.G., Cranor, L.F.: A comparative study of online privacy policies and formats. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 37–55. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_3

    Chapter  Google Scholar 

  17. Nielsen, J.: Enhancing the explanatory power of usability heuristics. In: Proceedings of the SIGCHI CHI, pp. 152–158. ACM, New York (1994)

    Google Scholar 

  18. Schaub, F., Balebako, R., Durity, A.L., Cranor, L.F.: A design space for effective privacy notices. In: 11 Symposium on Usable Privacy and Security (2015)

    Google Scholar 

  19. Seidman, I.: Interviewing as Qualitative Research: A Guide for Researchers in Education and the Social Sciences. Teachers College Press (2013)

    Google Scholar 

  20. Steinsbekk, K.S., Myskja, B.K., Solberg, B.: Broad consent versus dynamic consent in biobank research: Is passive participation an ethical problem? EJHG 21 (2013)

    Article  Google Scholar 

  21. Tidwell, J.: Designing Interfaces: Patterns for Effective Interaction Design. O’Reilly Media Inc. (2010)

    Google Scholar 

  22. Tullis, T., Fleischman, S., McNulty, M., Cianchette, C., Bergel, M.: An empirical comparison of lab and remote usability testing of web sites. In: UPAC (2002)

    Google Scholar 

  23. Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 1077–1093. IEEE (2017)

    Google Scholar 

Download references

Acknowledgments

This paper is supported by the European Union’s Horizon 2020 research and innovation programme under grant 731601. We would like to thank our colleagues from SPECIAL and WU for their legal support and help with the user studies.

Author information

Authors and Affiliations

  1. Vienna University of Economics and Business, Vienna, Austria

    Olha Drozd & Sabrina Kirrane

Authors
  1. Olha Drozd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sabrina Kirrane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Olha Drozd .

Editor information

Editors and Affiliations

  1. University of the Aegean, Mytilene, Greece

    Stefanos Gritzalis

  2. SBA Research, Vienna, Austria

    Edgar R. Weippl

  3. Norwegian University of Science and Technology, Trondheim, Norway

    Sokratis K. Katsikas

  4. Johannes Kepler University of Linz, Linz, Austria

    Gabriele Anderst-Kotsis

  5. Software Competence Center Hagenberg, Hagenberg im Mühlkreis, Austria

    A Min Tjoa

  6. Johannes Kepler University of Linz, Linz, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Drozd, O., Kirrane, S. (2019). I Agree: Customize Your Personal Data Processing with the CoRe User Interface. In: Gritzalis, S., Weippl, E., Katsikas, S., Anderst-Kotsis, G., Tjoa, A., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2019. Lecture Notes in Computer Science(), vol 11711. Springer, Cham. https://doi.org/10.1007/978-3-030-27813-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-27813-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-27812-0

  • Online ISBN: 978-3-030-27813-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation