| 1. |
- Ahrens, Ken, et al.
(författare)
-
CampusTracer : A Privacy-Aware Contact Tracing Protocol for Campus Environments
- 2022
-
Ingår i: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). - : IEEE. - 9781665495608 - 9781665495615 ; , s. 194-202
-
Konferensbidrag (refereegranskat)abstract
- Contact tracing has become a major weapon against fighting the spread of diseases like SARS-CoV-2. Unfortunately, the ability to inform potentially infected people always comes with a downside to privacy, as contacts traced could also be misused in other contexts. In this paper, we present CampusTracer, a novel contact tracing system specialized for university campus environments. Based on an in-depth analysis of existing contact tracing approaches and university-specific requirements, we elaborate a Privacy-by-Design solution to contact tracing that caters for most real-world requirements while preserving the privacy of its users in a best-possible way.
|
|
| 2. |
- Bieker, Felix, et al.
(författare)
-
Preface
- 2024
-
Ingår i: Privacy and Identity Management. Sharing in a Digital World. - : Springer. - 9783031579776 - 9783031579783 ; , s. v-vi
-
Bokkapitel (refereegranskat)
|
|
| 3. |
|
|
| 4. |
- De Cock, Martine, et al.
(författare)
-
Privacy enhancing technologies
- 2023
-
Ingår i: Privacy in Speech and Language Technology. - : Schloss Dagstuhl, Leibniz-Zentrum für Informatik. ; , s. 90-99
-
Bokkapitel (refereegranskat)abstract
- Privacy-enhancing technologies (PETs) provide technical building blocks for achieving privacyby design and can be defined as technologies that embody fundamental data protection goals[13 ] including the goals of unlinkability, interveneability, transparency and the classical CIA(confidentiality, integrity, availability) security goals by minimizing personal data collectionand use, maximizing data security, and empowering individuals.The privacy by design principle of a positive sum for speech and language technologiesshould enable users to benefit from the rich functions of these technologies while protectingthe users’ privacy at the same time. The fundamental question is how to achieve privacyby design for speech and language technology without hampering the services. To achievethis goal, different PETs exist that can be utilized for this purpose. Below, we first discusswhat type of personal data are accessible via speech and text and should be the target ofprotection by PETs. Then, we provide an overview of PETs that can provide protectionand discuss their limitations and challenges that arise when used for speech and languagetechnologies.
|
|
| 5. |
- Fischer-Hübner, Simone, 1963-, et al.
(författare)
-
Privacy-Enhancing Technologies and Anonymisation in Light of GDPR and Machine Learning
- 2023
-
Ingår i: Privacy and Identity Management. - : Springer. ; , s. 11-20
-
Konferensbidrag (refereegranskat)abstract
- The use of Privacy-Enhancing Technologies in the field of data anonymisation and pseudonymisation raises a lot of questions with respect to legal compliance under GDPR and current international data protection legislation. Here, especially the use of innovative technologies based on machine learning may increase or decrease risks to data protection. A workshop held at the IFIP Summer School on Privacy and Identity Management showed the complexity of this field and the need for further interdisciplinary research on the basis of an improved joint understanding of legal and technical concepts.
|
|
| 6. |
- Hansen, Malte, et al.
(författare)
-
A Generic Data Model for Implementing Right of Access Requests
- 2022
-
Ingår i: Privacy Technologies and Policy. - Cham : Springer. - 9783031073144 ; , s. 3-22
-
Konferensbidrag (refereegranskat)abstract
- According to Article 15 of the GDPR, data subjects have theright to access personal data handled by data controllers and their pro-cessors. This raises demand for a dedicated technical service implemen-tation in order to create valid, complete, and legally compliant responsesto such requests.In this paper, we provide both a Data Request Model and a ResponseData Model for answering such requests on a technical level. While out-lining the overall process of handling such a request, we showcase a setof requirements that needs to be fulfi lled, and we discuss a set of issuescommonly arising in such an Article 15 service implementation.
|
|
| 7. |
- Hansen, M., et al.
(författare)
-
A Universal Data Model for Data Sharing Under the European Data Strategy
- 2024
-
Ingår i: Lect. Notes Comput. Sci.. - : Springer. - 9783031610882 ; , s. 3-19
-
Konferensbidrag (refereegranskat)abstract
- The current European data strategy foresees a novel ecosystem of data sharing and data trading among public and private sector organizations in the EU member states. The focus is on enabling and fostering data sharing among the stakeholders while maintaining compliance with existing EU and national data protection legislation, such as the European General Data Protection Regulation (GDPR). However, managing data sharing in such a compliant manner requires additional metadata to be exchanged amongst the actors in this ecosystem. Therefore, this paper proposes a novel data model for managing data sharing activities. This model takes current and planned regulations (e.g., the Data Governance Act) and the resulting data ecosystem architectures (e.g. data intermediaries) into account and is applicable to different actions that are necessary for compliant data exchange, like data subject rights requests or intellectual property enforcement. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
|
|
| 8. |
- Hansen, Malte, et al.
(författare)
-
Introducing the Concept of Data Subject Rights as a Service Under the GDPR
- 2023
-
Ingår i: Privacy Symposium 2023. - : Springer. - 9783031449390 ; , s. 17-31
-
Konferensbidrag (refereegranskat)abstract
- The General Data Protection Regulation (GDPR) has introduced various data subject rights, e.g., the right of access, the right to erasure, or the right to data portability. These rights empower European individuals, the data subjects, to exercise control over their personal data stored or processed by organizations, the data controllers, in multiple ways. However, in practice, the enforcement of those rights faces several issues, as especially small- and medium-sized enterprises often lack the resources or know-how to implement a sufficient data subject rights solution. This leads to incomplete results that are not easily comprehensible for the data subjects.To address these issues we introduce the concept of Data Subject Rights as a Service (DSRaaS). The goal of the DSRaaS provider is to act as a bridge between the data subjects and data controllers, by providing the five services data subject right enforcement, authentication, data model, data logbook, and consulting. In this context, we will also look at the role that data intermediaries, introduced by the Data Governance Act, can serve in DSRaaS.
|
|
| 9. |
- Pallas, Frank, et al.
(författare)
-
Privacy Engineering From Principles to Practice : A Roadmap
- 2024
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 22:2, s. 86-92
-
Tidskriftsartikel (refereegranskat)abstract
- Privacy engineering is gaining momentum in industry and academia alike. So far, manifold low-level primitives and higher-level methods and strategies have successfully been established. Still, fostering adoption in real-world information systems calls for additional aspects to be consciously considered in research and practice.
|
|
| 10. |
- Palm, Jonas, et al.
(författare)
-
Analysis of a Consent Management Specification and Prototype Under the GDPR
- 2023
-
Ingår i: NordSec 2023: Secure IT Systems. - : Springer. - 9783031477478 - 9783031477485
-
Konferensbidrag (refereegranskat)abstract
- Consent requests for the processing of personal information are ubiquitous for users of web services across the European Union (EU). However, their form and contents differ greatly, and often include deceptive design patterns (so-called dark patterns) meant to influence users’ choices.In this paper, we provide the results of a research project to define a new specification that can be used to handle consent requests based on cookies in a standardized and GDPR-compliant manner. We define and evaluate a set of requirements for consent management systems and we illustrate the advantage of our proposed specification to the state of the art based on a prototype implementation and evaluation. Based on a small usability study, we found our solution to reduce the necessary interactions with respect to consenting, consent withdrawal, and consent configuration by far.
|
|
