A multidisciplinary definition of privacy labels
Individuals have the right to protect their privacy. But in order to do this they need to know what privacy means. Moreover, they need to become aware of their preferences for privacy and how to act in their own best interest to protect their privacy.
Forfatter
Tore Pedersen
Medforfatter
Johanna Johansen, Simone Fischer-Hübner, Christian Johansen, Gerardo Schneider, Arnold Roosendaal, Harald Zwingelberg, Anders Jakob Sivesind and Josef Noll
Publikasjon
Information & Computer Security Vol. 30 No. 3, 2022 pp. 452-469
Privacy as such is formally protected in terms of the requirements stated in the GDPR. However, a majority of web-sites have largely failed to accommodate individuals' preferences. It generally takes no effort to accept all cookies as is, whereas it is considerably more effortful to select only some.
The protection of individual privacy is inherent in all types of entities that individuals interact with almost daily. It would be surprising if people managed to exert awareness of their privacy preferences while at the same time maneuvering in and between different cyber terrains.
The term empowerment may sound unfamiliar, but empowerment is exactly what is needed. In order for privacy to be accommodated broadly, privacy also needs to be defined more broadly as well as approached from a multidisciplinary perspective.
Tore Pedersen (ONH) has collaborated with an international team of researchers in designing and proposing a multidisciplinary definition of privacy labels. One of the purposes is to help businesses accommodate individual preferences. Another purpose is to help individuals become aware of their privacy so they can make informed choices in accordance with their privacy preferences.
Abstract
Purpose: This paper aims to present arguments about how a complex concept of privacy labeling can be a solution to the current state of privacy.
Design/methodology/approach: The authors give a precise definition of Privacy Labeling (PL), painting a panoptic portrait from seven different perspectives: Business, Legal, Regulatory, Usability and Human Factors, Educative, Technological and Multidisciplinary. They describe a common vision, proposing several important “traits of character” of PL as well as identifying “undeveloped potentialities”, i.e. open problems on which the community can focus.
Findings: This position paper identifies the stakeholders of the PL and their needs with regard to privacy, describing how PL should be and look like to address these needs. Main aspects considered are the PL’s educational power to change people’s knowledge of privacy, tools useful for constructing PL and the possible visual
appearances of PL. They also identify how the present landscape of privacy certifications could be improved by PL.
Originality/value: The authors adopt a multidisciplinary approach to defining PL as well as give guidelines in the form of goals, characteristics, open problems, starting points and a roadmap for creating the ideal PL.
Keywords: Automation, Certification, Usability, General data protection, regulation, Privacy labels, Psychological models, Paper type Conceptual paper.