Personlig integritet på internet : Webbkakor och risken för kränkning av användares personliga integritet

Franck, Adéle

January 2021

The purpose of the essay is to examine and analyze if individuals are ensured anefficient protection against violations of personal integrity when using cookiesonline. This is done through both a de lege lata and a de lege ferenda perspective.To do this a technical perspective of what cookies are is applied, as well as howthey can amount to a threat to personal integrity. What personal integrity is andhow it can be protected are questions which are answered through the methodof legal dogmatics as well as the EU legal method, while the question if the protectionis sufficient is answered through the method of legal informatics. The investigation in the matter led to the result of a definition of what is tobe understood by personal integrity within the framework of the essay, whichcan be described as the right to have control over the spread of sensitive information.In addition to this it is shown in the essay that personal integrity in relationto cookies is protected through the means of collecting consent before placingcookies. The mechanism of collecting consent is in theory an appropriate wayto ensure control for the individual. Even so, practical studies in the field indicatethat the regulation does not meet compliance by the market participants sufficientlywhen collecting consent to the use of cookies. Due to this it cannot beclaimed that personal integrity is efficiently protected in practice. Since the de lege lata result show indications of lack of compliance the conclusionis that the current regulations are not sufficiently enough protecting personalintegrity of individuals. The forthcoming e-Data protection Regulationmight offer some solutions to this compliance issue, but as shown in the de legeferenda-discussion there is a need to combine regulatory solutions with technicaltools to enforce a comprehensive compliance by the market participants in practice.The combined solution will give both individuals and supervisory authoritiesthe tools necessary to protect personal integrity, while the collection of consentcan continue to be the regulatory mechanism used to protect personal integrity.

cookies

consent

personal integrity

GDPR

e-privacy directive

webbkakor

samtycke

personlig integritet

GDPR

e-privacy direktivet

Law

Juridik

Factors Associated with Behavioral Intention to Disclose Personal Information on Geosocial Networking Applications

Cox, Trissa

05 1900

Information privacy is a major concern for consumers adopting emerging technologies dependent on location-based services. This study sought to determine whether a relationship exists among factors of personalization, locatability, perceived playfulness, privacy concern and behavioral intention to disclose personal information for individuals using location-based, geosocial networking applications. Questionnaire responses from undergraduate students at a 4-year university provide insight into these relationships. Multiple regression results indicated that there was a statistically significant relationship between the four significant predictor variables and the dependent variable. Analysis of beta weights, structure coefficients, and commonality analysis shed light on the variance attributable to the predictor variables of the study. Findings provide understanding of the specific factors examined in the study and have implications for consumers, businesses, application designers, and policymakers. The results from this study contribute to an understanding of technology acceptance theory and offer insight into competing beliefs that may affect an individual’s behavioral intention to disclose personal information. Knowledge gained form the study may be useful for overcoming challenges related to consumer adoption of location-based services that require disclosure of personal information.

Information privacy

location-based services

perceived playfulness

locatability

personalization

privacy concern

behavioral intention

Resolving the Privacy Paradox: Bridging the Behavioral Intention Gap with Risk Communication Theory

Wu, Justin Chun Wah

30 September 2019

The advent of the Internet has led to vastly increased levels of data accessibility to both users and would-be attackers. The privacy paradox is an established phenomenon wherein users express concern about resultant security and privacy threats to their data, but nevertheless fail to enact the host of protective measures that have steadily become available. The precise nature of this phenomenon, however, is not a settled matter. Fortunately, risk communication theory, a discipline devoted to understanding the factors involved in risk-oriented decision-making and founded in years of empirical research in public health and disaster awareness domains, presents an opportunity to seek greater insight into this problem. In this dissertation, we explore the application of principles and techniques from risk communication theory to the question of factors in the grassroots adoption of secure communication technologies. First, we apply a fundamental first-step technique in risk communication—mental modeling—toward understanding users' perceptions of the structure, function, and utility of encryption in day-to-day life. Second, we apply principles of risk communication to system design by redesigning the authentication ceremony and its associated messaging in the Signal secure messaging application. Third, we evaluate the applicability of a core decision-making theory—protection motivation theory—toward the problem of secure email adoption, and then use this framework to describe the relative impact of various factors on secure email adoption. Finally, we evaluate perceptions of risk and response with respect to the adoption of secure email features in email scenarios of varying sensitivity levels. Our work identifies positive outcomes with respect to the impact that risk messaging has on feature adoption, and mixed results with respect to comprehension. We highlight obstacles to users' mental interactions with encryption, but offer recommendations for progress in the adoption of encryption. We further demonstrate that protection motivation theory, a core behavioral theory underlying many risk communication approaches, has the ability to explain the factors involved in users' decisions to adopt or not adopt in a way that can at least partially explain the privacy paradox phenomenon. In general, we find that the application of even basic principles and techniques from risk communication theory do indeed produce favorable research outcomes when applied to this domain.

privacy paradox

risk communication

online privacy

usable security

Physical Sciences and Mathematics

Privacy concerns of Indonesian Internet users : Investigating the level of concern among ecommerce users

Rusna, Rusna

January 2022

The growth of digital marketing has poses a challenge in the area of online privacy and ethical conduct. Internet users in Indonesia, a country with with an immense amount of Internet users, have suffered from many online privacy threats such as personal data trading and online scams. As previous studies have shown that users’ online protective behaviors are influenced by their level of concerns, this study aims to investigate the users’ concerns about their online privacy, as well as the motivations, with a focus on the e-commerce sector. The study used a context-based questionnaire method developed based on IUIPC, to investigate the level of concern and the motivations, as well as statistical correlation analysis to measure the influence of privacy awareness and Internet knowledge towards privacy concerns. The study was distributed to adult Internet users in Indonesia that use the Internet for e-commerce and have a minimum education level of high school. The results revealed that in general eight out of ten users are concerned about their personal data online. Specifically, in the privacy concerns dimension of Control, Collection, and Awareness, the users are most concerned about having control over their data and the collection of identifiable information, but less concerned about the absence of privacy policy and the collection of non-identifiable information such as their views and interest. The biggest reason for the users to feel concerned is the worry of data misuse such as fraud, whereas the reasons to be less concerned include applying self-protection online behavior, trust in the services used, and acceptance of trade-off and control loss. Finally, only the awareness of online fraud has shown a significant correlation to the level of privacy concerns out of six privacy awareness and Internet knowledge items assessed. / Tillväxten av digital marknadsföring har inneburit en utmaning när det gäller sekretess online och etiskt uppförande. Internetanvändare i Indonesien, ett land med en enorm mängd internetanvändare, har drabbats av många integritetshot på nätet som handel med personuppgifter och bedrägerier online. Eftersom tidigare studier har visat att användarnas skyddsbeteende online påverkas av deras oro, syftar denna studie till att undersöka användarnas oro för deras online integritet, såväl som motivationerna, med fokus på e-handelssektorn. Studien använde en kontextbaserad frågeformulärmetod utvecklad baserad på IUIPC, för att undersöka graden av oro och motivationerna, samt statistisk korrelationsanalys för att mäta inverkan av integritetsmedvetenhet och internetkunskap mot integritetsproblem. Studien distribuerades till vuxna internetanvändare i Indonesien som använder internet för e-handel och som har en lägsta utbildningsnivå på gymnasiet. Resultaten avslöjade att åtta av tio användare i allmänhet är oroliga över sina personuppgifter online. Specifikt när det gäller integritetsfrågorna för kontroll, insamling och medvetenhet är användarna mest oroade över att ha kontroll över sina data och insamlingen av identifierbar information, men mindre oroade över avsaknaden av integritetspolicy och insamlingen av icke-identifierbar information såsom deras åsikter och intresse. Den största anledningen till att användarna känner sig oroliga är oro för datamissbruk såsom bedrägeri, medan skälen att vara mindre oroliga inkluderar att tillämpa självskyddande onlinebeteende, förtroende för de tjänster som används och acceptera avvägningar och kontrollförlust. Slutligen har endast medvetenheten om onlinebedrägerier visat en signifikant korrelation till nivån av integritetsproblem av sex sekretessmedvetenhet och internetkunskapsobjekt som bedömts.

privacy concerns

privacy motivations

e-commerce

survey

Computer and Information Sciences

Data- och informationsvetenskap

Privacy management in a digital age: A study of alternative conceptualizations of privacy in digital contexts

Åkerberg, Linnea

January 2018

Digital technologies are challenging the notions of integrity. This has clearly been proved by people’s use of digital services and products that constantly is increasing. This means that digital services and products continue to develop to fit in on the user’s behavior patterns, and thus meet individual demand. But what developers and users during this development have failed to take into account, is the matter of privacy where the limits of perceptual information and public information lack clear boundaries. The aim of this master thesis is to collect valuable insights into users perception of integrity and privacy in both digital and analog contexts. By using mixed methods with a reversed exploratory sequential design approach, it was possible to explore and map out users perception and prerequisites for when and under what circumstances they choose to share private data. In order to reach the purpose of this study, an online survey and an adapted Cultural probe were conducted. The results of these methods then became the base of a design process that suggests a proposal on how alternative integrity concepts can be constructed.

Integrity

alternative concepts of privacy

privacy

digital convenience

Engineering and Technology

Teknik och teknologier

Privacy by Design & Internet of Things: managing privacy

Alhussein, Nawras

January 2018

Personlig integritet motsvarar det engelska begreppet privacy, som kan uttryckas som rätten att få bli lämnad ifred. Det har ifrågasatts många gånger om personlig integritet verkligen finns på internet, speciellt i Internet of Things-system eller smarta system som de också kallas. Fler frågor ställs i samband med att den nya allmänna dataskyddsförordningen inom europeiska unionen börjar gälla i maj. I detta arbete studeras privacy by design-arbetssättet som den allmänna dataskyddsförordningen (GDPR) bland annat kommer med. I studien besvaras om privacy by design kommer kunna öka skyddet av den personliga integriteten i Internet of Things-system. För- och nackdelar tas upp och hur företag och vanliga användare påverkas. Genom en litteraturstudie och två intervjuer har frågan kunnat besvaras. Det visade sig att en stor del av problematiken inom Internet of Things avseende personlig integritet kan lösas genom att styra data. I privacy by design-arbetssättet ingår att skydda data i alla tillstånd genom olika metoder som kryptering. På det sättet bidrar privacy by design till ökad säkerhet inom Internet of Things-system. / Privacy means the right to be left alone. It has been questioned many times if privacy really exists on the internet, especially in Internet of Things systems or smart systems as they are also called. More questions occur when the new general data protection regulation (GDPR) within the European Union applies in May. In this paper privacy by design that the general data protection regulation comes with is being studied. This study answers whether privacy by design will be able to increase the protection of privacy in Internet of Things systems. Advantages and disadvantages are also addressed and how companies and common users are affected by the implementation of privacy by design. The question has been answered by a literature review and two interviews. It turned out that a significant part of the problems in Internet of Things regarding privacy may be solved by data management. The privacy by design includes protection of data in all states through different methods such as encryption. In this way, privacy by design contributes to increased security within Internet of Things system.

Internet of Things

Privacy by design

General data protection regulation

Privacy

GDPR

Security

Engineering and Technology

Teknik och teknologier

Adaptable Privacy-preserving Model

Brown, Emily Elizabeth

01 January 2019

Current data privacy-preservation models lack the ability to aid data decision makers in processing datasets for publication. The proposed algorithm allows data processors to simply provide a dataset and state their criteria to recommend an xk-anonymity approach. Additionally, the algorithm can be tailored to a preference and gives the precision range and maximum data loss associated with the recommended approach. This dissertation report outlined the research’s goal, what barriers were overcome, and the limitations of the work’s scope. It highlighted the results from each experiment conducted and how it influenced the creation of the end adaptable algorithm. The xk-anonymity model built upon two foundational privacy models, the k-anonymity and l-diversity models. Overall, this study had many takeaways on data and its power in a dataset.

anonymization models

data privacy

data processing

k-anonymity

l-diversity

privacy-preserving models

Computer Sciences

An investigation of electronic Protected Health Information (e-PHI) privacy policy legislation in California for seniors using in-home health monitoring systems

Saganich, Robert Lee

01 January 2019

This study examined privacy legislation in California to identify those electronic Protected Health Information (e-PHI) privacy policies that are suited to seniors using in-home health monitoring systems. Personal freedom and independence are essential to a person's physical and mental health, and mobile technology applications provide a convenient and economical method for monitoring personal health. Many of these apps are written by third parties, however, which poses serious risks to patient privacy. Current federal regulations only cover applications and systems developed for use by covered entities and their business partners. As a result, the responsibility for protecting the privacy of the individual using health monitoring apps obtained from the open market falls squarely on the states. The goal of this study was to conduct an exploratory study of existing legislation to learn what was being done at the legislative level to protect the security and privacy of users using in-home mobile health monitoring systems. Specifically, those developed and maintained by organizations or individuals not classified as covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The researcher chose California due to its reputation for groundbreaking privacy laws and high population of seniors. The researcher conducted a content analysis of California state legislation, federal and industry best practices, and extant literature to identify current and proposed legislation regarding the protection of e-PHI data of those using in-home health monitoring systems. The results revealed that in-home health monitoring systems show promise, but they are not without risk. The use of smartphones, home networks, and downloadable apps puts patient privacy at risk, and combining systems that were not initially intended to function together carries additional concerns. Factors such as different privacy-protection profiles, opt-in/opt-out defaults, and privacy policies that are difficult to read or are not adhered to by the application also put user data at risk. While this examination showed that there is legislative support governing the development of the technology of individual components of the in-home health monitoring systems, it appears that the in-home health monitoring system as a whole is an immature technology and not in wide enough use to warrant legislative attention. In addition – unlike the challenges posed by the development and maintenance of the technology of in-home health monitoring systems – there is ample legislation to protect user privacy in mobile in-home health monitoring systems developed and maintained by those not classified as covered entities under HIPAA. Indeed, the volume of privacy law covering the individual components of the system is sufficient to ensure that the privacy of the system as a whole would not be compromised if deployed as suggested in this study. Furthermore, the legislation evaluated over the course of this study demonstrated consistent balance between technical, theoretical, and legal stakeholders. This study contributes to the body of knowledge in this area by conducting an in-depth review of current and proposed legislation in the state of California for the past five years. The results will help provide future direction for researchers and developers as they struggle to meet the current and future needs of patients using this technology as it matures. There are practical applications for this study as well. The seven themes identified during this study can serve as a valuable starting point for state legislators to evaluate existing and proposed legislation within the context of medical data to identify the need for legislation to assist in protecting user data against fraud, identity theft, and other damaging consequences that occur because of a data breach.

California

elderly

in-home health monitoring

privacy

privacy law

seniors

Computer Sciences

Technologies respectueuses de la vie privée pour le covoiturage / Privacy-enhancing technologies for ridesharing

Aïvodji, Ulrich Matchi

24 January 2018

L'émergence des téléphones mobiles et objets connectés a profondément changé notre vie quotidienne. Ces dispositifs, grâce à la multitude de capteurs qu'ils embarquent, permettent l'accès à un large spectre de services. En particulier, les capteurs de position ont contribué au développement des services de localisation tels que la navigation, le covoiturage, le suivi de la congestion en temps réel... En dépit du confort offert par ces services, la collecte et le traitement des données de localisation portent de sérieuses atteintes à la vie privée des utilisateurs. En effet, ces données peuvent renseigner les fournisseurs de services sur les points d'intérêt (domicile, lieu de travail, orientation sexuelle), les habitudes ainsi que le réseau social des utilisateurs. D'une façon générale, la protection de la vie privée des utilisateurs peut être assurée par des dispositions légales ou techniques. Même si les mesures d'ordre légal peuvent dissuader les fournisseurs de services et les individus malveillants à enfreindre le droit à la vie privée des utilisateurs, les effets de telles mesures ne sont observables que lorsque l'infraction est déjà commise et détectée. En revanche, l'utilisation des technologies renforçant la protection de la vie privée (PET) dès la phase de conception des systèmes permet de réduire le taux de réussite des attaques contre la vie privée des utilisateurs. L'objectif principal de cette thèse est de montrer la viabilité de l'utilisation des PET comme moyens de protection des données de localisation dans les services de covoiturage. Ce type de service de localisation, en aidant les conducteurs à partager les sièges vides dans les véhicules, contribue à réduire les problèmes de congestion, d'émissions et de dépendance aux combustibles fossiles. Dans cette thèse, nous étudions les problèmes de synchronisation d'itinéraires et d'appariement relatifs au covoiturage avec une prise en compte explicite des contraintes de protection des données de localisation (origine, destination). Les solutions proposées dans cette thèse combinent des algorithmes de calcul d'itinéraires multimodaux avec plusieurs techniques de protection de la vie privée telles que le chiffrement homomorphe, l'intersection sécurisée d'ensembles, le secret partagé, la comparaison sécurisée d'entier. Elles garantissent des propriétés de protection de vie privée comprenant l'anonymat, la non-chainabilité et la minimisation des données. De plus, elles sont comparées à des solutions classiques, ne protégeant pas la vie privée. Nos expérimentations indiquent que les contraintes de protection des données privées peuvent être prise en compte dans les services de covoiturage sans dégrader leurs performances. / The emergence of mobile phones and connected objects has profoundly changed our daily lives. These devices, thanks to the multitude of sensors they embark, allow access to a broad spectrum of services. In particular, position sensors have contributed to the development of location-based services such as navigation, ridesharing, real-time congestion tracking... Despite the comfort offered by these services, the collection and processing of location data seriously infringe the privacy of users. In fact, these data can inform service providers about points of interests (home, workplace, sexual orientation), habits and social network of the users. In general, the protection of users' privacy can be ensured by legal or technical provisions. While legal measures may discourage service providers and malicious individuals from infringing users' privacy rights, the effects of such measures are only observable when the offense is already committed and detected. On the other hand, the use of privacy-enhancing technologies (PET) from the design phase of systems can reduce the success rate of attacks on the privacy of users. The main objective of this thesis is to demonstrate the viability of the usage of PET as a means of location data protection in ridesharing services. This type of location-based service, by allowing drivers to share empty seats in vehicles, helps in reducing congestion, CO2 emissions and dependence on fossil fuels. In this thesis, we study the problems of synchronization of itineraries and matching in the ridesharing context, with an explicit consideration of location data (origin, destination) protection constraints. The solutions proposed in this thesis combine multimodal routing algorithms with several privacy-enhancing technologies such as homomorphic encryption, private set intersection, secret sharing, secure comparison of integers. They guarantee privacy properties including anonymity, unlinkability, and data minimization. In addition, they are compared to conventional solutions, which do not protect privacy. Our experiments indicate that location data protection constraints can be taken into account in ridesharing services without degrading their performance.

Vie privée

Covoiturage

Technologies renforçant la vie privée

Privacy

Ridesharing

Privacy enhancing technologies

Rigorous and Flexible Privacy Protection Framework for Utilizing Personal Spatiotemporal Data / 個人時空間データ利活用のための厳密で柔軟なプライバシ保護フレムワーク

Yang, Cao

23 March 2017

京都大学 / 0048 / 新制・課程博士 / 博士(情報学) / 甲第20508号 / 情博第636号 / 新制||情||110(附属図書館) / 京都大学大学院情報学研究科社会情報学専攻 / (主査)教授 吉川 正俊, 教授 田中 克己, 教授 岡部 寿男 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM

Differential Privacy

Privacy Preserving Data Publishing

Spatiotemporal data

Personal Data

007