Zwei Workshopbeiträge aus dem TrUSD-Projekt wurden bei den Konferenzen Mensch und Computer 2020 und 28th IEEE International Requirements Engineering Conference akzeptiert. Beide Konferenzen werden dieses Jahr online ausgerichtet.
RE’20/ESPRE 20, Montag, 31.08.2020
Requirement and Quality Models for Privacy Dashboards
Autoren: Denis Feth und Hartmut Schmitt
Privacy dashboards provide means for increasing transparency and self-determination for end-users of different systems and domains. However, there is no generic privacy dashboard that fits all needs. Rather, privacy dashboards are domain-dependent and must consider a variety of requirements of the respective domain. The elicitation and balancing of these requirements is essential for establishing privacy dashboards, but is complex and effort-intense at the same time. In this respect, various quality characteristics need to be considered as well. However, these are highly interdependent and partly conflicting, which further complicates the situation. In this paper, we present generic requirement and quality models that build a common baseline when developing privacy dashboards for different systems or domains. These models are based on the fact that, even though privacy dashboards are domain-specific, they share a lot of common problems and characteristics. Our models provide companies with a comprehensive framework that supports them in the phases of requirements engineering, planning, and design. We show their applicability by applying our models in the domain of workplace privacy dashboards, i.e., privacy dashboards that are used to achieve transparency and self-determination for employees.
mehr Informationen zum Workshop: 7th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE 20)
mehr Informationen/Anmeldung zur Konferenz: 28th IEEE International Requirements Engineering Conference
Mensch und Computer 2020, Sonntag, 06.09.2020
Privacy ad Absurdum: How Workplace Privacy Dashboards Compromise Privacy
Autoren: Svenja Polst und Denis Feth
In times of data-driven business, privacy and data protection are gaining importance. Users and legal bodies require the implementation of privacy-enhancing and transparencyenhancing technologies, such as privacy dashboards. Even though privacy dashboards contribute to privacy and data protection, they may also carry risks themselves. For example, privacy dashboards require access to and collection of quite a huge amount of personal data. This of course leads to a conflict with their primary goal—namely privacy, including data-minimization—and thus leads it ad absurdum. We particularly focus on privacy dashboards for employees as an example technology for transparency and self-determination at their workplace. Conflicts address among others transparency vs. data-minimization, and self-determination vs. social pressure. In this paper, we elaborate such conflicts and discuss corresponding solution strategies.