Undetermined: A semi-academic exploration of the future of European data spaces via science fiction

in First Monday: Peer-reviewed Journal on the Internet (2023)

A backcasting exercise

in First Monday: Peer-reviewed Journal on the Internet (2023)

Data Protection and Consenting Communication Mechanisms: Current Proposals and Challenges

in IEEE eXplore (2022, June 06)

Data Protection and Consenting Communication Mechanisms (DPCCMs) have the potential of becoming one of the most fundamental means of protecting humans’ privacy and agency. However, they are yet to be ... [more ▼]

Data Protection and Consenting Communication Mechanisms (DPCCMs) have the potential of becoming one of the most fundamental means of protecting humans’ privacy and agency. However, they are yet to be improved, adopted and enforced. In this paper, based on the results of a technical document analysis and an expert study, we we identify some of the main technical factors that can be comparison factors between some of the main interdisciplinary challenges of a Human-centric, Accountable, Lawful, and Ethical practice of personal data processing on the Internet and discuss whether the current DPCCMs proposal can contribute towards their resolution. In particular, we discuss the two current open specifications, i.e. the Advanced Data Protection Control (ADPC) and the Global Privacy Control (GPC) based on the identified challenges. [less ▲]

Context, Prioritization, and Unexpectedness: Factors Influencing User Attitudes About Infographic and Comic Consent

in Web Conference Companion Volume (ACM) (2022, April 26)

Being asked to consent to data sharing is a ubiquitous experience in digital services - yet it is very rare to encounter a well designed consent experience. Considering the momentum and importance of a ... [more ▼]

Being asked to consent to data sharing is a ubiquitous experience in digital services - yet it is very rare to encounter a well designed consent experience. Considering the momentum and importance of a European data space where personal information freely and easily flows across organizations, sectors and Member States, solving the long-discussed thorny issue of "how to get consent right" cannot be postponed any further. In this paper, we describe the first findings from a study based on 24 semi-structured interviews investigating participants’ expectations and opinions toward consent in a data sharing scenario with a data trustee. We analyzed various dimensions of a consent form redesigned as a comic and an infographic, including language, information design, content and the writer-reader relationship. The results provide insights into the complexity of elements that should be considered when asking individuals to freely and mindfully disclose their data, especially sensitive information. [less ▲]

What if data protection embraced foresight and speculative design?

in DRS2022: Bilbao (2022)

Due to rapid technological advancements and the growing “datafication” of our societies, individuals’ privacy constitutes an increasingly explored speculative space for regulators, researchers ... [more ▼]

Due to rapid technological advancements and the growing “datafication” of our societies, individuals’ privacy constitutes an increasingly explored speculative space for regulators, researchers, practitioners, designers and artists. This article reports two experiences at a national and an international data protection authority (i.e., the Commission Nationale de l'Informatique et des Libertés - CNIL - and the European Data Protection Supervisor - EDPS - respectively), where foresight methods and speculative design are employed in policy-making with the goal of anticipating technological trends, their implications for society and their impact on regulations, as well as the effects of existing and upcoming laws on emerging technologies. Such initiatives can enhance strategic proactive abilities, raise public awareness of privacy issues and engender a participatory approach to the design of policies. They can also inspire the research, education and practice of legal design. [less ▲]

Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21) (2021, November 15)

A cookie banner pops up when a user visits a website for the first time, requesting consent to the use of cookies and other trackers for a variety of purposes. Unlike prior work that has focused on ... [more ▼]

A cookie banner pops up when a user visits a website for the first time, requesting consent to the use of cookies and other trackers for a variety of purposes. Unlike prior work that has focused on evaluating the user interface (UI) design of cookie banners, this paper presents an in-depth analysis of what cookie banners say to users to get their consent. We took an interdisciplinary approach to determining what cookie banners should say. Following the legal requirements of the ePrivacy Directive (ePD) and the General Data Protection Regulation (GDPR), we manually annotated around 400 cookie banners presented on the most popular English-speaking websites visited by users residing in the EU. We focused on analyzing the purposes of cookie banners and how these purposes were expressed (e.g., any misleading or vague language, any use of jargon). We found that 89% of cookie banners violated applicable laws. In particular, 61% of banners violated the purpose specificity requirement by mentioning vague purposes, including “user experience enhancement”. Further, 30% of banners used positive framing, breaching the freely given and informed consent requirements. Based on these findings, we provide recommendations that regulators can find useful. We also describe future research directions. [less ▲]

Proactive Legal Design for Health Data Sharing based on Smart Contracts

in Corrales Compagnucci, Marcelo; Fenwick, Mark; Wrbka, Stefan (Eds.) Smart Contracts. Technological, Business and Legal Perspectives (2021)

Visualisation Techniques for Consent: Finding Common Ground in Comic Art with Indigenous Populations

in 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (2021)

With emerging technologies such as genome research and the digitization of health records comes the need for new models of informed consent. In this climate of innovation people are often prone to explore ... [more ▼]

With emerging technologies such as genome research and the digitization of health records comes the need for new models of informed consent. In this climate of innovation people are often prone to explore the latest technological advancement as possible solutions, including for informed consent. In this paper, we present the design and evaluation of a so-called low-tech informed consent solution that was designed specifically for the informational and cultural needs of a vulnerable indigenous population, i.e., the San of South Africa. This low-tech solution took the form of a comic and, although it could enhance understanding and identification, the costs and labour intensity of comic design and the deriving limitations on its scalability should be critically considered in the light of a digitised and more standardized solution. [less ▲]

All in one stroke? Intervention Spaces for Dark Patterns

E-print/Working paper (2021)

This position paper draws from the complexity of dark patterns to develop arguments for differentiated interventions. We propose a matrix of interventions with a \textit{measure axis} (from user-directed ... [more ▼]

This position paper draws from the complexity of dark patterns to develop arguments for differentiated interventions. We propose a matrix of interventions with a \textit{measure axis} (from user-directed to environment-directed) and a \textit{scope axis} (from general to specific). We furthermore discuss a set of interventions situated in different fields of the intervention spaces. The discussions at the 2021 CHI workshop "What can CHI do about dark patterns?" should help hone the matrix structure and fill its fields with specific intervention proposals. [less ▲]

Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection

in Design Issues (2020), 36(3), 82-96

Design is a key player in the future of data privacy and data protection. The General Data Protection Regulation (GDPR) established by the European Union aims to rebalance the information asymmetry ... [more ▼]

Design is a key player in the future of data privacy and data protection. The General Data Protection Regulation (GDPR) established by the European Union aims to rebalance the information asymmetry between the organizations that process personal data and the individuals to which that data refers. Machine-readable, standardized icons that present a “meaningful overview of the intended processing” are suggested by the law as a tool to enhance the transparency of information addressed to data subjects. However, no specific guidelines have been provided, and studies on privacy iconography are very few. This article describes research conducted on the creation and evaluation of icons representing data protection concepts. First, we introduce the methodology used to design the Data Protection Icon Set (DaPIS): participatory design methods combined with legal ontologies and machine-readable representations. Second, we discuss some of the challenges that have been faced in the development and evaluation of DaPIS and similar icon sets. Third, we provide some tentative responses and indicate a way forward for evaluation of the effectiveness of privacy icons and their widespread adoption. [less ▲]