Abstract
Transparency is a basic privacy principle and factor of social trust. However, the processing of personal data along a cloud chain is often rather intransparent to the data subjects concerned. Transparency Enhancing Tools (TETs) can help users in deciding on, tracking and controlling their data in the cloud. However, TETs for enhancing privacy also have to be designed to be both privacy-preserving and usable. In this paper, we provide requirements for usable TETs for the cloud. The requirements presented in this paper were derived in two ways; at a stakeholder workshop and through a legal analysis. Here we discuss design principles for usable privacy policies and give examples of TETs which enable end users to track their personal data. We are developing them using both privacy and usability as design criteria.
Chapter PDF
Similar content being viewed by others
References
Alvaro, A.: Life Cycle Data Protection Management – Ein Beitrag zur Anpassung der europäischen Datenschutzgesetzgebung an die Erfordernisse des 21. Jahrhunderts (January 30, 2013), http://www.alexander-alvaro.de/inhalte/lifecycle-data-protection-management-ein-beitrag-zur-anpassung-der-europaischen-datenschutzgesetzgebung-an-die-erfordernisse-des-21-jahrhunderts/
Andersson, C., Camenisch, J., Crane, S., Fischer-Hübner, S., Leenes, R., Pearson, S., Pettersson, J.S., Sommer, D.: Trust in PRIME. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology. IEEE Xplore (2005)
Angulo, J., Fischer-Hübner, S., Wästlund, E., Pulls, T.: Towards usable privacy policy display and management. Information Management & Computer Security 20(1), 4–17 (2012)
Angulo, J., Fischer-Hübner, S., Pettersson, J.S.: General HCI principles and guidelines for accountability and transparency in the cloud. A4Cloud Deliverable D:C-7.1. A4Cloud Project (September 2013)
Art. 29 Data Protection Working Party (2004). Opinion 10/2004 on More Harmonised Information Provisions. European Commission (November 25, 2004)
Art. 29 Data Protection Working Party. Opinion 1/2010 on the concepts of “controller” and “processor”. European Commission (February 16, 2010)
Art. 29 Data Protection Working Party. Opinion 5/2012 on Cloud Computing. European Commission (July 1, 2012)
Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing network data. IEEE Transactions on Visualization and Computer Graphics 1(1), 16–28 (1995)
European Commission. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Office Journal L. 281 (November 23, 1995)
European Commission. Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM (2012) 11 Final. Brussels (January 25, 2012)
European Commission. Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7 0025/2012 – 2012/0011(COD)). Compromise amendments on Articles 1-29 (Passed October 21, 2013), http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/comp_am_art_01-29/comp_am_art_01-29en.pdf
Fischer-Hübner, S., Zwingelberg, H.: UI Prototypes: Policy administration and presentation - Version 2. PrimeLife Project Deliverable D.4.3.2 (2010), http://primelife.ercim.eu/
Freeman, L.C.: Visualizing social networks. Journal of Social Structure 1(1), 4 (2000)
Hildebrandt, M.: Behavioural biometric profiling and transparency enhancing tools. FIDIS Deliverable, D7.12. FIDIS EU project (2009), http://www.fidis.net/
Holtz, L., Nocun, K., Hansen, M.: Displaying privacy information with icons. In: PrimeLife/IFIP Summer School 2010 Proceedings, Helsingborg, August 2-6 2010. Springer (2011)
Kani-Zabihi, E., Helmhout, M., Coles-Kemp, L.: Increasing Service Users’ Privacy Awareness by Introducing On-line Interactive Privacy Features. In: IAAC Symposium 2011 (2012) (Online)
Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A “Nutrition Label” for Privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS 2009). ACM, Mountain View (2009)
Kolter, J., Netter, M., Pernul, G.: Visualizing past personal data disclosures. In: ARES 2010 International Conference on Availability, Reliability, and Security. IEEE (2010)
Lacohée, H., Crane, S., Phippen, A.: Trustguide: Final Report (2006)
Maguire, M., Bevan, N.: User requirements analysis. In: Mun, M., Hao, S., Mishra, N., Shilton, K., Burke, J., Estrin, D., Hansen, M., Govindan, R. (eds.) Personal Data Vaults: a Locus of Control for Personal Data Streams, CoNEXT 2010, vol. 17. ACM Digital Library (2002)
Nielsen, J.: Usability inspection methods. In: Conference Companion on Human Factors in Computing Systems. ACM (1995)
Patrick, A.S., Kenny, S.: From privacy legislation to interface design: Implementing information privacy in human-computer interactions. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 107–124. Springer, Heidelberg (2003)
Pearson, S., Tountopoulos, V., Catteddu, D., Sudholt, M., Molva, R., Reich, C., Fischer-Hübner, S., Millard, C., Lotz, V., Jaatun, M.G.: Accountability for cloud and other future Internet services. In: IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom). IEEE (2012)
Pettersson, J.S.: HCI Guidelines. PRIME Deliverable D06.1.f. Final Version. PRIME project (2008), https://www.prime-project.eu/
PrimeLife, Privacy and Identity Management in Europe for Life - Policy Languages, http://primelife.ercim.eu/results/primer/133-policy-languages
Pulls, T., Peeters, R., Wouters, K.: Distributed Privacy-Preserving Transparency Logging. In: Workshop on Privacy in the Electronic Society. ACM (2013)
Raskin, A.: Privacy Icons: Alpha Release (2010)
Svensk Författningssamling Riksdagen. Patientdatalag 355 (2008)
W3C, P3P – The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, W3C Working Group Note (November 13, 2006), http://www.w3.org/P3P/
Wästlund, E., Fischer-Hübner, S.: End User Transparency Tools: UI Prototypes. PrimeLife Deliverable D.4.2.2; PrimeLife project (2010), http://primelife.ercim.eu/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Fischer-Hübner, S., Angulo, J., Pulls, T. (2014). How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used?. In: Hansen, M., Hoepman, JH., Leenes, R., Whitehouse, D. (eds) Privacy and Identity Management for Emerging Services and Technologies. Privacy and Identity 2013. IFIP Advances in Information and Communication Technology, vol 421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55137-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-55137-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55136-9
Online ISBN: 978-3-642-55137-6
eBook Packages: Computer ScienceComputer Science (R0)