Dong Liang,Huadong Guo,Stefano Nativi,Markku Kulmala,Zeeshan Shirazi,Fang Chen,Gretchen Kalonji,Dongmei Yan,Jianhui Li,Robert Duerler,Lei Luo,Qunli Han,Siming Deng,Yuanyuan Wang,Lingyi Kong,Thorsten Jelinek

DOI: https://doi.org/10.1038/s41597-023-02803-x

2023-01-01

Scientific Data

Abstract:Digital public goods (DPGs), if implemented with effective policies, can facilitate the realization of the United Nations Sustainable Development Goals (SDGs). However, there are ongoing deliberations on how to define DPGs and assure that society can extract the maximum benefit from the growing number of digital resources. The International Research Center of Big Data for Sustainable Development Goals (CBAS) sees DPGs as an important mechanism to facilitate information-driven policy and decision-making processes for the SDGs. This article presents the results of a CBAS survey of 51 respondents from around the world spanning multiple scientific fields, who shared their expert opinions on DPGs and their thoughts about challenges related to their practical implementation in supporting the SDGs. Based on the survey results, the paper presents core principles in a proposed strategy, including establishment of international standards, adherence to open science and open data principles, and scalability in monitoring SDG indicators. A community-driven strategy to develop DPGs is proposed to accelerate DPG production in service of the SDGs while adhering to the core principles identified in the survey.

Johan Ivar Sæbø,Brian Nicholson,Petter Nielsen,Sundeep Sahay

DOI: https://doi.org/10.48550/arXiv.2108.09718

2021-08-22

Abstract:The purpose of this paper is to define and conceptualize digital global public goods (DGPGs) and illustrate the importance of contextual relevance in ICT4D projects. Recent studies have examined the importance of digital artefacts with public goods traits, emphasizing the significant potential for socio-economic development. However, we know little about the theoretical and practical dimensions of how we can align the public goods traits of such artefacts to create relevance in the context they are implemented. To address this gap we review the literature firstly to develop a definition and conceptual basis of DGPGs and then to illustrate the importance of relevance: how to align DGPGs with context to meet local needs. The illustration draws from a case study of the District Health Information systems (DHIS2). The paper advances both the theoretical and practical understanding of DPGs in development processes.

Computers and Society

Alex Bowyer,Jack Holt,Josephine Go Jefferies,Rob Wilson,David Kirk,Jan David Smeddinck

DOI: https://doi.org/10.1145/3491102.3501947

2022-03-10

Abstract:In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

Human-Computer Interaction

Hamoud Alhazmi,Ahmed Imran,Mohammad Abu Alsheikh

DOI: https://doi.org/10.48550/arXiv.2110.02669

2021-10-06

Computers and Society

Abstract:While digital divide studies primarily focused on access to information and communications technology (ICT) in the past, its influence on other associated dimensions such as privacy is becoming critical with a far-reaching impact on the people and society. For example, the various levels of government legislation and compliance on information privacy worldwide have created a new era of digital divide in the privacy preservation domain. In this article, the concept "digital privacy divide (DPD)" is introduced to describe the perceived gap in the privacy preservation of individuals based on the geopolitical location of different countries. To better understand the DPD phenomenon, we created an online questionnaire and collected answers from more than 700 respondents from four different countries (the United States, Germany, Bangladesh, and India) who come from two distinct cultural orientations as per Hofstede's individualist vs. collectivist society. However, our results revealed some interesting findings. DPD does not depend on Hofstede's cultural orientation of the countries. For example, individuals residing in Germany and Bangladesh share similar privacy concerns, while there is a significant similarity among individuals residing in the United States and India. Moreover, while most respondents acknowledge the importance of privacy legislation to protect their digital privacy, they do not mind their governments to allow domestic companies and organizations collecting personal data on individuals residing outside their countries, if there are economic, employment, and crime prevention benefits. These results suggest a social dilemma in the perceived privacy preservation, which could be dependent on many other contextual factors beyond government legislation and countries' cultural orientation.

Aakash Gautam

DOI: https://doi.org/10.48550/arXiv.2004.07359

2020-04-16

Abstract:A majority of the work on digital privacy and security has focused on users from developed countries who account for only around 20\% of the global population. Moreover, the privacy needs for population that is already marginalized and vulnerable differ from users who have privilege to access a greater social support system. We reflect on our experiences of introducing computers and the Internet to a group of sex-trafficking survivors in Nepal and highlight a few socio-political factors that have influenced the design space around digital privacy. These factors include the population's limited digital and text literacy skills and the fear of stigma against trafficked persons widely prevalent in Nepali society. We underscore the need to widen our perspective by focusing on practicable privacy, that is, privacy practices that are (1) usable, (2) acceptable, and (3) appropriable.

Computers and Society,Cryptography and Security,Human-Computer Interaction

Asmita Verma,Anjula Gurtoo

DOI: https://doi.org/10.1108/dprg-03-2023-0044

2023-10-24

Digital Policy Regulation and Governance

Abstract:Purpose The paper aims to review rules and policy guidelines worldwide around non-personal data (NPD) and evaluate the policies on criteria that allow for the use of data for economic and social good. A review related to diverse policy approaches of various countries remains a research gap, and hence the analysis in the paper is designed with the intention of developing a research framework and providing policy gaps for further exploration. Design/methodology/approach A systematic review of academic and non-academic literature on theoretical foundations, applications of NPD for economic and social good and NPD policies and regulations was conducted to identify the evaluation criteria. A total of 32 dimensions got identified for evaluation. As second step, content analysis was used for evaluation. A total of 13 documents from 6 countries and 1 geographical region were identified for evaluation. The documents were evaluated based on the 32 dimensions spread across 5 domains that facilitate data access and sharing for economic and societal benefit. Findings The analysis highlights three distinct emerging perspectives on data exchange: most policy and regulatory documents acknowledge the importance of identifying different types of NPD and accordingly describing the distinct roles and responsibilities of data actors for leveraging the data; the policy and regulatory frameworks clearly focus on increasing business opportunities, data sharing cooperation and innovation; and findings also demonstrate certain gaps in the policy frameworks such as a more comprehensive discussion on data access and sharing mechanisms, particularly data sandboxes and open data, and concrete norms and rigorous standards regarding accountability, transparency, ownership and confidentiality. Furthermore, policies and regulations may include appropriate incentive structures for data providers and users to ensure unhindered and sustainable access to data for the common good. Originality/value To the best of the authors' knowledge, this paper represents one of the first research contributions evaluating global data policies focused on NPD in the context of its increasing use as a public good. The paper first identifies evaluation criteria for the analysis on public and social good, and, thus, provides a conceptual framework for future research. Additionally, the analysis identifies the broad domains of policy analysis on social and public good for data economics.

English Else

Hamoud Alhazmi,Ahmed Imran,Mohammad Abu Alsheikh

DOI: https://doi.org/10.1109/ACCESS.2022.3144436

2022-01-20

Abstract:Digital privacy has become an essential component of information and communications technology (ICT) systems. There are many existing methods for digital privacy protection, including network security, cryptography, and access control. However, there is still a gap in the digital privacy protection levels available for users. This paper studies the digital privacy divide (DPD) problem in ICT systems. First, we introduce an online DPD study for understanding the DPD problem by collecting responses from 776 ICT users using crowdsourcing task assignments. Second, we propose a factor analysis-based statistical method for generating the DPD index from a set of observable DPD question variables. In particular, the DPD index provides one scaled measure for the DPD gap by exploring the dimensionality of the eight questions in the DPD survey. Third, we introduce a DPD proportional odds model for analyzing the relationship between the DPD status and the socio-demographic patterns of the users. Our results show that the DPD survey meets the internal consistency reliability with rigorous statistical measures, e.g., Cronbach's $\alpha=0.92$. Furthermore, the DPD index is shown to capture the underlying communality of all DPD variables. Finally, the DPD proportional odds model indicates a strong statistical correlation between the DPD status and the age groups of the ICT users. For example, we find that young users (15-32 years) are generally more concerned about their digital privacy than senior ones (33 years and over).

Computers and Society,Cryptography and Security

Maxwell Prybylo,Sara Haghighi,Sai Teja Peddinti,Sepideh Ghanavati

2024-06-09

Abstract:With the increase in the number of privacy regulations, small development teams are forced to make privacy decisions on their own. In this paper, we conduct a mixed-method survey study, including statistical and qualitative analysis, to evaluate the privacy perceptions, practices, and knowledge of members involved in various phases of the Software Development Life Cycle (SDLC). Our survey includes 362 participants from 23 countries, encompassing roles such as product managers, developers, and testers. Our results show diverse definitions of privacy across SDLC roles, emphasizing the need for a holistic privacy approach throughout SDLC. We find that software teams, regardless of their region, are less familiar with privacy concepts (such as anonymization), relying on self-teaching and forums. Most participants are more familiar with GDPR and HIPAA than other regulations, with multi-jurisdictional compliance being their primary concern. Our results advocate the need for role-dependent solutions to address the privacy challenges, and we highlight research directions and educational takeaways to help improve privacy-aware SDLC.

Software Engineering,Human-Computer Interaction

Hamoud Alhazmi,Ahmed Imran,Mohammad Abu Alsheikh

2024-11-19

Abstract:Perception of privacy is a contested concept, which is also evolving along with the rapid proliferation and expansion of technological advancements. Information systems (IS) applications incorporate various sensing infrastructures, high-speed networks, and computing components that enable pervasive data collection about people. Any digital privacy breach within such systems can result in harmful and far-reaching impacts on individuals and societies. Accordingly, IS organisations have a legal and ethical responsibility to respect and protect individuals digital privacy rights. This study investigates people perception of digital privacy protection of government data using the General Data Protection Regulation (GDPR) framework. Findings suggest a dichotomy of perception in protecting people privacy rights. For example, people perceive the right to be informed as the most respected and protected in Information Technology (IT) systems. On the contrary, the right to object by granting and with-drawing consent is perceived as the least protected. Second, the study shows evidence of a social dilemma in people perception of digital privacy based on their context and culture.

Cryptography and Security

Andrew Buzzell

DOI: https://doi.org/10.48550/arXiv.2007.07016

2020-07-14

Abstract:Debate about the adoption of digital contact tracing (DCT) apps to control the spread of COVID-19 has focussed on risks to individual privacy (Sharma & Bashir 2020, Tang 2020). This emphasis reveals significant challenges to ethical deployment of DCT, but generates constraints which undermine justification to implement DCT. It would be a mistake to view this result solely as the successful operation of ethical foresight analysis (Floridi & Strait 2020), preventing deployment of potentially harmful technology. Privacy-centric analysis treats data as private property, frames the relationship between individuals and governments as adversarial, entrenches technology platforms as gatekeepers, and supports a conception of emergency public health authority as limited by individual consent and considerable corporate influence that is in some tension with the more communitarian values that typically inform public health ethics. To overcome the barriers to ethical and effective DCT, and develop infrastructure and policy that supports the realization of potential public benefits of digital technology, a public resource conception of aggregate data should be developed.

Computers and Society,Cryptography and Security

Mohamed Abomhara,Livinus Obiora Nweke,Sule Yildirim Yayilgan,Debora Comparin,Kristel Teyras,Stéphanie de Labriolle

DOI: https://doi.org/10.1007/s10207-024-00905-0

2024-09-04

International Journal of Information Security

Abstract:Privacy by Design (PbD) is a well-known concept that aims to provide a high level of protection for privacy throughout the entire life cycle of systems development. Despite the considerable attention from stakeholders such as researchers, government agencies, and system suppliers, the widespread adoption of PbD faces obstacles due to a lack of knowledge, insufficient awareness of PbD benefits, and the absence of specific implementation guidelines. In this study, stakeholders are identified primarily as diverse participants from government agencies and system suppliers engaged in National Identification Systems (NIDS). Specifically, government agencies representing regulatory bodies and administrators of NIDS, setting the legal framework that governs the NIDS's privacy aspects. The NIDS system suppliers includes private companies playing a crucial role in the development and implementation of NIDS with a focus on privacy considerations. Through the perspectives of NIDS stakeholders, this study aimed to examine the Knowledge, Attitudes and Practices (KAP) of PbD principles and its integration in NIDS. A survey involving 203 participants from government agencies and NIDS system suppliers engaged in NIDS development was conducted. Subsequently, a focus group discussion was held with 11 members to provide qualitative insights into the KAP of PbD. The survey results revealed a significant correlation between attitudes and practices but a weak correlation between knowledge and attitudes or practices. The focus group discussion assured these findings, emphasizing the role of positive attitudes in facilitating PbD practices and highlighting knowledge-practice gaps. In conclusion, this study offers tailored recommendations for improving the integration of PbD in NIDS development. The recommendations includes strategies such as developing training programs, establishing clear guidelines and standards and creating awareness campaigns.

computer science, information systems, theory & methods, software engineering

Charlotte Ducuing,René Herbert Reich

DOI: https://doi.org/10.1177/17835917231152799

2023-01-19

Competition and Regulation in Network Industries

Abstract:Competition and Regulation in Network Industries, Ahead of Print. The circular economy ('CE') is a political goal to shift the economy towards a more circular and sustainable one. Data sharing shall close information gaps in the predominant economy and, hence, form the backbone of the transition to a CE. As part of the recent legislative proposals from the EC, "digital product passports" ('DPPs') are expected to constitute one-stop shops for such data and information delivery. The principal idea of DPPs is to provide product information to interested stakeholders within and outside the product value chain. However, many challenges arise with DPPs, in particular how to reconcile a broad (if no 'open') access to data while preserving the (legally protected) interests of certain actors, and the lack of trust concerning data use and quality between the actors. Our hypothesis are (i.) that such challenges are related to the absence of an appropriate (data) governance model for DPPs and (ii.) that data governance as a main concern within the data economy agenda could inform the regulation and operationalisation of DPPs. We analyse the – lack of - (data) governance of DPPs, both in the literature and in the recent legislative proposals from the EC. We find that data governance is significantly overlooked or considered only from a pure technological perspective (techno-solutionism), which is likely to jeopardise DPPs. As both a confirmation and a way forward, we establish connections to data governance as per the data economy agenda. In turn, the analysis of DPPs governance informs the general discussion on data governance.

Asmita Dalela,Saverio Giallorenzo,Oksana Kulyk,Jacopo Mauro,Elda Paja

DOI: https://doi.org/10.48550/arXiv.2104.04030

2021-04-09

Abstract:Increased levels of digitalization in society expose companies to new security threats, requiring them to establish adequate security and privacy measures. Additionally, the presence of exogenous forces like new regulations, e.g., GDPR and the global COVID-19 pandemic, pose new challenges for companies that should preserve an adequate level of security while having to adapt to change. In this paper, we investigate such challenges through a two-phase study in companies located in Denmark -- a country characterized by a high level of digitalization and trust -- focusing on software development and tech-related companies. Our results show a number of issues, most notably i) a misalignment between software developers and management when it comes to the implementation of security and privacy measures, ii) difficulties in adapting company practices in light of implementing GDPR compliance, and iii) different views on the need to adapt security measures to cope with the COVID-19 pandemic.

Cryptography and Security

Xiang Su,Jarkko Hyysalo,Mika Rautiainen,Jukka Riekki,Jaakko Sauvola,Altti Ilari Maarala,Harri Honko

DOI: https://doi.org/10.48550/arXiv.1605.00833

2016-05-03

Abstract:Privacy is a key challenge for continued digitalization of health. The forthcoming European General Data Protection Regulation (GDPR) is transforming this challenge into regulatory directives. User consent provisioning and coordinating across data services will be the keys in addressing this challenge. We suggest a privacy-driven architecture that provides tools for providing user consent as a service. This enables managing and reusing private health information between a large amount of data sources, individuals and services, even when they are not known beforehand. The proposed architecture integrates data security and semantic descriptions into a trust query framework to provide the required interoperability and co-operation support for future health services. This approach provides benefits for all stakeholders through safer data management, cost and process savings, multi-provider services, and services based on emerging new business models.

Computers and Society,Cryptography and Security

Awatef Issaoui,Jenny Örtensjö,M. Sirajul Islam

DOI: https://doi.org/10.1186/s43093-023-00285-2

2023-12-15

Future Business Journal

Abstract:Abstract The adoption of cloud services offers manifold advantages to public organizations; however, ensuring data privacy during data transfers has become increasingly complex since the inception of the General Data Protection Regulation (GDPR). This study investigates privacy concerns experienced by public organizations in Sweden, focusing on GDPR compliance. A qualitative interpretative approach was adopted, involving semi-structured interviews with seven employees from five public organizations in Sweden. Additionally, secondary data were gathered through an extensive literature review. The collected data were analyzed and classified using the seven privacy threat categories outlined in the LINDDUN framework. The key findings reveal several significant privacy issues when utilizing public cloud services, including unauthorized access, loss of confidentiality, lack of awareness, lack of trust, legal uncertainties, regulatory challenges, and loss of control. The study underscores the importance of implementing measures such as anonymization, pseudonymization, encryption, contractual agreements, and well-defined routines to ensure GDPR compliance. The findings emphasize the importance of implementing measures such as anonymization, pseudonymization, encryption, contractual agreements, and well-defined routines to ensure GDPR compliance. Furthermore, this research highlights the critical aspect of digital sovereignty in addressing privacy challenges associated with public cloud service adoption by public organizations in Sweden.

Lucas Franke,Huayu Liang,Sahar Farzanehpour,Aaron Brantly,James C. Davis,Chris Brown

2024-06-21

Abstract:Background: Governments worldwide are considering data privacy regulations. These laws, e.g. the European Union's General Data Protection Regulation (GDPR), require software developers to meet privacy-related requirements when interacting with users' data. Prior research describes the impact of such laws on software development, but only for commercial software. Open-source software is commonly integrated into regulated software, and thus must be engineered or adapted for compliance. We do not know how such laws impact open-source software development. Aims: To understand how data privacy laws affect open-source software development. We studied the European Union's GDPR, the most prominent such law. We investigated how GDPR compliance activities influence OSS developer activity (RQ1), how OSS developers perceive fulfilling GDPR requirements (RQ2), the most challenging GDPR requirements to implement (RQ3), and how OSS developers assess GDPR compliance (RQ4). Method: We distributed an online survey to explore perceptions of GDPR implementations from open-source developers (N=56). We further conducted a repository mining study to analyze development metrics on pull requests (N=31462) submitted to open-source GitHub repositories. Results: GDPR policies complicate open-source development processes and introduce challenges for developers, primarily regarding the management of users' data, implementation costs and time, and assessments of compliance. Moreover, we observed negative perceptions of GDPR from open-source developers and significant increases in development activity, in particular metrics related to coding and reviewing activity, on GitHub pull requests related to GDPR compliance. Conclusions: Our findings motivate policy-related resources and automated tools to support data privacy regulation implementation and compliance efforts in open-source software.

Software Engineering

Ponnurangam Kumaraguru,Niharika Sachdeva

DOI: https://doi.org/10.48550/arXiv.1410.3942

2014-10-15

Computers and Society

Abstract:Several ICT studies give anecdotal evidences showing privacy to be an area of concern that can influence adoption of technology in the developing world. However, in-depth understanding of end users' privacy attitudes and awareness is largely unexplored in developing countries such as India. We conducted a survey with 10,427 Indian citizens to bring forth various insights on privacy expectations and perceptions of end users. Our study explores end-users' privacy expectations on three ICT platforms - mobile phones, OSN (Online Social Network), and government projects. Our results, though preliminary, show that users disproportionately consider financial details as personal information in comparison to medical records. Users heavily use mobile phones to store personal details and show high trust in mobile service providers for protecting the private data. However, users show concerns that mobile service provider may allow improper access of their personal information to third parties and government. We also find that female participants in the study were marginally more conscious of their privacy than males. To the best of our knowledge, this work presents the largest privacy study which benchmarks privacy perceptions among Indian citizens. Understanding users' privacy perceptions can help improve technology adoption and develop policies and laws for improving technology experience and enabling development for a better life in India.

Mehdi Barati

DOI: https://doi.org/10.29379/jedem.v15i1.759

2023-12-15

Abstract:This study presents a narrative review of the literature on privacy concerns of Open Government Data (OGD) programs and identifies suggested technical, procedural, and legal remedies. Peer-reviewed articles were identified and analysed from major bibliographic databases, including Web of Science, Digital ACM Library, IEEE Explore Digital Library and Science Direct. Included articles focus on identifying individual information privacy concerns from the viewpoint of OGD stakeholders or providing solutions for mitigating concerns and risks. Papers that discussed and focused on general privacy issues or privacy concerns of open data in general or open science privacy concerns were excluded. Three streams of research were identified: 1) exploring privacy concerns and balance with OGD value propositions, 2) proposing solutions for mitigating privacy concerns, and 3) developing risk-based frameworks for the OGD program at different governmental levels. Findings suggest that contradictions with Fair Information Practices, reidentification risks, conflicts with OGD value propositions, and smart city data practices are significant privacy concerns in the literature. Proposed solutions include technical, legal, and procedural measures to mitigate privacy concerns. Building on the findings, practical implications and suggested future research directions are provided.

Computers and Society,Databases,Information Retrieval

Susanne Barth,Dan Ionita,Pieter Hartel

DOI: https://doi.org/10.1145/3502288

IF: 16.6

2023-04-30

ACM Computing Surveys

Abstract:Privacy visualizations help users understand the privacy implications of using an online service. Privacy by Design guidelines provide generally accepted privacy standards for developers of online services. To obtain a comprehensive understanding of online privacy, we review established approaches, distill a unified list of 15 privacy attributes and rank them based on perceived importance by users and privacy experts. We then discuss similarities, explain notable differences, and examine trends in terms of the attributes covered. Finally, we show how our results provide a foundation for user-centric privacy visualizations, inspire best practices for developers, and give structure to privacy policies.

computer science, theory & methods

Agnieszka Rychwalska,Geoffrey Goodell,Magdalena Roszczynska-Kurasinska

DOI: https://doi.org/10.24908/ss.v19i1.13986

2021-03-05

Abstract:Data harvesting and profiling have become a de facto business model for many businesses in the digital economy. The surveillance of individual persons through their use of private sector platforms has a well-understood effect on personal autonomy and democratic institutions. In this article, we explore the consequences of implementing data-rich services in the public sector and, specifically, the dangers inherent to undermining the universality of the reach of public services, the implicit endorsement of the platform operators by the government, and the inability of members of the public to avoid using the platforms in practice. We propose a set of good practices in the form of design principles that infrastructure services can adopt to mitigate the risks, and we specify a set of design primitives that can be used to support the development of infrastructure that follows the principles. We argue that providers of public infrastructure should adopt a practice of critical assessment of the consequences of their technology choices.