Tag: Security & Privacy

The Psychology of Cookie Banners from a Data Privacy Perspective

By Nico Ebert (ZHAW)

cross-posted from the author’s blog

Many Internet users inside and outside the European Union are very familiar with cookie banners: they pop up on websites, they are often annoying, and it is tedious to really deal with them. Having to state our data sharing and protection preferences over and over again is a questionable concept by itself. But even if we accept the concept of cookie banner as a matter of fact our behavior towards them seems paradox at a first glance.

Continue reading

Too much and too irrelevant: What do users really want to know about privacy?

By Nico Ebert (ZHAW)

cross-posted from WINsights blog

Each of us is confronted with countless privacy notices every day and agrees to the practices described. Most likely we do not even notice this because the privacy information is hidden in long and cumbersome privacy policies. In order to inform users more specifically with more relevant information about privacy, it is first necessary to understand which information is relevant to users at all. Marketing traditionally asks users about their needs, so why not ask users about their needs for privacy information?

Researchers have recently suggested that a specific usage context should be considered to make privacy notices more relevant to users. Therefore, we asked users regarding their needs in very specific contexts. We conducted an explorative online survey of privacy concerns and privacy information preferences with 642 participants in Switzerland for two different contexts. The contexts are loyalty cards (e.g. Cumulus, Supercard or Ikea) and fitness tracking (e.g. Fitbit, Garmin, Apple Health).

Continue reading

What is the value of data privacy?

By Nico Ebert (ZHAW)

The original version of this post was published in German on Privacy Bits and English on vetri.global

In a lecture for the Fair Data Forum, I dealt with the question “What value does data protection have for individuals and what are they willing to pay for it?”

The three data privacy types

As always, there is not one “individual”, as everyone has different data protection preferences and thus, attributes different value to having personal data safeguarded. Therefore, in order to classify individuals, there are different “typologies”. For example, Westin distinguishes between data protection fundamentalists, data protection pragmatists and completely unconcerned individuals. In 2002, Sheehan (2002) selected 889 persons in the USA and classified them with a questionnaire. Conclusion: 16% of the respondents were completely unconcerned about data protection, 81% were classified as pragmatists, and 3% as fundamentalists.

Continue reading

Search engines in the light of privacy, data protection, freedom of information and the right to be forgotten

GoogleIn this post, our new Datalab members Kurt Pärli and Anita Zimmermann from ZHAW’s Zurich Center for Privacy and Dataprotection comment on the recent judment of the European court against Google; see also

Continue reading

Data Anonymization

COLOURBOX4752687_smallI’m glad that Thilo mentioned Security & Privacy as part of the data science skill set in his recent blog post. In my opinion, the two most interesting questions with respect to security & privacy in data science are the following:

  • Data science for security: How can data science be used to make security-relevant statements, e.g. predicting possible large scale cyber attacks based on analysing communication patterns?
  • Privacy for data science: how can data that contains personal identifiable information (PII) be anonymized before providing them to the data scientists for analysis, such that the analyst cannot link data back to individuals? This is typically identified with data anonymization.

This post deals with the second question. I’ll first show why obvious approaches to anonymize data typically don’t offer true anonymity and will then introduce two approaches that provide better protection.

Continue reading