Data Science made in Switzerland

Ein Blog der ZHAW Zürcher Hochschule für Angewandte Wissenschaften

Tag: Security & Privacy

Data protection – are we really paradoxical?

1. February 2021 / / 1 Comment

By Nico Ebert (ZHAW)

translated from the original German language version published at Inside IT

A common narrative in practice sounds something like this: “people claim data protection is important to them, but in reality they give away everything on the internet anyway”. There are also some science studies that seem to prove this again and again: that we are generally careless with our and other personal data and that we consider data protection important but neglect it in everyday life. For example, a “pizza experiment” with 3,000 students at a US university in 2017 concluded that a free pizza was enough of an incentive to reveal the email addresses of three fellow students (Athey et al. 2017).

Continue reading

The Psychology of Cookie Banners from a Data Privacy Perspective

13. October 2020 / / 0 Comments

By Nico Ebert (ZHAW)

cross-posted from the author’s blog

Many Internet users inside and outside the European Union are very familiar with cookie banners: they pop up on websites, they are often annoying, and it is tedious to really deal with them. Having to state our data sharing and protection preferences over and over again is a questionable concept by itself. But even if we accept the concept of cookie banner as a matter of fact our behavior towards them seems paradox at a first glance.

Continue reading

Too much and too irrelevant: What do users really want to know about privacy?

26. April 2020 / / 0 Comments

By Nico Ebert (ZHAW)


cross-posted from WINsights blog

Each of us is confronted with countless privacy notices every day and agrees to the practices described. Most likely we do not even notice this because the privacy information is hidden in long and cumbersome privacy policies. In order to inform users more specifically with more relevant information about privacy, it is first necessary to understand which information is relevant to users at all. Marketing traditionally asks users about their needs, so why not ask users about their needs for privacy information?

Researchers have recently suggested that a specific usage context should be considered to make privacy notices more relevant to users. Therefore, we asked users regarding their needs in very specific contexts. We conducted an explorative online survey of privacy concerns and privacy information preferences with 642 participants in Switzerland for two different contexts. The contexts are loyalty cards (e.g. Cumulus, Supercard or Ikea) and fitness tracking (e.g. Fitbit, Garmin, Apple Health).

Continue reading

What is the value of data privacy?

23. May 2019 / / 0 Comments

By Nico Ebert (ZHAW)

The original version of this post was published in German on Privacy Bits and English on vetri.global

In a lecture for the Fair Data Forum, I dealt with the question “What value does data protection have for individuals and what are they willing to pay for it?”

The three data privacy types

As always, there is not one “individual”, as everyone has different data protection preferences and thus, attributes different value to having personal data safeguarded. Therefore, in order to classify individuals, there are different “typologies”. For example, Westin distinguishes between data protection fundamentalists, data protection pragmatists and completely unconcerned individuals. In 2002, Sheehan (2002) selected 889 persons in the USA and classified them with a questionnaire. Conclusion: 16% of the respondents were completely unconcerned about data protection, 81% were classified as pragmatists, and 3% as fundamentalists.

Continue reading

Search engines in the light of privacy, data protection, freedom of information and the right to be forgotten

25. August 2014 / / 0 Comments

GoogleIn this post, our new Datalab members Kurt Pärli and Anita Zimmermann from ZHAW’s Zurich Center for Privacy and Dataprotection comment on the recent judment of the European court against Google; see also

Continue reading

Data Anonymization

5. March 2014 / / 0 Comments

COLOURBOX4752687_smallI’m glad that Thilo mentioned Security & Privacy as part of the data science skill set in his recent blog post. In my opinion, the two most interesting questions with respect to security & privacy in data science are the following:

  • Data science for security: How can data science be used to make security-relevant statements, e.g. predicting possible large scale cyber attacks based on analysing communication patterns?
  • Privacy for data science: how can data that contains personal identifiable information (PII) be anonymized before providing them to the data scientists for analysis, such that the analyst cannot link data back to individuals? This is typically identified with data anonymization.

This post deals with the second question. I’ll first show why obvious approaches to anonymize data typically don’t offer true anonymity and will then introduce two approaches that provide better protection.

Continue reading