By Nico Ebert (ZHAW)
cross-posted from WINsights blog
Each of us is confronted with countless privacy notices every day and agrees to the practices described. Most likely we do not even notice this because the privacy information is hidden in long and cumbersome privacy policies. In order to inform users more specifically with more relevant information about privacy, it is first necessary to understand which information is relevant to users at all. Marketing traditionally asks users about their needs, so why not ask users about their needs for privacy information?
Researchers have recently suggested that a specific usage context should be considered to make privacy notices more relevant to users. Therefore, we asked users regarding their needs in very specific contexts. We conducted an explorative online survey of privacy concerns and privacy information preferences with 642 participants in Switzerland for two different contexts. The contexts are loyalty cards (e.g. Cumulus, Supercard or Ikea) and fitness tracking (e.g. Fitbit, Garmin, Apple Health).
By Nico Ebert (ZHAW)
The original version of this post was published in German on Privacy Bits and English on vetri.global
In a lecture for the Fair Data Forum, I dealt with the question “What value does data protection have for individuals and what are they willing to pay for it?”
The three data privacy types
As always, there is not one “individual”, as everyone has different data protection preferences and thus, attributes different value to having personal data safeguarded. Therefore, in order to classify individuals, there are different “typologies”. For example, Westin distinguishes between data protection fundamentalists, data protection pragmatists and completely unconcerned individuals. In 2002, Sheehan (2002) selected 889 persons in the USA and classified them with a questionnaire. Conclusion: 16% of the respondents were completely unconcerned about data protection, 81% were classified as pragmatists, and 3% as fundamentalists.
In this post, our new Datalab members Kurt Pärli and Anita Zimmermann from ZHAW’s Zurich Center for Privacy and Dataprotection comment on the recent judment of the European court against Google; see also
I’m glad that Thilo mentioned Security & Privacy as part of the data science skill set in his recent blog post. In my opinion, the two most interesting questions with respect to security & privacy in data science are the following:
- Data science for security: How can data science be used to make security-relevant statements, e.g. predicting possible large scale cyber attacks based on analysing communication patterns?
- Privacy for data science: how can data that contains personal identifiable information (PII) be anonymized before providing them to the data scientists for analysis, such that the analyst cannot link data back to individuals? This is typically identified with data anonymization.
This post deals with the second question. I’ll first show why obvious approaches to anonymize data typically don’t offer true anonymity and will then introduce two approaches that provide better protection.