Go offline with the Player FM app!
S2E27: "Automated Privacy Decisions: Usability vs. Lawfulness" with Simone Fischer-Hübner & Victor Morel
Manage episode 376742863 series 3407760
Today, I welcome Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent). Simone is a Professor of Computer Science at Karlstad University with over 30 years of privacy & security research experience. Victor is a post-doc researcher at Chalmers University's Security & Privacy Lab, focusing on privacy, data protection, and technology ethics.
Together, they share their privacy decision-making classification scheme and research across two dimensions: (1) the type of privacy decisions: privacy permissions, privacy preference settings, consent to processing, or rejection to processing; and (2) the level of decision automation: manual, semi-automated, or fully-automated. Each type of privacy decision plays a critical role in users' ability to control the disclosure and processing of their personal data. They emphasize the significance of tailored recommendations to help users make informed decisions and discuss the potential of on-the-fly privacy decisions. We wrap up with organizations' approaches to achieving usable and transparent privacy across various technologies, including web, mobile, and IoT.
Topics Covered:
- Why Simone & Victor focused their research on automating privacy decisions
- How GDPR & ePrivacy have shaped requirements for privacy automation tools
- The 'types' privacy decisions & associated 'levels of automation': privacy permissions, privacy preference settings, consent to processing, & rejection to processing
- The 'levels of automation' for each privacy decision type: manual, semi-automated & fully-automated; and the pros / cons of automating each privacy decision type
- Preferences & concerns regarding IoT Trigger Action Platforms
- Why the only privacy decisions that you should 'fully automate' are the rejection of processing: i.e., revoking consent or opting out
- Best practices for achieving informed control
- Automation challenges across web, mobile, & IoT
- Mozilla's automated cookie banner management & why it's problematic (i.e., unlawful)
Resources Mentioned:
- "Automating Privacy Decisions – where to draw the line?"
- CyberSecIT at Chalmers University of Technology
- "Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms"
- Consent O Matic browser extension
Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Chapters
1. S2E27: "Automated Privacy Decisions: Usability vs. Lawfulness" with Simone Fischer-Hübner & Victor Morel (00:00:00)
2. Introducing Victor Morel, PhD and Professor Simone Fischer-Hübner, PhD (00:01:45)
3. What motivated Victor & Simone to focus their research on the automation of privacy decisions and publish their paper, "Automating Privacy Decisions where to Draw the Line" (00:04:03)
4. Discussion on the Types of Privacy Decisions identified and Levels of Automation of those decisions - determining whether each is lawful and provides individuals with meaningful control (usability) (00:09:21)
5. Simone's & Victor's findings around the different levels of automation for each type of privacy decision: manual, semi-automated, and fully-automated (00:16:42)
6. Victor describes preferences and concerns regarding IoT Trigger Action Platforms, and his recent co-authored paper, "Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms" (00:22:45)
7. We discuss under which conditions, organizations should enable the automation of privacy decisions while complying with regulations, and which ones should not (00:25:51)
8. We discuss best practices for informed control (00:28:18)
9. Simone & Victor give explain how organizations should think about achieving usable and transparent privacy with automation across technologies through a comprehensive approach (00:31:53)
10. Victor explains the next steps for there research, which will focus on the lawfulness and usability issues of automating privacy decisions in the context of IoT technology (00:35:31)
11. Victor share's Mozilla's approach to automated cookie banner management, and why it's problematic (i.e., unlawful) (00:39:20)
63 episodes
Manage episode 376742863 series 3407760
Today, I welcome Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent). Simone is a Professor of Computer Science at Karlstad University with over 30 years of privacy & security research experience. Victor is a post-doc researcher at Chalmers University's Security & Privacy Lab, focusing on privacy, data protection, and technology ethics.
Together, they share their privacy decision-making classification scheme and research across two dimensions: (1) the type of privacy decisions: privacy permissions, privacy preference settings, consent to processing, or rejection to processing; and (2) the level of decision automation: manual, semi-automated, or fully-automated. Each type of privacy decision plays a critical role in users' ability to control the disclosure and processing of their personal data. They emphasize the significance of tailored recommendations to help users make informed decisions and discuss the potential of on-the-fly privacy decisions. We wrap up with organizations' approaches to achieving usable and transparent privacy across various technologies, including web, mobile, and IoT.
Topics Covered:
- Why Simone & Victor focused their research on automating privacy decisions
- How GDPR & ePrivacy have shaped requirements for privacy automation tools
- The 'types' privacy decisions & associated 'levels of automation': privacy permissions, privacy preference settings, consent to processing, & rejection to processing
- The 'levels of automation' for each privacy decision type: manual, semi-automated & fully-automated; and the pros / cons of automating each privacy decision type
- Preferences & concerns regarding IoT Trigger Action Platforms
- Why the only privacy decisions that you should 'fully automate' are the rejection of processing: i.e., revoking consent or opting out
- Best practices for achieving informed control
- Automation challenges across web, mobile, & IoT
- Mozilla's automated cookie banner management & why it's problematic (i.e., unlawful)
Resources Mentioned:
- "Automating Privacy Decisions – where to draw the line?"
- CyberSecIT at Chalmers University of Technology
- "Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms"
- Consent O Matic browser extension
Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Chapters
1. S2E27: "Automated Privacy Decisions: Usability vs. Lawfulness" with Simone Fischer-Hübner & Victor Morel (00:00:00)
2. Introducing Victor Morel, PhD and Professor Simone Fischer-Hübner, PhD (00:01:45)
3. What motivated Victor & Simone to focus their research on the automation of privacy decisions and publish their paper, "Automating Privacy Decisions where to Draw the Line" (00:04:03)
4. Discussion on the Types of Privacy Decisions identified and Levels of Automation of those decisions - determining whether each is lawful and provides individuals with meaningful control (usability) (00:09:21)
5. Simone's & Victor's findings around the different levels of automation for each type of privacy decision: manual, semi-automated, and fully-automated (00:16:42)
6. Victor describes preferences and concerns regarding IoT Trigger Action Platforms, and his recent co-authored paper, "Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms" (00:22:45)
7. We discuss under which conditions, organizations should enable the automation of privacy decisions while complying with regulations, and which ones should not (00:25:51)
8. We discuss best practices for informed control (00:28:18)
9. Simone & Victor give explain how organizations should think about achieving usable and transparent privacy with automation across technologies through a comprehensive approach (00:31:53)
10. Victor explains the next steps for there research, which will focus on the lawfulness and usability issues of automating privacy decisions in the context of IoT technology (00:35:31)
11. Victor share's Mozilla's approach to automated cookie banner management, and why it's problematic (i.e., unlawful) (00:39:20)
63 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.