Privacy as control

In the context of legislation and other regulation, attention is often paid to the individual’s ability to control what happens to the information disclosed about them. The idea is that in many cases, users must disclose information in order to receive services, meaning that it cannot be kept secret. In such cases, the user should retain the right to decide what happens to the disclosed information and how it may be used. Technical systems should also support this perspective, that is, they should

1. provide the user with the possibility to express how they want the service provider to use their data. In other words, the user should be able to prevent the use of data for undesired purposes.
2. enable policies within the organisation that prevent the misuse of user data, i.e. take into account users’ specifications regarding the use of their data.

This section examines techniques that make it possible to implement privacy as control. These include privacy settings through which users can express their preferences, and techniques that support the automatic negotiation of privacy policies across the boundaries of different services. A large part of the protection provided by these techniques is based on trust directed at the entity collecting the data. In other words, it is assumed that the service provider implements users’ specifications regarding data use and does not itself misuse the data it collects. At the end of the section, a few points are mentioned on how users can obtain information about the realisation of this protection.

Risks of disclosure may also increase when users are given the possibility to control the use of data. Users may not be interested, may not understand the consequences, may not read the terms, and may be completely unaware of the type of data use they have consented to. In such cases, users may unintentionally compromise their private data through their own actions.

Support for privacy settings

Through privacy settings, users can express in online services how service providers may process their data, particularly how it may be disclosed to other users or shared with third parties. However, it has been shown that the complexity of privacy settings makes them barely usable. Poor usability leads to users configuring settings incorrectly, that is, defining settings that do not correspond to what they expect from privacy. This in turn leads to unintended disclosure of information.

To address the problem, several methods have been proposed to identify groups of users with similar privacy needs, to serve as bases for privacy settings. In this way, users would not need to familiarise themselves with the settings. However, these methods have their own problems. For example, grouping may require so much information that it itself becomes a privacy issue, or the settings may become too restrictive, preventing data sharing and thereby limiting the benefits of the service. The greatest problem, however, is that although settings tailored for a large group work well for the majority of users, they discriminate against users who have special privacy needs. In such cases, if users cannot influence their settings, some of them may be unable to use the service. The configuration of privacy settings suffers from the same problems as usability in security in general: it is not the user’s primary goal when using a service. Complexity, long terms of use containing legal text, lack of interest, and the possible “nothing to hide” attitude do not make the problem easier, and there is currently no perfect solution.

Support for transferring privacy policies between services

In online services, efforts can also be made to transfer users’ privacy settings between different services so that the user does not need to configure them separately for each service. For example, the W3C Platform for Privacy Preferences Project (P3P) is a standard that allows websites to encode privacy policies. Browsers capable of interpreting P3P can compare a service’s privacy policies with those set by the user. However, P3P cannot ensure that the service provider actually complies with its policies. There are also other approaches—such as purpose-based access control or sticky policies—that can ensure that the purpose of data processing is consistent with privacy policies. For example, sticky policies accompany the data from one service to another and define how it may be used. These methods use cryptographic mechanisms to ensure that even the service provider must comply with them.

Support for interpreting privacy

For users to set the desired privacy settings, they must understand the service’s privacy policy. These often describe the settings at length and in complex terms, include legal language, and change over time. From the user’s perspective, they are difficult to understand.

There are two approaches to improving users’ understanding. One relies on expert assessments in naming, analysing, and evaluating the necessity of existing privacy policies. The other approach aims to automate interpretation using machine learning-based methods. Users can, for example, ask questions about website privacy policies in natural language, and the tool provides a visual representation of the policies, specifying what information is collected, why it is collected, and how it is shared.

Answer the questions.

Question 1

What form of privacy control can you use if you suspect that a service provider collecting your data may misuse it?

By using machine learning-based methods, you can determine whether the collector is doing something with your data that you do not want.

You can simply choose not to use the service if it asks for more information than you are willing to entrust to it.

You modify your data so that its disclosure to outsiders would not cause harm.

You examine the report produced by P3P on the provider’s compliance with its policies.

You use a personal data intermediary service (or application) that you trust, which connects to the target service and provides it with your personal data only as needed.

Privacy and transparency (advanced)

Unlike technologies that aim to limit data disclosure, transparency mechanisms aim to analyse users’ activities in information networks. These mechanisms can

• provide feedback on the impact of actions on privacy - by “mirroring”, i.e. displaying—possibly also with visualisations—how others perceive the situation when the user changes their privacy settings. - by presenting “educational” notifications about settings or content that the user is about to publish on a platform.
• verify that privacy has not been violated. This is done based on detailed logs of personal data processing.

Mirroring and log checking (= auditing) do not prevent privacy violations, as both are reactive measures. If the user has already disclosed information to a service, these mechanisms also require trust in the service provider, in the same way as control-based techniques.

Posting submission...