Thorben Burghardt

Understanding User Preferences and Awareness: Privacy Mechanisms in Location-Based Services

Location based services (LBS) let people retrieve and share information related to their current position. Examples are Google Latitude or Panoramio. Since LBS share user-related content, location information etc., they put user privacy at risk. Literature has proposed various privacy mechanisms for LBS. However, it is unclear which mechanisms humans really find useful, and how they make use of them. We present a user study that addresses these issues. To obtain realistic results, we have implemented a geotagging application on the web and on GPS cellphones, and our study participants use this application in their daily lives. We test five privacy mechanisms that differ in the awareness, mental effort and degree of informedness required from the users. Among other findings, we have observed that in situations where a single simple mechanism does not meet all privacy needs, people want to use simple and sophisticated mechanisms in combination. Further, individuals are concerned about the privacy of others, even when they do not value privacy for themselves.

PRIMO - Towards Privacy Aware Image Sharing

A growing number of users in Web 2.0 based social network sites and photo sharing portals upload millions of images per day. In many cases, this leads to serious privacy threats. The images reveal not only the personal relationships and attitudes of the uploader, but of other persons displayed in the images as well. In this paper, we propose the PRIMO system architecture for privacy-aware image sharing. Our approach is based on semantic annotations, face recognition and user-defined privacy rules. PRIMO connects to many social network sites and photo sharing portals via the OpenSocial API and proprietary interfaces.

Collaborative Search And User Privacy: How Can They Be Reconciled?

Collaborative search engines (CSE) let users pool their resources and share their experiences when seeking information on the web. However, when shared, search terms and links clicked reveal user interests, habits, social relations and intentions. In other words, CSE put privacy of users at risk. This seriously limits the proliferation and acceptance of CSE. To address the problem, we have carried out a qualitative study that identifies the privacy concerns of CSE users. In particular, our study reveals the range and type of concerns when sharing query terms and search results with different social groups, e.g., family members or colleagues. To control the information shared, the participants of our study have called for anonymity and reciprocity in combination with time- and/or context-dependent conditions. To facilitate the specification of privacy preferences, we define a general policy structure to express privacy needs in the context of CSE. We also give an approach to address the reciprocity condition identified in the study, and we discuss options to anonymize sharing of query terms.

A Study on the Lack of Enforcement of Data Protection Acts

Data privacy is a fundamental human right, not only according to the EU perspective. Each EU state implements sophisticated data protection acts. Nevertheless, there are frequent media reports on data privacy violations. The scientific and the political community assume that data protection acts suffer from a lack of enforcement. This paper is an interdisciplinary study that examines this hypothesis by means of empirical facts on juridical assessment criteria – and validates it. We have inspected 100 service providers, from social online platforms to web shops. Our study considers legal requirements of the privacy policy and how providers ask for consent and react to requests for information or deletion of personal data. Our study is based on articles of German law that have a counterpart in the EU Directive 95/46/EC. Thus, our study is relevant for all EU states and all countries with similar regulations.

Search-log anonymization and advertisement: are they mutually exclusive?

The revenue of search-engine providers strongly depends on targeted advertisement. Targeted advertisement is becoming more reliant on personal data. This puts user privacy at risk. One way to improve privacy is to anonymize search logs, but this reduces usefulness for ad placement. Further, the usefulness depends on the target function used for the anonymization. This paper is the first to study this tradeoff systematically. We quantify the usefulness of an anonymized search log for advertisement purposes, by estimating outcomes such as the number of clicks on ads or the number of ad impressions possible after anonymization. A main result is that anonymized search logs are still useful for advertisement purposes, but the extent strongly depends on the target function.

Discovering the Scope of Privacy Needs in Collaborative Search

Collaborative search engines (CSE) are an upcoming trend in WWW search. CSE let knowledge workers concert their efforts and support user collaboration. However, search terms and links clicked that are shared among users reveal their interests, habits, social relations and intentions. Thus, CSE might put the privacy of the users at risk. In this paper, we describe our first steps towards discovering the scope of privacy needs in CSE. We identify common components of CSE, and we describe typical use cases and user groups. Based on these information, we explore the range of privacy threats that might arise from query and link sharing. Furthermore, we outline a conceptual framework to explore the privacy needs of CSE users. Finally, we describe two findings from preliminary study results: first, our participants were less concerned about what providers might learn, but wanted to restrict information disclosed to people in their social network. Second, we have identified a new class of reciprocal privacy preferences, which allow or prohibit information disclose depending on the behavior of others.

Das datenschutzrechtliche Vollzugsdefizit im Bereich der Telemedien — ein Schreckensbericht

ZusammenfassungDie Autoren untersuchen das datenschutzrechtliche Vollzugsdefizit im Anwendungsbereich des Telemediengesetzes. Ihr Ergebnis ist, dass das Ausmaß des datenschutzrechtlichen Vollzugsdefizits der von außen zu überprüfenden datenschutzrechtlichen Pflichten der Anbieter „erschreckend“ ist. Nur einem ganz geringen Teil der Anbieter gelingt es, sich rechtskonform zu verhalten.