Jane Henriksen-Bulmer
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
Henriksen-Bulmer, Jane; Faily, Shamal; Jeary, Sheridan
Authors
Shamal Faily
Sheridan Jeary
Abstract
Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions.
Citation
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2020. DPIA in context: applying DPIA to assess privacy risks of cyber physical systems. Future internet [online], 12(5), article 93. Available from: https://doi.org/10.3390/fi12050093
Journal Article Type | Article |
---|---|
Acceptance Date | May 18, 2020 |
Online Publication Date | May 24, 2020 |
Publication Date | May 31, 2020 |
Deposit Date | Sep 16, 2021 |
Publicly Available Date | Nov 23, 2021 |
Journal | Future internet |
Electronic ISSN | 1999-5903 |
Publisher | MDPI |
Peer Reviewed | Peer Reviewed |
Volume | 12 |
Issue | 5 |
Article Number | 93 |
DOI | https://doi.org/10.3390/fi12050093 |
Keywords | Contextual integrity; Privacy; Risk; Data protection impact assessment (DPIA); General data protection regulation (GDPR) |
Public URL | https://rgu-repository.worktribe.com/output/1427724 |
Files
HENRIKSEN-BULMER 2020 DPIA in context (VOR)
(14 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
Copyright Statement
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search