Abstract
Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the “correct” risk level on e.g. a five-point scale. In this paper, we argue that a more scientific quantification of privacy risk increases accuracy and reliability and can thus make it easier to build privacy-friendly systems. We discuss how the impact and likelihood of privacy violations can be decomposed and quantified, and stress the importance of meaningful metrics and units of measurement. We suggest a method of quantifying and representing privacy risk that considers a collection of factors as well as a variety of contexts and attacker models. We conclude by identifying some of the major research questions to take this approach further in a variety of application scenarios.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For example, Recital 47 on the legal basis of “legitimate interest” requires“taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.”
- 2.
See GDPR Recital 75: “The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data” [11].
References
Albakri, A., Boiten, E., de Lemos, R.: Risks of sharing cyber incident information. In: 1st International Workshop on Cyber Threat Intelligence Management (CyberTIM) (2018, to appear)
Boiten, E.: What is the unit of security? (2016). FOSAD Summer School 2016. http://www.sti.uniurb.it/events/fosad16/Programme.html
Brooks, S., Garcia, M., Lefkovitz, N., Lightman, S., Nadeau, E.: An introduction to privacy engineering and risk management in federal systems. Technical report NIST IR 8062, National Institute of Standards and Technology, Gaithersburg, MD, January 2017. https://doi.org/10.6028/NIST.IR.8062
Calder, A., Watkins, S.: IT Governance: An International Guide to Data Security and ISO27001/ISO27002. Kogan Page, London (2015)
Cavoukian, A.: Privacy by design: the 7 foundational principles (2011). https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf
Commission Nationale de l’Informatique et des Libertés: Methodology for privacy risk management: How to implement the data protection act (2012). https://www.goo.gl/o3aN85
Commission Nationale de l’Informatique et des Libertés: Privacy impact assessment (PIA) 1: Methodology (2018). https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-1-en-methodology.pdf
Commission Nationale de l’Informatique et des Libertés: Privacy impact assessment (PIA) 3: Knowledge bases (2018). https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011). https://doi.org/10.1007/s00766-010-0115-7
Eckhoff, D., Wagner, I.: Privacy in the smart city - applications, technologies, challenges and solutions. IEEE Commun. Surv. Tutorials 20(1), 489–516 (2018). https://doi.org/10.1109/COMST.2017.2748998
European Parliament and Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC
Evans, K.: Vidal-hall and risk management for privacy breaches. IEEE Secur. Priv. 13(5), 80–84 (2015). https://doi.org/10.1109/MSP.2015.94
Information Commissioner’s Office: Data Protection Impact Assessments (DPIAs) (2018). https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/
Information Commissioner’s Office (ICO): Guide to the General Data Protection Regulation (GDPR), May 2018. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 501–510. ACM, Pittsburgh (2012)
Liu, K., Terzi, E.: A framework for computing the privacy scores of users in online social networks. ACM Trans. Knowl. Discov. Data 5(1), 6:1–6:30 (2010). https://doi.org/10.1145/1870096.1870102
Meng, W., Ding, R., Chung, S.P., Han, S., Lee, W.: The price of free: privacy leakage in personalized mobile in-app ads. In: NDSS. Internet Society (2016). https://doi.org/10.14722/ndss.2016.23353
National Institute of Standards and Technology (NIST): Guide for Conducting Risk Assessments. NIST Special Publication 800-30 r1, September 2012. https://doi.org/10.6028/NIST.SP.800-30r1
Nissenbaum, H.: Privacy as contextual integrity. Wash. L. Rev. 79, 119 (2004)
Open Web Application Security Project: OWASP Risk Rating Methodology (2018). https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
Pérez-Peña, R., Rosenberg, M.: Strava Fitness App Can Reveal Military Sites, Analysts Say. https://www.nytimes.com/2018/01/29/world/middleeast/strava-heat-map.html
SnoopWall: Flashlight apps threat assessment report (2014). https://lintvwish.files.wordpress.com/2014/10/flashlight-spyware-appendix-2014.pdf
Solove, D.J.: A taxonomy of privacy. Univ. Pennsylvania Law Rev. 154(3), 477–564 (2006). https://doi.org/10.2307/40041279
Stahl, F., Burgmair, S.: OWASP Top 10 Privacy Risks Project (2017). https://www.owasp.org/index.php/OWASP_Top_10_Privacy_Risks_Project
Stevens, S.S.: On the theory of scales of measurement. Science 103(2684), 677–680 (1946)
Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(05), 557–570 (2002)
Wagner, I.: Evaluating the strength of genomic privacy metrics. ACM Trans. Priv. Secur. 20(1), 2:1–2:34 (2017). https://doi.org/10.1145/3020003
Wagner, I., Eckhoff, D.: Technical privacy metrics: a systematic survey. ACM Comput. Surv. (CSUR) 51(3) (2018)
Acknowledgment
This work was supported by the UK Engineering and Physical Sciences Research Council (EPSRC) grant EP/P006752/1. We thank Lee Hadlington, Richard Snape, and the expert participants of our workshop on “Privacy risk: harm, impact, assessment, metrics” in January 2018 for their thoughts and discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Wagner, I., Boiten, E. (2018). Privacy Risk Assessment: From Art to Science, by Metrics. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2018 2018. Lecture Notes in Computer Science(), vol 11025. Springer, Cham. https://doi.org/10.1007/978-3-030-00305-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-00305-0_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00304-3
Online ISBN: 978-3-030-00305-0
eBook Packages: Computer ScienceComputer Science (R0)