Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Enabling Users to Specify Correct Privacy Requirements

: Rudolph, Manuel; Polst, Svenja; Dörr, Jörg

Preprint urn:nbn:de:0011-n-5491237 (719 KByte PDF)
MD5 Fingerprint: db8cde9cdbe4684881d00c2d479c33a2
Erstellt am: 1.8.2019

Knauss, E.:
Requirements Engineering: Foundation for Software Quality, REFSQ 2019. Proceedings : 25th International Working Conference, Essen, Germany, March 18-21, 2019
Cham: Springer International Publishing, 2019
ISBN: 978-3-030-15537-7
ISBN: 978-3-030-15538-4
International Conference on Requirements Engineering - Foundation for Software Quality (REFSQ) <25, 2019, Essen>
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
16KIS0328; IUNO
Nationales Referenzprojekt für IT-Sicherheit in der Industrie 4.0
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
16KIS0898; TrUSD
Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen
Konferenzbeitrag, Elektronische Publikation
Fraunhofer IESE ()
Privacy requirement specification; User type; Specification interface; Objective correctness; Perceived correctness

Privacy becomes more and more important for users of digital services. Recent studies show that users are concerned about having too little control over their personal data. However, if users get more possibilities for self-determining the privacy effecting their personal data, it must be guaranteed that the resulting privacy requirements are correct. This means, they reflect the user’s actual privacy demands. There exist multiple approaches for specifying privacy requirements as an end user, which we call specification paradigms. We assume that a matching of specification paradigms to users based on empirical data can positively influence the objective and perceived correctness. We use the user type model by Dupree, which categorizes users by their motivation and knowledge. We experimentally determined the best match of user types and paradigms. We show that participants with less knowledge and motivation make more mistakes and that a strong limitation of selection options increases objective and perceived correctness of the specified privacy requirements.