Usable Privacy in Certifications

This is a general topic about adding usability to privacy certification processes. Many interesting things can be done here, such as studying existing certification processes and criteria evaluating privacy, looking at privacy standards, data protection laws and regulations such as the European GDPR, etc.

Ask for discussions with the supervisor for more information or variations of the project. Email to arrange an appointment at the 9th floor.

Short description

We have done work on developing usability criteria for privacy, described in this article. The topic needs to look at how to apply and integrate what we did in certification processes.

One can either take this topic only as a literature review and theoretical analysis, or as a study involving a realistic IoT system (Internet of Things) as object of certification.

In the first case one would investigate existing privacy related certification processes, their evaluation of specific privacy concepts, and categorize and exemplify these in various ways.

In the second case, one can start by choosing an IoT system (the supervisor can help with that) and look at how to apply our usability criteria to evaluate the usability of the privacy that is provided by the IoT system under certification. IoT prototypes can be created (e.g., using arduino or raspberry Pi) and used as mock-ups of real-life systems; these would be example of 'the ideal product', i.e., meeting all the requirements for certification.

In both cases one can interact with data protection authorities such as Datatilsynet, certification bodies, or IoT companies that are interested in being certified for GDPR compliance or more.

Learning outcomes

The student will learn about usability and methods for evaluating usability. Relevant introductory courses already exist at IFI (e.g. IN1060, IN1050). If you have taken such courses, then the student will learn in depth and maybe more complex methods. Courses exist also at MSc level.

The student will also learn about privacy.

The student needs to be open for legal terminology, since many of the regulations and standards have such wording.

The novelty of the topic relies in studying certification processes, especially related to privacy, and how to add usability evaluation methods to these processes. What exactly this can mean, we can explore together.

Tags: usability, privacy, certification, user studies, HCI, data protection authorities
Published Sep. 5, 2020 1:00 PM - Last modified Sep. 5, 2020 1:00 PM

Scope (credits)