In this paper, we present a novel mechanism that provides individuals with personalised privacy by default setting when they register into a new system or service. The proposed approach consists of an intelligent mechanism that learns users' context and preferences to generate personalised default privacy settings. To achieve this, we used a machine learning approach that requires a minimal number of questions at the registration phase, and, based on users' responses, sets up privacy settings associated to users' privacy preferences for a particular service. This is the first attempt to predict general privacy preferences from a minimal number of questions. We propose two approaches. The first scheme is based on the sole use of SVM to predict users' personalised settings. The second scheme implemented an additional layer that includes clustering. The accuracy of proposed approaches is evaluated by comparing the guessed answers against the answers from a questionnaire administered to 10,000 participants. Results show that, the SVM based scheme is able to guess the the full set of personalised privacy settings with an accuracy of 85%, by using a limited input of only 5 answers from the user.
This paper provides an assessment framework for privacy policies of Internet of Things Services which is based on particular GDPR requirements. The objective of the framework is to serve as supportive tool for users to take privacy-related informed decisions. For example when buying a new fitness tracker, users could compare different models in respect to privacy friendliness or more particular aspects of the framework such as if data is given to a third party. The framework consists of 16 parameters with one to four yes-or-no-questions each and allows the users to bring in their own weights for the different parameters. We assessed 110 devices which had 94 different policies. Furthermore, we did a legal assessment for the parameters to deal with the case that there is no statement at all regarding a certain parameter. The results of this comparative study show that most of the examined privacy policies of IoT devices/services are insufficient to address particular GDPR requirements and beyond. We also found a correlation between the length of the policy and the privacy transparency score, respectively.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.