A carregar...
Publicação
Location data privacy : principles to practice
Autores
Resumo(s)
Location data is essential to the provision of relevant and tailored information in
location-based services (LBS) but has the potential to reveal sensitive information
about users. Unwanted disclosure of location data is associated with various threats
known as dataveillance which can lead to risks like loss of control, (continuous) monitoring,
identification, and social profiling. Striking a balance between providing a
service based on the user’s location while protecting their (location) privacy is thus a
key challenge in this area. Although many solutions have been developed to mitigate
the data privacy-related threats, the aspects involving users (i.e. User Interfaces
(UI)) and the way in which location data management can affects (location) data
privacy have not received much attention in the literature.
This thesis develops and evaluates approaches to facilitate the design and development
of privacy-aware LBS. This work has explicitly focused on three areas:
location data management in LBS, the design of UI for LBS, and compliance with
(location) data privacy regulation. To address location data management, this thesis
proposes modifications to LBS architectures and introduces the concept of temporal
and spatial ephemerality as an alternative way to manage location privacy. The modifications
include adding two components to the LBS architecture: one component
dedicated to the management of decisions regarding collected location data such as
applying restriction on the time that the service provider stores the data; and one
component for adjusting location data privacy settings for the users of LBS. This
thesis then develops a set of UI controls for fine-grained management of location
privacy settings based on privacy theory (Westin), privacy by design principles and
general UI design principles. Finally, this thesis brings forth a set of guidelines for the
design and development of privacy-aware LBS through the analysis of the General
Data Protection Regulation (GDPR) and expert recommendations.
Service providers, designers, and developers of LBS can benefit from the contributions
of this work as the proposed architecture and UI model can help them
to recognise and address privacy issues during the LBS development process. The
developed guidelines, on the other hand, can be helpful when developers and designers
face difficulties understanding (location) data privacy-related regulations. The
guidelines include both a list of legal requirements derived from GDPR’s text and
expert suggestions for developers and designers of LBS in the process of complying
with data privacy regulation.
Descrição
A thesis submitted in partial fulfillment of the requirements for the degree of Doctor in Information Management, specialization in Geographic Information Systems
Palavras-chave
Location data Location-based services