Exploring mental models of the right to informational self-determination of office workers in Germany
- Applied privacy research has so far focused mainly on consumer relations in private life. Privacy in the context of employment relationships is less well studied, although it is subject to the same legal privacy framework in Europe. The European General Data Protection Regulation (GDPR) has strengthened employees’ right to privacy by obliging that employers provide transparency and intervention mechanisms. For such mechanisms to be effective, employees must have a sound understanding of their functions and value. We explored possible boundaries by conducting a semistructured interview study with 27 office workers in Germany and elicited mental models of the right to informational self-determination, which is the European proxy for the right to privacy. We provide insights into (1) perceptions of different categories of data, (2) familiarity with the legal framework regarding expectations for privacy controls, and (3) awareness of data processing, data flow, safeguards, and threat models. We found that legal terms often used in privacy policies used to describe categories of data are misleading. We further identified three groups of mental models that differ in their privacy control requirements and willingness to accept restrictions on their privacy rights. We also found ignorance about actual data flow, processing, and safeguard implementation. Participants’ mindsets were shaped by their faith in organizational and technical measures to protect privacy. Employers and developers may benefit from our contributions by understanding the types of privacy controls desired by office workers and the challenges to be considered when conceptualizing and designing usable privacy protections in the workplace.
Document Type: | Article |
---|---|
Language: | English |
Author: | Jan Tolsdorf, Florian Dehling, Delphine Reinhardt, Luigi Lo Iacono |
Parent Title (English): | Proceedings on Privacy Enhancing Technologies |
Volume: | 2021 |
Issue: | 3 |
Number of pages: | 23 |
First Page: | 5 |
Last Page: | 27 |
ISSN: | 2299-0984 |
URN: | urn:nbn:de:hbz:1044-opus-53837 |
DOI: | https://doi.org/10.2478/popets-2021-0035 |
Publisher: | Sciendo |
Publishing Institution: | Hochschule Bonn-Rhein-Sieg |
Date of first publication: | 2021/04/27 |
Copyright: | © 2021 Jan Tolsdorf et al., published by Sciendo. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. |
Funding: | This researchis supported by the German Federal Ministry of Education and Research (BMBF) under the contract number 16KIS0899. |
Keyword: | informational self-determination; mental models; privacy at work; usable privacy controls |
Departments, institutes and facilities: | Fachbereich Informatik |
Institut für Cyber Security & Privacy (ICSP) | |
Projects: | TrUSD - Verbundprojekt: Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen, Teilvorhaben: Konzeptionierung, Implementierung und Evaluation von Privacy Dashboards im Arbeitnehmerdatenschutz (DE/BMBF/16KIS0899) |
Dewey Decimal Classification (DDC): | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten |
Entry in this database: | 2021/04/15 |
Licence (German): | Creative Commons - CC BY-NC-ND - Namensnennung-Nicht kommerziell-Keine Bearbeitung 3.0 |