Professor Claudia Roda

Home | Research | Privacy links

  The American University Of Paris

Privacy Links | Privacy Workshop | Privacy Course

Introductory material | Usability studies | User studies | Regulation | Privacy issues with specific tools and practices or in specific environments | Tools to verify privacy | Tools for privacy protection | Technology issues | Reference sites | About privacy statements and use conditions | Small Cyber-Privacy Dictionary

Introductory Material

  • van den Hoven, Jeroen, Blaauw, Martijn, Pieters, Wolter and Warnier, Martijn, "Privacy and Information Technology", The Stanford Encyclopedia of Philosophy (Winter 2014 Edition), Edward N. Zalta (ed.), forthcoming URL = <>, First published Thu Nov 20, 2014
  • Managing your identity, tutorial 2: Protecting your Privacy- Internet Society, January 2013 - Before reading this tutorial you should think what are the important issues in online privacy from your point of view. Are they addressed by the tutorial?
  • Freedom and the Social Contract, Vinton G. Cerf, september 2013 Communications of the ACM 56(9) - a short reflection on the debate over preserving privacy and national security
  • A Primer on Metadata: Separating Fact from Fiction - Ann Cavoukian, Information and Privacy Commissioner Ontario, Canada July 2013 - "A Primer on Metadata: Separating Fact from Fiction, explains that metadata can actually be more revealing than accessing the content of our communications. The paper aims to provide a clear understanding of metadata and disputes popular claims that the information being captured is neither sensitive, nor privacy-invasive, since it does not access any content. Given the implications for privacy and freedom, it is critical that we all question the dated, but ever-so prevalent either/or, zero-sum mindset to privacy vs. security. Instead, what is needed are proactive measures designed to provide for both security and privacy, in an accountable and transparent manner."
  • Surveillance, Then and Now: Securing Privacy in Public Spaces - Ann Cavoukian, Information and Privacy Commissioner Ontario, Canada June 2013 - "Surveillance is growing, as are the technologies that extend its reach. But surveillance that facilitates the sustained monitoring of people engaged in everyday activities in public is, in Justice Gerard La Forest’s unforgettable words, “an unthinkable prospect in a free and open society such as ours.” The purpose of this paper is to assist law enforcement, lawmakers, and the broader public in understanding and protecting our fundamental right to privacy with respect to surveillance by the state of our activities in public spaces through the use of ever-growing new technologies. A proactive Privacy by Design approach is central to designing and implementing the regulatory framework needed to properly supervise state surveillance. It is our experience that, where the use of a particular surveillance technology is justified, proportionate, and effective at delivering public safety, a proactive positive-sum approach is available that will ensure that privacy, accountability, and transparency are embedded into the legal and technical design specifications of any proposed surveillance system. Whatever the future holds, we know that, in addition to privacy and freedom, people will require safety and security. We believe that now, and for the foreseeable future, it is essential that we strive to have both, in tandem. Freedom must be preserved from both terrorism and tyranny. While eternal vigilance will be required to secure our fundamental rights, including our right to privacy, we remain confident that we can have both public safety and personal privacy in public spaces. There is neither reason, nor need, to settle for anything less."
  • Two tales of privacy in online social networks. Seda Gürses and Claudia Diaz. In IEEE Security & Privacy Magazine Vol. 11(3):29-37, Special Issue on Social Networks, May/June 2013. "Privacy is one of the friction points that emerges when communications get mediated in Online Social Networks (OSNs). Different communities of computer science researchers have framed the ‘OSN privacy problem’ as one of surveillance, institutional or social privacy. In tackling these problems they have also treated them as if they were independent.We argue that the different privacy problems are entangled and that research on privacy in OSNs would benefit from a more holistic approach. In this article, we first provide an introduction to the surveillance and social privacy perspectives emphasizing the narratives that inform them, as well as their assumptions, goals and methods. We then juxtapose the differences between these two approaches in order to understand their complementarity, and to identify potential integration challenges as well as research questions that so far have been left unanswered."
  • Hero or Villain: The Data Controller in Privacy Law and Technologies. Claudia Diaz, Omer Tene, and Seda Gürses. To appear at the Ohio State Law Journal 74(6), 78 pages, 2013. "This Article demonstrates that an analysis of the assumptions and principles underlining privacy enhancing technologies (PETs) highlights the gap between the constitutional and information privacy frameworks. It argues that by embracing PETs, information privacy law can recalibrate to better protect individuals from surveillance and unwanted intrusions into their private lives."
  • Understanding the landscape of privacy technologies. Claudia Diaz and Seda Gürses. Extended abstract of invited talk in proceedings of the Information Security Summit, pp. 58-63, 2012 "In the last decades, much effort has been devoted to research on privacy across different subfields in computer science (e.g., security engineering, data mining, HCI), resulting in a broad range of solutions for addressing the “privacy problem”. Privacy is a multifaceted and complex concept that can be tackled from very different perspectives. Existing solutions rely on different definitions of privacy as well as on a variety of (often implicit) social and technical assumptions. As a result, it is hard for non-experts to understand the privacy research landscape and to put available technologies into context. In this paper we provide an overview of the landscape of privacy technologies following the classification in three privacy research paradigms proposed by Gürses [11,14]. For each of these paradigms we describe their conception of privacy and the types of privacy threats that the technologies are meant to address, present representative examples of technologies that have been proposed to address these threats, and discuss their distinguishing characteristics."
  • The Electronic Frontier Foundation’s Who has your back? Third Annual Report on Online Service Providers’ Privacy and Transparency Practices Regarding Government Access to User Data- April 30, 2013 UPDATE: May 13, 2013 - "When you use the Internet, you entrust your conversations, thoughts, experiences, locations, photos, and more to companies like Google, AT&T and Facebook. But what do these companies do when the government demands your private information? Do they stand with you? Do they let you know what’s going on? In this annual report, the Electronic Frontier Foundation examined the policies of major Internet companies — including ISPs, email providers, cloud storage providers, location based services, blogging platforms, and social networking sites — to assess whether they publicly commit to standing with users when the government seeks access to user data. The purpose of this report is to incentivize companies to be transparent about how data flows to the government and encourage them to take a stand for user privacy whenever it is possible to do so."
  • Global Coalition States Principles to Protect Human Rights from Surveillance - EFF August 1, 2013
  • The 5 biggest online privacy threats of 2013- Melissa Riofrio PC-World Apr 8, 2013
  • Why Privacy Matters Even if You Have 'Nothing to Hide' - The article is an excerpt from Daniel J. Solove's book, Nothing to Hide: The False Tradeoff Between Privacy and Security, Yale University Press 2011"Legal and policy solutions focus too much on the problems under the Orwellian metaphor—those of surveillance—and aren't adequately addressing the Kafkaesque problems—those of information processing. [...] Commentators often attempt to refute the nothing-to-hide argument by pointing to things people want to hide. [...] Surveillance, for example, can inhibit such lawful activities as free speech, free association, and other First Amendment rights essential for democracy. The deeper problem with the nothing-to-hide argument is that it myopically views privacy as a form of secrecy. In contrast, understanding privacy as a plurality of related issues demonstrates that the disclosure of bad things is just one among many difficulties caused by government security measures. [...] One such harm, for example, which I call aggregation, emerges from the fusion of small bits of seemingly innocuous data. [...] Another potential problem with the government's harvest of personal data is one I call exclusion. Exclusion occurs when people are prevented from having knowledge about how information about them is being used, and when they are barred from accessing and correcting errors in that data. [...] a kind of due-process problem[...]. A related problem involves secondary use. Secondary use is the exploitation of data obtained for one purpose for an unrelated purpose without the subject's consent. How long will personal data be stored? How will the information be used? What could it be used for in the future? The potential uses of any piece of personal information are vast. [...] Yet another problem with government gathering and use of personal data is distortion. [...] Privacy is often threatened not by a single egregious act but by the slow accretion of a series of relatively minor acts. In this respect, privacy problems resemble certain environmental harms, which occur over time through a series of small acts by different actors. Although society is more likely to respond to a major oil spill, gradual pollution by a multitude of actors often creates worse problems.
  • Sarah Spiekermann. 2012. The challenges of privacy by design. Commun. ACM 55, 7 (July 2012), 38-40.
  • The right to be forgotten across the pond. Meg Leta Ambrose and Jef Ausloos, Journal of Information Policy3 (2013): 1-23.
  • Schaar, Peter, “Privacy by Design”, Identity in the Information Society, Vol. 3, Issue 2, August 2010, pp. 267-274.
  • Rooy, Dirk, and Jacques Bus, “Trust and privacy in the future Internet – a research perspective”, Identity in the Information Society, Vol. 3, Issue 2, August
  • Finn, Rachel, David Wright and Michael Friedewald, “Seven Types of Privacy” in Serge Gutwirth, Yves Poullet et al. (eds.), European data protection: coming of age?, Springer, Dordrecht, 2013.
  • Alessandro Acquisti and Jens Grossklags. Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1):26 – 33, January/February 2005.
  • B. Berendt, O. G¨unther, and S. Spiekermann. Privacy in E-Commerce: Stated Preferences vs. Actual Behavior. Communications of the ACM, 48(4):101–106, 2005
  • European Data Protection Supervisor, Opinion of March 2010 on privacy in the digital age: “Privacy by Design” as a key tool to ensure citizens’ trust in ICTs
  • Syllabus and Course Material on Privacy technology by George Danezis
  • ENISA: Privacy and Data Protection by Design - This report contributes to bridging the gap between the legal framework and the available technolog-ical implementation measures by providing an inventory of existing approaches, privacy design strat-egies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services.
  • ENISA: Roadmap for NIS education programmes in Europe - ENISA is one of the key stakeholders in Europe in the area of Network and Information Security (NIS). Given its positioning, ENISA is active in the area of education and awareness, using its knowledge to promote NIS skills and supporting the Commission in enhancing the skills and competence of professionals in this area. This document continues work from previous activities by suggesting training materials, scenarios and a way forward for implementing the EC roadmap for NIS education in Europe (1). In doing so, the Agency has recognised the heterogeneous landscape of Europe in this area.
  • Books:
    • The googlisation of everything
    • The new digital age
    • Program or be programmed
    • Datafication
  • General Awareness material:
    • This Facebook Privacy Simulator The game generates increasingly surreal supposed Facebook privacy settings -- which players must check, uncheck, opt into or opt out of before a timer ticks down. This is an alternative way to highlight the issue of digital privacy using humor and gaming.
    • Hot on Your Trail: Privacy, Your Data and Who has access to it a video that illustrates a single day in the life of an average person and maps out what information is being unknowingly shared and with who
    • Tracking the Trackers a TED talk that demonstrates who is watching your online activities when you are going about your average daily habit
    • Data Brokers Infographic

Usability studies

User studies

  • Europe vs. US personal information sharing habits infographic
  • This Pew Internet study September 2013 "Anonymity, Privacy, and Security Online" finds that most internet users would like to be anonymous online, but often feel it is not possible. "86% of internet users have taken steps online to remove or mask their digital footprints."
  • This EUROBAROMETER 2011report, Attitudes on Data Protection and Electronic Identity in the European Union, finds, amongst many others insights, that "74% of the Europeans see disclosing personal information as an increasing part of modern life; that Information considered as personal is, above all, financial information (75%), medical information (74%), and national identity numbers or cards and passports (73%); that only one-third of Europeans are aware of the existence of a national public authority responsible for protecting their rights regarding their personal data (33%) and that Just over a quarter of social network users (26%) and even fewer online shoppers (18%) feel in complete control.
  • EC Policy Brief: CONSENT - Consumer sentiment regarding privacy on user generated content services in the digital economy (November 2013)

Regulations: Recommendations / Resolutions

Privacy issues with specific tools and practices

Privacy issues in specific environments

  • At work:
  • At School:
  • Transport system
    • November 2014: Autoalliance, the alliance of automobile manufacturer is an association of 12 vehicle manufacturer, has published a list of principles they are willing to embed in their systems to protect consumer data privacy and maintain the trust of the customers.
    • Will Privacy Concerns Associated with Future Transport Systems Restrict the Public's Freedom of Movement? Procedia - Social and Behavioral Sciences, Volume 48, 2012, Pages 941-950 Scott Cruickshanks, Ben Waterson "[...] This paper examines the methodology and results of a mail survey conducted in the UK. This survey seeks to ascertain whether in the eyes of the public the potential benefits of future transport systems will outweigh the loss of personal information. The results of the survey support the fears that the advent of some future ITS applications will cause some people to travel with less freedom. It also highlights several key groups that are the most likely to reject future ITS, with contributing factors being elderly, poorly educated, female, from an ethnic minority group and/or having little experience of using the latest transport technologies"
  • Smart spaces
    • Challenges in Retaining Privacy in Smart Spaces - Procedia Computer Science, Volume 19, 2013, Pages 556-564 Jimmy C. Chau, Thomas D.C. Little "[...] occupants. The privacy of the information manipulated by smart spaces quickly becomes a key barrier in realizing the full value of ambient systems and is the focus of this paper. We approach this challenge first by surveying current privacy definitions and mechanisms (access control, k-anonymity, and differential privacy) under the assumption of ambient sensors and networking found in smart spaces. We then identify how existing approaches are not suitable for smart spaces under major smart space privacy scenarios and propose adaptations with strong potential for addressing these scenarios."
  • Medical records:
    • ZocDoc Claims "ZocDoc takes your privacy seriously. We’ve made our policy as clear as possible so you can rest assured that you’re in good hands."Privacy Policy
    • Insurers Test Data Profiles to Identify Risky Clientsdf
    • Article CVS, the drugstore chain is expanding its ExtraCare rewards program for prescription drugs, but to join consumers must give up healthcare privacy protections under HIPAA
    • Privacy Rights Clearinghouse offers more in depth fact sheet of California prescription and privacy.
    • Healthcare Data Breach is on the rise infographic
    • EU data protection applied to health data:

Tools to verify privacy (not all of these tools have been tested, the fact that they are listed here does not constitute a recommendation. In fact we recommend that you verify carefully who are the authors of these tools before using them)

  • Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Available from EFF
  • Use ShieldsUp to check if anybody can connect to your machine using the Universal Plug 'n Play (UPnP) facility. You may be interested also in the FAQ
  • info-graphic on the effectiveness of TOR + HTTPS. Available from EFF
  • shows your IP address and some of the associated information, another similar tool is pof
  • smartwhois provides information about domain names
  • Check browser headers using or Andy Langton's checker - these tools show the information sent by your browser when you request a web page. BrowserSpy also gives suggestions on how to avoid providing private information
  • Probaly the best tool for checking privacy in web browsing JonDonym Anonymitytest
  • Realtime Privacy Monitoring on Smartphones: TaintDroid is a realtime monitoring service that analyses how private information is obtained and released by applications "downloaded" to consumer phones
  • Collusionis a nice-looking visualization tool to see who's tracking your browser activity in real time now evolved in lightbeam- it works in Firefox
  • When publishing an image you may want to check what Exif metadata is included. There are several tools to do this, for example ImgOps takes the URL of an image and provides all associated metadata information, Camera Summaryand Metapicz do the same thing but can be used both by giving an URL or uploading an image file

Tools for privacy protection (not all of these tools have been tested, the fact that they are listed here does not constitute a recommendation. In fact we recommend that you verify carefully who are the authors of these tools before using them)

  • EFF's Surveillance Self Defense: defensive technology - basic technical information on how to protect the privacy of your data
  • A study of usage and geo-location of major anonymation systems - Bingdong Li, Esra Erdin, Mehmet Hadi Güneş, George Bebis, and Todd Shipley. 2011. An analysis of anonymity technology usage. In Proceedings of the Third international conference on Traffic monitoring and analysis (TMA'11), Jordi Domingo-Pascual, Yuval Shavitt, and Steve Uhlig (Eds.). Springer-Verlag, Berlin, Heidelberg, 108-121.
  • VPN - reference to be found
  • The TOR project - TOR offers protection at the TCP/IP (transport) level and offers protection against traffic analysis which can be used either to obtain identification information or for profiling or for information extraction."Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going. ". TOR is complex to use so end-user normally use it with an user interface called Vidalia. To ensure privacy at higher levels that transport (HTTP) on should use the TOR browser bundle.
  • JonDoFox - JonDoFox combined with JAP/JonDo orTor provides a comprehensive solution that covers all layers (TCP/IP, HTTP and application).
  • Blocking ads:
    • Adblock claims to block ads, not clear how well it works.
    • Network Advertising Initiative offers "Consumer" opt- out (note that this does not mean that ads will no longer be received, and as far as I can tell, not even that they will not be collecting your data, so read carefully)
  • Wickr is a free downloadable app that works on both android and iphones with a tagline of "The internet is forevor. Your private communications don't need to be." Claims to offer ("military-grade" encryption of text, picture, audio and video messages/ sender-based control over who can read mesaages, where and for how long.)
  • Manage privacy settings
    • My Permissions a social networking permission management app that allows you to manage all of your settings in one place
    • Privacyfix one dashboard for most used social networking privacy settings
  • Malwarebytes Anti-Malware Malwarebytes Anti-Malware is a tool for removing trojans, worms, and other malware from windows computers and android mobile devices. It is a google product that claims to off a "robust malware protection, but it goes further to protect your privacy from apps with overreaching permissions or other vulnerabilities."
  • Disconect claims to let you visualize & block the invisible websites that track you
  • Stop Being Watched Web cam anti-virus software
  • Freedom box beta they say: "We're building software for smart devices whose engineered purpose is to work together to facilitate free communication among people, safely and securely, beyond the ambition of the strongest power to penetrate. They can make freedom of thought and information a permanent, ineradicable feature of the net that holds our souls."
  • Mask Me free service attempts to obscure your true e-mail address, phone number and credit card account numbers while conducting Web transactions.
  • Exif Scrubber Software offers a way to delete the Exif metadata from your image files that could be potentially revealing (such as device, unique device number, location/date/time of photo and more.)
  • Review of "free webmail for better privacy"

Technology issues

Reference sites, associations and conferences

About privacy statements and use conditions

  • conditions of use and sale, Cookies and internet advertising, privacy notice
  • The makers of the social media privacy management app Mypermissions has used their attempted "standardization" approach to develop a certification for other apps and developers. This is an example of an attempt to standardize privacy policies and act as a mediator between companies and users to the management of the complexities of privacy policies. Though this approach is moving in the right direction there are many questions about how how reliable this company is to be an authority on the subject as well as factors that may be influencing their decision making. For instance, they offer a free version, but also a paid version in which they offer a/b testing and "trend alerts."
  • AppPrivacy free privacy policy generator
  • Sleights of privacy: framing, disclosures, and the limits of transparency Idris Adjerid Alessandro Acquisti Laura Brandimarte George Loewenstein (2013) - In an effort to address persistent consumer privacy concerns, policy makers and the data industry seem to have found common grounds in proposals that aim at making online privacy more "transparent." Such self-regulatory approaches rely on, among other things, providing more and better information to users of Internet services about how their data is used. However, we illustrate in a series of experiments that even simple privacy notices do not consistently impact disclosure behavior, and may in fact be used to nudge individuals to disclose variable amounts of personal information. In a first experiment, we demonstrate that the impact of privacy notices on disclosure is sensitive to relative judgments, even when the objective risks of disclosure actually stay constant. In a second experiment, we show that the impact of privacy notices on disclosure can be muted by introducing simple misdirections that do not alter the objective risk of disclosure. These findings cast doubts on the likelihood of initiatives predicated around notices and transparency to address, by themselves, online privacy concerns.

Small Cyber-Privacy Dictionary

  • PET - Privacy Enhancing Technologies
  • PIA - Privacy Impact Assessment
  • PII - Personal Identifiable Information

Lecture: Digital tightrope: Use and abuse of perceptual technologies - Scientific meeting on Perceptual technologies: from laboratory to real life at the Laboratorio di Azione, Percezione e Cognizione, San Raffaele 1.6.2017

Interview: Le design de l'attention (digitalsocietyforum) 26.11.2015

Seminar: Attention automatisée et design d’interface : Eyes tracking, GoogleGlass et Quantified Self – Le design de l’attention: Création et Automatisation - Institut de recherche et d’innovation Centre Pompidou and Biennale internationale de design de Saint-Etienne 24 March 2014

Panelist: Privacy in Computer Science Education – Computer, Privacy & Data Protection (CPDP) Conference 2015

On BBC-World The Forum: about interruptions - 12.1.2015

AUP's Principal Scientist for the PRIPARE project (PReparing Industry to Privacy-by-design by supporting its Application in REsearch) launched October 1st 2013.

Older news and events



(c) 2013-2015 Claudia Roda