Besides my professional work for the audit and advisory firm KPMG in Germany, I worked on a PhD dissertation for the past four years, researching privacy aspects within the context of Web 2.0 applications and specifically in social network applications. My PhD dissertation was successfully completed in December 2009 and the publication of my work is available at Verlag Dr. Kovac.
Johann Wolfgang Goethe-University, Frankfurt am Main, Germany
School of Economics and Business Administration
Institute of Business Informatics
Prof. Dr. Kai Rannenberg
T-Mobile Chair of M-Business and Multilateral Security
Stefan Weiss, External PhD Student
Topic of PhD Dissertation: An Information Architecture Framework for Enhancing Privacy in Social Network Applications
Introduction:
New information and communication applications such as social network communities, chat rooms, blogging sites, participatory online games, bookmarking sites, profiling, digging, rating and identity search engines on the so-called Web 2.0 Internet bring about changes in our social behaviour. Tim O'Reilly has characterized the Web 2.0 with user participation and openness. And it will be the openness of the web and the decreasing control each user has over his or her own personal information in such an environment that will influence the way we will look at our identity information and ultimately at our privacy online.
The increasing risk of misuse of personal data processed by those online social network applications is evident from computer science research as well from anecdotal evidence in the form of newspaper articles or blog entries. My research will focus on the required functionalities that a privacy-enhancing solution in a Web 2.0 environment should provide, namely the self-control of ones personal data. It is clearly understood that more personal data collected, displayed, stored and processed in a decentralized environment and across multiple devices causes all sorts of concerns, one being the feeling to loose control. Risks associated with this situation range from identity theft to online and physical stalking, from embarrassment to price discrimination and blackmailing.
The Semantic Web might be able to provide the means to find a solution for a privacy-enhanced social network platform. Structuring data and putting meaning to it may also work for a Web application where specific personally identifiable information in a given context needs to be tagged as ‘private’ and, for example, not to be used for any other purpose as the original purpose at the time of the data collection. But there are also other technical solutions which my research is going to review and evaluate for its fit, namely digital rights management solutions or privacy-enhancing technology.
The main research objectives of my dissertation will be to (1) research the privacy requirements for social network applications in form of interviews with field experts and business executives from provider firms, (2) review and evaluate existing technology on their fit within social software based on the Design-Science approach by Hevner et. al, and (3) reconfirm privacy requirements and a derived ‘solution’ by surveying social software users on the privacy-enhancing features in form of a descriptive online user survey based in the Technology Acceptance Model by Davis 1989.
In order to establish privacy as an integral part of information and communication technology in the future, I am also involved in the privacy standardization initiatives of Working Group 5 of the ISO/IEC JTC1/SC 27 as the project editor for the two new ISO standards for a privacy framework (ISO 29100) and for a privacy reference architecture (ISO 29101).
| 
