Sören Preibusch
German Institute for Economic Research
Königin-Luise-Str. 5, 14191 Berlin, Germany
spreibusch at diw.de
ABSTRACT
Users’ perceptions of a service provider’s privacy principles
constitute a major barrier on Electronic Markets. They lead to
poor conversion rates in the business perspective and a loss
of social welfare due to missed transactions in the economics
perspective. This tutorial addresses both academia and
industry and presents privacy issues in current Electronic
Commerce applications along with technologies to overcome them.
In a first part, the ethical and legal bases of privacy are
portrayed, with a focus on the legislation in the European
Union and the recommendations of the OECD concerning
electronic services. The social dimension is underlined as
inappropriate data processing principles might lead to
discrimination of social groups.
In a second part, current Privacy Enhancing Technologies (PETs)
are summarized, facing Privacy Invasive Technologies (PITs);
secure data mining techniques are confronted with data
inference problems. Special attention is paid to Privacy
Negotiation Techniques as they can conciliate users’ and
service providers’ conflicting preferences in the
privacypersonalization trade-off. Approaches to code (P3P,
APPEL and EPAL) and to communicate (suitable site design,
contextualized presentation) privacy policies are examined
theoretically. They are endorsed by experimental evidence and
case studies from A9.com and Amazon.com. Holistic privacy
protection all along the value chain requires verifiable
compliance of privacy promises towards customers and their
realization in backend processes. A framework for secure
integration of third parties data analysis providers will be
presented. It is shown how business metrics can be calculated
in a privacy compliant way.
Two emerging fields will be covered in the third part: first,
Ubiquitous Computing is a forthcoming threat for privacy.
Pervasive technologies such as RFID allow tracking users’
actions and behaviours. Second, multichannel retailing,
combining traditional stores and electronic retailing, gives
rise to new potential privacy infringements, such as by
linking offline and online identities. Game theoretic and
information economical considerations will conclude the
tutorial along with recommendations for users and
practitioners.
KEYWORDS
Privacy Legislation, Privacy Ethics, PET,
Privacy in Pervasive Computing, Privacy Negotiations,
Multichannel Retailing
Back to
Tutorial Page
