Braunschweig by Steffen Schwarz
Photo: Steffen Schwarz

Call For Papers

Participation in a digital society

The 17th IFIP Summer School on Privacy and Identity Management takes a holistic approach to society and technology, supporting interdisciplinary research exchange through keynote lectures, tutorials, workshops, and paper presentations.

In particular, we welcome contributions combining any of the following perspectives: anthropological, economic, ethical, historical, legal, media & communication, regulatory, sociological, critical, surveillance, technical, philosophical, disabilites, political, and psychological studies.

The IFIP Summer School encourages not only interdisciplinary but also broader diversity. It particularly welcomes submissions on how to foster gender and cultural balance in privacy research and policy, and notably tutorials and workshops about how to raise awareness in these matters.

Theme

Digital technology has become part of the everyday practices of the majority of people all around the world. Participation in practices that involve digital systems allows people to benefit from the various advantages they provide. However, with moving traditional processes online, this digital participation often becomes inevitable, since there are in some cases only limited options to access services without using digital tools. This poses major challenges with respect to user privacy and the control over personal information. Also, populations are highly diverse, which is not always taken into consideration for technology and data practices. This often leads to more adverse effects on People of Color and queer, especially trans, people. People also differ in age and ability, with an increasing aging population, there is large mobility between cultures and countries, and there is now the generally accepted demand that as many people in a society as possible should be able to participate in its activities, including people with physical, sensory, cognitive or psychological limitations. This creates challenges in the design of digital systems, not least in aspects related to privacy and identity management. This also includes participation in design processes. The discussion of these issues in the context of privacy is just beginning, and the summer school aims to create a platform for creating awareness and facilitating interactions and knowledge exchanges around these issues.

Four-phase review process

The research paper presentations and the workshops focus on involving students, and on encouraging the publication of high-quality, thorough research papers by students and young researchers. To this end, the School will have a four-phase review process for submitted papers.

  1. Extended abstracts: at least 2 and at most 4 pages; from these submissions, the PC chairs select papers in the scope of the call for presentation.
  2. A full length draft (up to 16 pages), in Springer LNCS format, is required to be submitted for accepted submissions before the Summer School. It will appear in the pre-proceedings.
  3. At the summerschool each author will give a 20min presentation followed by a 10min discussion. The discussion will be started by an author of another paper by naming a strength, a weakness and a starting question for the discussion.
  4. Before the second review phase, students have time to revise their papers, taking into account the comments they recieved and the discussion that took place at the Summer School. These revised, full papers are reviewed soon after the Summer School by Programme Committee members.

Based on these reviews, papers might be accepted, conditionally accepted, or rejected. Accepted and (after satisfactory revision) conditionally accepted papers will be included in the Summer School’s proceedings, which will be published by Springer.

In addition to research papers, the we also invite submissions for workshops and tutorials.

A workshop is an interactive session that is planned for one or two hours. In it, participants jointly work on a topic or project that is related to the theme of the summer school. Workshops actitivies are summarized in short papers that recapitulate the outcome and the kinds of discussion raised in the School, for inclusion in the post-proceedings. Proposals for workshops should contain a 2-page statement presenting the topic and summarising the planned activity and the expected contributions from the audience members, e.g. responding to a questionnaire or conducting a small experiment. Proposers should indicate whether any special equipment is needed for the workshop, such as audio-visual systems or computational equipment and support.

Tutorials are one or two hour long presentations. They should deal with topics that are of interest for the interdisciplinary audience in the summer school. They should provide knowledge on theoretical, empirical, methodological, practical or other aspects relevant for the summer school. Proposals should contain a 2-page summary and state the level and background required for audience members to follow the tutorial.

Possible Topics (can include, but are not limited to)

Technical and Organisational Measures for Privacy

  • ‘by-design and default’ mechanisms for: privacy, value-sensitivity, ethics, human rights, impact and risk assessments, data protection on the ground
  • data breach notification and its side effects
  • integration of privacy and security into agile development
  • privacy-enhancing technologies (PETs) and transparency-enhancing technologies (TETs)
  • privacy and identity management (services, technologies, infrastructures, usability aspects, legal and socio-economic aspects)
  • privacy and security in citizens’ digital communications, online platforms platforms, e-mail and instant messaging
  • usable privacy & security
  • privacy by design for and with populations who encounter obstacles participating in digital activities, e.g. because of cultural differences, physical, cognitive or mental impairement

Law, Regulation and Governance

  • regulatory regimes and instruments
  • governance institutions and regulatory bodies, formal or informal, soft law or hard law
  • complementarity and friction between data subject rights, security, and privacy-by-design
  • interactions, i.e. compliance, overlaps and conflicts in between data protection and other norms (e.g., NIS2 directive, GDPR, PSD2, upcoming ePrivacy regulation, draft AI act)
  • data justice, data fairness and equity
  • (digital) participation of data subjects in regulatory and governance institutions or bodies
  • fundamental rights and accountability in technology and data practices
  • data breaches, data retention and law enforcement

Effects

  • effects of technology on discrimination, social profiling, social exclusion, digital divides, digital dividends, data sovereignty, communities, societies and cultures
  • effects of legislative or regulatory initiatives on privacy or identity
  • effects concerning social accountability
  • effects of censorship and surveillance on free speech, assembly and democratic processes/participation

Metrics, Standards and Ethics

  • privacy and security evaluation, metrics, certifications, certification mechanisms, auditing experiences, standards, and seals
  • privacy protection and, in particular, confidentiality of communications by both traditional players/incumbents and over the top media services
  • regulatory regimes and instruments, including ethical frameworks

Training and Education for Privacy

  • awareness-raising, digital literacy and data (infrastructure) literacy – research ethics and approvals
  • social accountability
  • training and education methodologies

Socio-technical Perspectives on Privacy and Data Protection

  • awareness, attitudes, skills and behaviour of citizens and organisations (including SMEs) regarding data privacy, surveillance, and (cyber)security
  • approaches for diversity, non-discrimination and democratic enhancement
  • surveillance, surveillance pressures, chilling effects
  • critical perspectives on data practices
  • relation between privacy, public values and AI-based systems, and (global) consequences for policy and society
  • socio-cultural practices, perspectives and (dis)trust by users/employees regarding data-driven technologies and data capture and processing, in various spheres of life (health, smart cities, banking, media, education, law enforcement)
  • social care, community care, integrated care and opportunities as well as threats to individual and community privacy
  • data economy and ecosystems, new business models
  • trade-offs between participation in digital cultures and privacy aspects
  • historical development of privacy-friendly or harmful data practices

Why should I submit?

Accepted papers will receive thorough discussions during the School and provide students with an opportunity to be published in the IFIP AICT series by Springer. Students who present a paper can receive a course certificate.

Course certificates for 1,5 or in total 3 ECTS at PhD level can be issued by Karlstad University:

  • 1,5 ECTS will be awarded for participation in at least 80% of the program, and for the delivery of a 1000-words-essay on how own research is relevant in comparison with or can be inspired by the summer school sessions.

  • Additional 1,5 ECTS will be awarded to students who in addition to delivering a pre-event abstract of their own research article, pass a peer review of a full article based on feedback from the summer school that will be performed post-event.

We encourage submissions from students from emerging economies: it is possible to apply for support from the IFIP Digital Equity Fund to ease student travel.

Programme

Times indicated are Central European Summer Time - CEST (Berlin, Germany)

Tuesday, 30.08.2022

9:00 - 9:15 Opening

9:15 - 10:15 Keynote: Christian Buggedei
How to build organisations for privacy-friendly solutions

10:15 - 10:30 Break

10:30 - 12:00 Session: Privacy and User Perception
Session Chair: Joachim Meyer

Vera Schmitt
Influence of Privacy Knowledge on Privacy Attitudes in the Domain of Location-Based Services

Abylay Satybaldy
Usability Evaluation of SSI Digital Wallets

Eva Pöll, Marco Hünseler
Promises and Problems in the Adoption of Self-Sovereign Identity Management from a Consumer Perspective

12:00 - 12:45 Break Virtual Lunch

12:45 - 13:45 Workshop
Yannic Meier
Raising awareness for privacy risks and supporting protection in the light of digital inequalities

13:45 - 14:00 Break

14:00 - 15:00 Session: Data Protection Information
Session Chair: Joachim Meyer

Emre Kocyigit
Towards Assessing Quality Attributes of Dark Patterns in Cookies Consent Processes

Olga Gkotsopoulou
Accessibility statements and data protection notices: what can data protection law learn from the concept of accessibility?

Wednesday, 31.08.2022

9:00 - 10:00 Keynote: Welde Tesfay
Empowering end users’ privacy-related decision making with ML-enabled PETs

10:00 - 10:15 Break

10:15 - 11:45 Session: Data Protection Regulation
Session Chair: Felix Bieker

Weiqiang Wang
Reforming Intermediary Liability in the Digitized Platform Economy

Muhammed Demircan
Digital Markets Act and GDPR: Making Sense of the Data-Sharing Provisions

11:45 - 12:30 Break Virtual Lunch

12:30 - 13:30 Tutorial
Arianna Rossi
Getting out of the ethico-legal maze of social media data scraping

13:30 - 13:45 Break

13:45 - 14:45 Keynote: Mary Shnayien
On privacy, (digital) media and reproductive rights in a post-Roe America

Thursday, 01.09.2022

9:00 - 10:00 Workshop
Simone Fischer-Hübner, Marit Hansen, Meiko Jensen and Ano Nymous
Privacy-Enhancing Technologies and Anonymization in Light of GDPR and Machine Learning

10:00 - 10:15 Break

10:15 - 11:45 Session: Privacy and Machine Learning
Session Chair: Ina Schiering

Shokofeh Vahidiansadegh, Lena Wiese
Ecual: a cybErseCurity platform for biclUstering ALgorithms

Yuping Yan
KDDP: A Practical and Privacy-Preserving Scheme for Federated Learning

Pablo Trigo Kramcsák
Data governance and lawfulness of personal data processing for AI development

11:45 - 12:30 Break Virtual Lunch

12:30 - 13:30 Workshop
Jesús García-Rodríguez, David Goodmann and Stephan Krenn
Privacy-Preserving Industry Applications - From Research to Industry

13:30 - 13:45 Break

13:45 - 14:45 Session: Differential Privacy
Session Chair: Ina Schiering

Michael Khavkin, Eran Toch
Selecting Personal Differential Privacy Budget: A Simulated Analysis

Dmitry Prokhorenkov
Compliance implications and security objectives from the Differential Privacy and GDPR focus

Friday, 02.09.2022

9:00 - 10:00 Keynote: Os Keyes
Participation before Data: Historicising Trans Counterpower

10:00 - 10:15 Break

10:15 - 11:15 Session: Privacy, Ethics and Identity
Session Chair: Michael Friedewald

Catherine Yue
Privacy and Ethical Concerns of Brain-Computer Interfaces

Ana Fernandez Inguanzo
The relation between privacy, data protection and identity

11:15 - 11:30 Break

11:30 - 12:30 Workshop
Murat Karaboga, Michael Friedewald, Frank Ebbers and Greta Runge
What is there to criticize about voice, speech and face recognition?

12:30 - 13:00 End of event remarks and outlook for next year

Keynotes

Os Keyes - Participation before Data: Historicising Trans Counterpower

Abstract: In an era increasingly characterised by the hype around (and fear of) big data, notions of both participatory data practices and data counterpower are increasingly discussed. Both are valuable, but both are seen as relatively novel and untested. Are they? In this talk I will contextualise the idea of democratic data engagement and the use of data to “talk back” to those in power within the history of transgender (“trans”) medicine. Demonstrating the long historic arc of these practices - an arc that starts before modern AI - I will discuss what lessons can be learned from the successes and failures of early digital trans activism.

Os Keyes (Website) is a researcher and writer at the University of Washington. Their work focuses on questions of gender, disability, technology and power, with a particular interest in machine learning, biomedicine and the intersection thereof. An inaugural Ada Lovelace Fellow, their work has been published in CSCW, CHI, Cultural Studies and a range of media venues, including Vice, Wired and Logic magazines.


Dr. Welderufael B. Tesfay - Empowering end users’ privacy-related decision making with ML-enabled PETs

Abstract: Over the last decades, the advancement of the Internet and the digital services built on the Internet infrastructure have dramatically changed the way people interact with each other as well as the way they execute daily activities. This new dynamism forces users to generate large amounts of data. While such a huge amount of data is useful in a number of fields, such in medical research, it also poses unprecedented threats for user’s privacy. In this talk, we will explore the application of machine learning techniques to build privacy preserving tools. Such tools empower the user in making informed-privacy related decisions, by also considering the user’s regulatory rights to privacy and informational self-determination.

Welderufael (aka Welde) is a Senior Researcher in information privacy and security at the Chair of Mobile Business & Multilateral Security at Goethe University Frankfurt am Main. He holds a Ph.D. degree in computer science from Goethe University Frankfurt, a Master of Science in Computer Science and Engineering with specialization in Mobile Systems from Luleå University of Technology, and Bachelor of Science in Computer Science and Engineering from Mekelle Institute of Technology (MIT-Tigray). His research lays at the ‘symbiosis’ of user-centric approaches to information privacy protection, data protection regulations (e.g., the EU GDPR), and applied machine learning & NLP techniques. He endeavors to design and develop “intelligent” tools that empower the user in making informed privacy-related decisions regarding sensitive information disclosures by also taking the user’s regulatory rights into account. Additionally, since 2013, he has been working in various security and privacy related projects funded by the European Commission.


Dr. des. Mary Shnayien - On privacy, (digital) media and reproductive rights in a post-Roe America

Abstract: On June 24, 2022, the Supreme Court of the United States of America overruled Roe v. Wade, thereby ending the constitutional right to abortion. As Roe v. Wade was rooted in the right to privacy, its overturning sparked a discussion about whether anyone the state deems to be responsible for childbirth not only loses their right to have an abortion, but their right to privacy in a broader sense. My talk will contextualize these discussions in respect to the history of privacy and media, as well as examine viral advice on safeguarding one’s privacy online, such as deleting period tracking apps as means of protection against hostile legislation.

Mary Shnayien is a postdoctoral researcher associated with the Institute for Media Studies at Ruhr University Bochum and member of the DFG Research Network /Gender, Media and Affect/. She holds a PhD in media studies and comes from a background of theatre, media and gender studies. Her dissertation “Die unsicheren Kanäle. Negative und queere Sicherheit in Kryptologie und Informatik” will be published with /transcript/ this fall and focuses on the history and mediality of concepts of security in cryptology, IT security, and queer activism. Other research areas include digital cultures, economies, and infrastructures, as well as political affects and the intersections of media, gender, and race.


Christian Buggedei - How to build organisations for privacy-friendly solutions

Abstract: One of the key challenges is to manage the different stakeholders: There Private citizens who don’t want to have their privacy compromised. Then there are corporations that rely on access to that same data for their business models. And there is society, represented by governments and regulators, with their own overarching needs and interests. polypoly has split up into three independent entities: A citizen-owned cooperative, a corporation, and a foundation. Christian Buggedei explains the vision of polypoly and how this split ensures that everyones interests are fairly represented.

Christian Buggedei has more than 20 years of IT experience across all industries from the plumbing business around the corner to large public institutions. He is currently Product Owner at polypoly, a cooperative for all European citizens working on a new infrastructure for the data economy.

Committee

Programme Chairs

Felix Bieker (ULD)
Joachim Meyer (Tel Aviv University)
Sebastian Pape (Goethe University Frankfurt)

General Chairs

Ina Schiering (Ostfalia University of Applied Sciences)
Andreas Weich (Leibniz Institute for Educational Media | Georg Eckert Institute)

Steering Committee

Simone Fischer-Hübner (Karlstad University)
Marit Hansen (ULD)
Charles Raab (University of Edinburgh)
Kai Rannenberg (Goethe University Frankfurt)
Eleni Kosta (Tilburg University)
Diane Whitehouse (EHTEL)
Michael Friedewald (Fraunhofer ISI)
Stephan Krenn (AIT Austrian Institute of Technology)
Stefan Schiffner (WWU Münster)

Programm Committee

Mark Warner (Northumbria University)
Oliver Leistert (Leuphana Universität Lüneburg)
Agnieszka Kitkowska (Karlstad University)
Lilian Mitrou (University of the Aegean)
Stephan Krenn (AIT Austrian Institute of Technology)
José M. Del Álamo (Universidad Politécnica de Madrid)
Sébastien Canard (Orange Labs)
Michael Friedewald (Fraunhofer ISI)
Kjetil Rommetveit (University of Bergen)
Kai Kimppa (University of Turku)
Florian Adamsky (Hof University of Applied Sciences)
Stefan Schiffner (WWU Münster)
Arnold Roosendaal (Privacy Company)
Robin Pierce (University of Exeter)
Stefan Katzenbeisser (University of Passau)
Marit Hansen (ULD)
Meiko Jensen (Karlstad University)
Yefim Shulman (Tel Aviv University)
Stefan Strauss (Austrian Academy of Sciences)
Sandra Schmitz (Université du Luxembourg)
Delphine Reinhardt (University of Göttingen)
Niels van Dijk (Vrije Universiteit Brussel)
Tanja Heuer (Ostfalia University of Applied Sciences)
Silvia Masiero (University of Oslo)
Davy Preuveneers (KU Leuven)
Vanessa Bracamonte (KDDI Research)
David Harborth (Goethe University Frankfurt)
Frank Pallas (TU Berlin)
Zoltan Mann (University Duisburg-Essen)
Martin Degeling (Stiftung Neue Verantwortung)
Majid Hatamian (Google)
Silvia De Conca (Vrije Universiteit Amsterdam)

Sponsors

IFIP Forum Privatheit Leibniz-WissenschaftsCampus - Postdigitale Partizipation - Braunschweig CyberSecForEu