Archive - 18th IFIP Summer School on Privacy and Identity Management 2023

IFIP Summer School 2023 Banner image with Oslo Fjord motive — Oslo Fjord - Photo credit: Nils Gruschka

Call For Papers

Our future is shared. The Internet and the web, (personal) data, resources, climate effects, music, genetic information, trading routes, celestial bodies, holiday homes, rides: we have built a globalized world on sharing, and sharing will be the great protagonist of our future. However, sharing is mostly realized through centralized platforms, controlled by dominant industry players, instead of decentralized architectures and communities. Recently, European policymakers have started to provide legal frameworks for sharing, including concepts such as data intermediaries and data sharing obligations.

Experts can work to make sharing secure, safe, and just, to protect the privacy and other rights of those who want to share, and of those who cannot or do not want to. Starting today, the experts of tomorrow can research ways to enable the fair distribution of the benefits – and side-effects – of sharing in a globalized world. How can sharing be realized using today’s technology and building blocks, but with a sustainable and inclusive approach for the shared IT worlds and metaverses of the future? On a structural level, who determines who is – purposefully or carelessly – included in and excluded from accessing, sharing, or deciding, and which narratives are used to justify these positions? How can we address the sharing paradox, i.e. that everyone wants to see what others shared, but people are reluctant to sharing their own information? Which of the technical and organisational approaches to sharing are best suited to protect the rights and freedoms of natural persons?

These questions and issues in the context of privacy and identity management are still nascent. The summer school aims to create a platform for spreading awareness and facilitating interactions and knowledge exchanges around these issues.

The 18th IFIP Summer School on Privacy and Identity Management takes a holistic approach to society and technology. We support interdisciplinary research exchange and foster discussions through keynote lectures, tutorials and workshops. Participants will benefit from presenting their research and receiving meaningful feedbacks. The summer school culminates in the publication of selected papers among those submitted by the participants, in the form of an edited volume published by Springer.

We welcome contributions combining any of the following perspectives:

sociological, legal, technical, ethical, political, surveillance, intersectional, anthropological, economic, historical, media & communication, regulatory, philosophical, critical, disabilites, and psychological studies in the areas around privacy, data protection, and identity management.

The IFIP Summer School encourages not only interdisciplinarity but also broader diversity. It particularly welcomes submissions on how to foster gender and cultural balance in privacy and identity research and policy, and notably tutorials and workshops about how to raise awareness in these matters.

Paper Submission and Review Process

The research paper presentations focus on involving students, and on encouraging the publication of high-quality, thorough research papers by students and young researchers. To this end, the school will have the following process for submissions:

Submit an extended abstract of at least 2 and at most 4 pages in Springer LNCS style. From these submissions, the PC chairs select papers within the scope of this call for presentation at the summer school.
A full length submission (up to 16 pages), also in Springer LNCS format, is required to be submitted before the summer school by applicants whose abstract has been accepted. The full-length paper will be published in the pre-proceedings.
At the summer school each author will give a presentation followed by a discussion.
After the summer school, authors are invited to submit to the proceedings (again 16 pages LNCS). It is expected that they take into account the comments and discussions from the summer school.
There will be a review of these submissions by the Programme Committee. Based on these reviews, papers might be accepted, conditionally accepted, or rejected.
Accepted and (after satisfactory revision) conditionally accepted papers will be included in the summer school’s proceedings, which will be published by Springer.

Proposals for Workshops and Tutorials

A workshop is an interactive session that is scheduled for one or two hours and focusses on involving students in discussion. In it, participants jointly work on a topic or project that is related to the theme of the summer school. Workshop actitivies are summarized in short papers that recapitulate the outcome and the kinds of discussion raised in the summer school, for inclusion in the proceedings. Proposals for workshops should contain a 2-page statement presenting the topic and summarising the planned activity and the expected contributions from the audience members, e.g. responding to a questionnaire or conducting a small experiment. Proposers should indicate whether any special equipment is needed for the workshop, such as audio-visual systems or computational equipment and support.

Tutorials are one or two hour long presentations. They should deal with topics that are of interest for the interdisciplinary audience in the summer school. Tutorials should provide knowledge on theoretical, empirical, methodological, practical or other aspects relevant for the summer school. Proposals for tutorials should contain a 2-page summary and state the level and background required for audience members to follow the tutorial.

Possible Topics

(can include, but are not limited to)

Technical and Organisational Measures for Privacy:
- Privacy by design and data protection by design approaches
- Privacy by default and dark patterns
- Privacy engineering
- Identity management and access control
- Usable privacy & security
- Artificial Intelligence and Machine Learning in privacy and data protection
Law, Regulation and Governance:
- European legislation on data protection
- European legislation on data and data governance (Data Act, Data Governance Act, Digital Services Act, Digital Markets Act, Artificial Intelligence Act, etc.)
- Socio-legal implications of online platforms for users, workers, governments, society
- Censorship and surveillance versus free speech, assembly and good administration
- Governance institutions and regulatory bodies
- Data justice, data fairness and equality
- Fundamental rights and accountability in technology and data practices
- Certification and standardisation
Effects and Impacts:
- Discriminatory effects of technology
- Technology-enabled social profiling, social exclusion
- Digital divides, digital dividends, data sovereignty
- Communities, societies, cultures, and technological mediation
- Data Protection Impact Assessments and similar assessments
Socio-Technical Perspectives:
- Awareness, attitudes, skills and behaviour of citizens and public and private organisations
- Approaches for diversity, non-discrimination and democratic enhancement
- Surveillance, surveillance pressures, chilling effects
- Critical perspectives on data practices
- Welfare, solidarity, and care
- Data economy and ecosystems, new business models
- Trade-offs between participation in digital cultures and privacy aspects
- Historical development of data practices

Why should I submit?

Accepted papers will receive thorough discussions during the School and provide students with an opportunity to be published in the IFIP AICT series by Springer.

A course certificate for 1,5 ECTS can be granted for students who attend the summer school and write a short essay on how their own research is relevant in relation to or can be inspired by the summer school sessions. A course certificate for 3 ECTS can be granted for students who attend the summer school, submit and present an abstract for a research article, and demonstrate that they have addressed the feedback from the summer school in an extended version or rebuttal. We encourage submissions from students from emerging economies: it is possible to apply for support from the IFIP Digital Equity Fund to ease student travel.

Programme

Tuesday, Aug 8th, 2023

08:30-09:00 Registration and Coffee Break

09:00-09:15 Opening Remarks

(Room: SMALLTALK)

Welcome from the Local Organizers

Nils Gruschka, University of Oslo

Stephan Oepen, University of Oslo, Head of Department of Informatics

Welcome from the Steering Committee

Simone Fischer-Hübner, Karlstad University

09:15-10:15 Keynote: Stefan Schiffner

On the endeavour designing and deploying a privacy certification scheme under the GDPR

(Room: SMALLTALK, Session Chair: Meiko Jensen)

10:30-12:00 Paper Sessions

Track A: Paper Session 1: Power Structures & Individuals (Room: SMALLTALK, Session Chair: Silvia de Conca)
	Greta Runge: (Re)construction of Data Spaces: Socio-Technical Perspectives on Structures, Actors and Impacts (Keywords: data spaces, digital infrastructures, data sharing, field research, cross-sectoral innovation processes)
	August Bourgeus, Tim Theys, Nanouk Verhulst, Peter Mechant and Laurens Vandercruysse: Towards an affordance-based typology of Personal Data Stores (Keywords: Personal Data Store, typology, affordances)
Track B: Paper Session 2: Identity Management (Room: JAVA, Session Chair: Meiko Jensen)
	Ali Haider and Mohsen Toorani: Subscriber's Identity Privacy in 5G Networks (Keywords: Subscriber Privacy, 5G, Cellular Networks, Authenticated Key Agreement)
	Arnaf Aziz Torongo and Mohsen Toorani: Blockchain-based Decentralized Identity Management for Healthcare Systems (Keywords: Self-Sovereign Identity, Hyperledger Indy, Hyperledger Aries, Decentralized Identifiers, Verifiable Credentials)
Track C: Workshop: Cybersecurity of Critical Infrastructures (Room: LOGO)
	Aida Akbarzadeh and Xhesika Ramaj: Welcome; About RECYCIN: Reinforcing Competence in Cybersecurity of Critical Infrastructures: A Norway – US Partnership Project
	Laszlo Erdodi: Power Grid from Offensive Perspective (Hands-on Session)

13:30-15:00 Paper Sessions

Track A: Tutorial (Room: SMALLTALK)
	Carolin Gilga: Shared, public and out of control – Your data on the public web (Keywords: public data, data protection, psychology, web monitoring, screen scraping, social media monitoring, interdisciplinarity)
Track B: Tutorial (Room: JAVA)
	Jenni Reuben and Ala Sarah Alaqra: Private Training Approaches - A Primer (Keywords: Machine learning, Private learning, Privacy)
Track C: Workshop: Cybersecurity of Critical Infrastructures (cont'd) (Room: LOGO)
	Siv Hilde Houmb: Using IEC 62443 to Manage Cyber Security Risks to Power Grid and Oil and Gas Installations
	Nathan Lau: Adopting an Ecological Approach to Develop User Interfaces for Cybersecurity of Industrial Control Systems
	Aida Akbarzadeh and Xhesika Ramaj: Concluding Remarks

15:15-16:15 Keynote: Maria Grazia Porcedda

The effacement of information technology from EU law: the need for collaborative approaches to redesign the EU’s regulatory architecture

(Room: SMALLTALK, Session Chair: Felix Bieker)

16:30-18:00 Reception at the University of Oslo

After the last session, we will have a small get-together at the conference site.

The evening is free to mingle and explore the city.

Wednesday, Aug 9th, 2023

09:00-10:00 Keynote: Lothar Fritsch

The subtle differences between privacy risk and privacy breach consequences

(Room: SIMULA, Session Chair: Silvia de Conca)

10:15-12:15 Paper Sessions

Track A: Paper Session 3: Policy Validation (Room: SMALLTALK, Session Chair: Simone Fischer-Hübner)
	Chinmayi Prabhu Baramashetru, Silvia Lizeth Tapia Tarifa and Olaf Owe: Assuring GDPR Conformance through Language-Based Compliance (Keywords: GDPR Enforcement, Privacy by Design, Data protection by Deisgn, Language Compliance, Formal Model, Runtime Checking)
	Feiyang Tang and Bjarte M. Østvold: User Interaction Data in Apps: Comparing Policy Claims to Implementations (Keywords: Mobile Apps, Transparency, Trust, Interaction Data, Privacy Policy)
	Hugo Pascual and Jose Del Alamo: Identification of international transfers of personal data (Keywords: Privacy, Personal Data, International Transfers)
Track B: Paper Session 4: Privacy & Security (Room: JAVA, Session Chair: Stefan Schiffner)
	Mordechai Guri: Mind The Gap: Can Air-Gaps Keep Your Private Data Secure? (Keywords: air-gap, networks, data privacy, data protection, security, data leakage, cyber attacks, information protection, regulations)
	Bjørn Aslak Juliussen: Compliance By Design: Balancing Data Protection, Cybersecurity and AI Regulation in Software and System Development (Keywords: Privacy, Data Protection, Concurrent Compliance, Cybersecurity)
	Cynthia Ng: Digital Security Controversy Analysis: Security Rationalities in the Contemporary Debate on Privacy and Surveillance (Keywords: Digital Security Controversy, Privacy, Surveillance, Security Rationalities, End-to-End Encryption)
Track C: Workshop (Room: LOGO)
	Marcela Tuler de Oliveira and Elyas Khorasani: Digital identity solutions to allow distributed access control mechanisms in cross-organisation data-sharing: Addressing privacy challenges (Keywords: Digital identity, Distributed access control policies, Data Sharing, Blockchain)

13:15-15:15 Paper Sessions

Track A: Paper Session 5: Risk (Room: SMALLTALK, Session Chair: Silvia de Conca)
	Jan-Philipp Stroscher, Frank Hessel, Kevin Logan, Michaela Leštáková, Martin Pietsch, Andreas Morgen and Yasin Alhamwy: Legal considerations for resilient, crisis-aware information management on Urban Data Platforms (Keywords: Urban Data Platform, Data Protection, Resilience)
	Samuel Wairimu: Towards better whistleblowing processes: understanding privacy risks and resulting harms (Keywords: Whistleblower, Privacy Risks, Privacy Harms, Journalism, Retaliation, External Whistleblowing Channel)
	Ann-Kristin Lieberknecht: Supporting Parents in Managing Online Privacy Risks (Keywords: Privacy Education, Parents, Children)
Track B: Paper Session 6: Healthcare (Room: JAVA, Session Chair: Michael Friedewald)
	Fabiola Böning: Shared data in a European Health Data Space using the example of digital health applications (Keywords: European Health Data Space, digital health applications, electronic health record systems)
	Paweł Hajduk: Between the right to the protection of personal data and the right to health. Evolving EU regulatory framework on secondary use of electronic personal health data for medical research (Keywords: Secondary Use of Personal Health Data, Medical Research, Data Protection)
	Ramona Schmidt and Ina Schiering: Who is the attacker - Analyzing data protection violations in health care (Keywords: privacy, data protection, GDPR, health related data)
Track C: Workshop (Room: LOGO)
	Anette Siebenkäs: A Framework for Exploring Personal Data Transparency from a Theoretical Perspective (Keywords: Personal Data Transparency, Theory, Information Privacy)

15:30-16:30 Keynote: Martin Degeling

[The Digital Services Act: New rules for online platforms and how to hold them accountable]

(Room: SMALLTALK, Session Chair: Ina Schiering)

16:30-17:15 Panel: Sharing (in) a Digital World

Silvia De Conca, Vrije Universiteit Amsterdam
Marit Hansen, Unabhängiges Landeszentrum für Datenschutz (ULD)
Jaap-Henk Hoepman, Radboud University, University of Groningen, Karlstad University
Wojciech Wiewiórowski, EDPS

(Room: SMALLTALK, Session Chair: Felix Bieker)

19:00 Summer School Dinner

We meet at Ekebergrestauranten at 19:00 for the summer school dinner (in the room named “Store Festsal”). The restaurant’s address is Kongsveien 15, 0193 Oslo, Norway (see map), and you can easily reach it via the tram stop Ekebergsparken (from the city center take the tram line 13 towards “Ljabru” or line 19 towards “Ljabru” or “Bråten”). The dinner is included in the conference fee, including some drinks.

For those interested, there is a sculpture park next to the restaurant, so it might be a good idea to arrive 30-60 minutes early and have a stroll.

Thursday, Aug 10th, 2023

09:00-10:00 Keynote: Wojciech Wiewiórowski

The Myth of ‘Global Standard’ in Personal Data Protection

(Room: SMALLTALK, Session Chair: Marit Hansen)

10:15-11:45 Paper Sessions

Track A: Paper Session 7: Machine Learning (Room: SMALLTALK, Session Chair: (to be found))
	Mehdi Akbari Gurabi, Felix Hermsen and Avikarsha Mandal: Towards privacy-preserving machine learning in sovereign data spaces: challenges and potentials (Keywords: Data Sovereignty, Privacy-Preserving Machine Learning, Usage Control, Privacy Enhancing Technologies)
	Sonakshi Garg and Vicenc Torra: K-Anonymous Privacy Preserving Manifold Learning (Keywords: K-Anonymity, MDAV, Manifold learning, Geodesic distance)
Track B: Paper Session 8: Data Subjects (Room: JAVA, Session Chair: Victor Morel)
	Malte Hansen and Andre Büttner: Secure and GDPR-Compliant Authentication for Data Subject Rights Enforcement (Keywords: Data Subject Rights, Authentication, GDPR)
	Kristýna Bónová: Consumer data and technology: consumer-data subject protection tools (Keywords: consumer data, GDPR, consumer protection, privacy protection, surveillance technologies)
Track C: Workshop: TRUEdig project (Room: LOGO)
	Albin Zuccato: Using Public Cloud for Analytics in a privacy friendly way
	Ala Sarah Alaqra and Simone Fischer-Hübner: Human factors for usable PETs

12:45-14:15 Paper Sessions

Track A: Paper Session 9: Mobility/VANETs (Room: SMALLTALK, Session Chair: Stefan Schiffner)
	Mahdi Akil and Sujash Naskar: Non-Interactive Authentication Scheme for Vehicular Ad-hoc Networks: Security, Privacy, and Accountability (Keywords: VANETs, Attribute-based cerdentials, Idemix, Verifiable encryption)
	Daniel Richter: Entangled: A Case Study of Data Exchange and Actor Relationships in a Mobility Ecosystem (Keywords: self-sovereign identity, governance framework, ecosystem, multi-modal mobility, interorganizational data exchange)
Track B: Paper Session 10: Data Subjects (cont'd) (Room: JAVA, Session Chair: Marit Hansen)
	Janina Rochon: Enhancing transparency through Personal Information Management Systems: current state of service offerings and considerations for further advancements (Keywords: Personal Information Management Systems, Transparency, Access, Information, Consent)
	Piero Romare, Victor Morel, Farzaneh Karegar and Simone Fischer-Hübner: Towards User Definitions of Privacy Factors on IoT Trigger-Action apps (Keywords: Privacy Factors, Human Centric Cybersecurity, Trigger-Action Application)
Track C: Rump Session (Room: LOGO, Session Chair: Felix Bieker)

14:30-15:30 Keynote: Jaap-Henk Hoepman

Privacy Is Hard And Seven Other Myths. Achieving Privacy Through Careful Design

(Room: SMALLTALK, Session Chair: Ina Schiering)

17:00 Social Event: Hiking at Holmenkollen

We will meet at Holmenkollen t-bane station at 17:00. A local guide will then lead you through the Holmenkollen area with the iconous ski jump ramp that can be seen from almost everywhere in the city. Please wear shoes suitable for hiking.

After the tour, we can have a coffee or snack at Frognerseteren (not included in the conference fee). The rest of the evening is free to mingle.

Friday, Aug 11th, 2023

09:00-10:00 Keynote: Marit Hansen

AI and Data Protection - Challenges for Controllers, Processors and Supervisory Authorities

(Room: SMALLTALK, Session Chair: Simone Fischer-Hübner)

10:15-11:45 Paper Sessions

Track A: Paper Session 11: Synthetic Data (Room: SMALLTALK, Session Chair: Ina Schiering)
	Felix Hermsen and Avikarsha Mandal: Privacy and Utility Evaluation of Synthetic Data for Machine Learning (Keywords: Generative adversarial networks, differential privacy, membership inference attacks)
	Saloni Kwatra and Vicenc Torra: Privacy Analysis of the Synthetic Data using Membership Inference and Data Reconstruction Attack (Keywords: Membership Inference Attack, Data Reconstruction Attack, Principal Component Analysis, Generative Adversarial Network, Synthetic Data)
Track B: Paper Session 12: Privacy Economics (Room: JAVA, Session Chair: Michael Friedewald)
	Paul Michel Dit Ferrer, Vera Schmitt, Arooj Anwar Khan and Ina Kern: What are You Willing to Pay to Protect Your Instagram Data? Examining the Privacy Paradox in the Social Media Context (Keywords: Information Privacy, Social Media, Willingness To Pay, Privacy Paradox)
	Vera Schmitt, Tingyu Song and Danila Ferents: Economics of Privacy and the Relation to Users’ Trust (Keywords: Economics of privacy, Endowment effect, Trust, Privacy concern, Negative privacy experiences)

11:45-12:45 Keynote: Liina Kamm

Deploying privacy enhancing technologies in an e-government

(Room: SMALLTALK, Session Chair: Meiko Jensen)

12:45-13:15 Closing Remarks

Best Presentation Award and Closing Ceremony

(Room: SMALLTALK, Session Chair: Simone Fischer-Hübner)

13:15 Lunch and End of IFIP Summer School 2023

Committee

Programme Chairs

Felix Bieker (ULD)
Silvia De Conca (Vrije Universiteit Amsterdam)
Ina Schiering (Ostfalia University of Applied Sciences)

General Chairs

Nils Gruschka (University of Oslo)
Meiko Jensen (Karlstad University)

Steering Committee

Simone Fischer-Hübner (Karlstad University)
Michael Friedewald (Fraunhofer ISI)
Marit Hansen (ULD)
Eleni Kosta (Tilburg University)
Stephan Krenn (AIT Austrian Institute of Technology)
Charles Raab (University of Edinburgh)
Kai Rannenberg (Goethe University Frankfurt)
Stefan Schiffner (BHH Hamburg)
Diane Whitehouse (EHTEL)

Programme Committee

Florian Adamsky (Hof University of Applied Sciences)
Ala Sarah Alaqra (Karlstad University)
Claudio Ardagna (Università degli Studi di Milano)
Isabel Barbera (BitnessWise)
Vanessa Bracamonte (KDDI Research, Inc.)
Sebastien Canard (Orange Labs)
Jose M. Del Alamo (Universidad Politecnica de Madrid)
Prokopios Drogkaris (ENISA)
Michael Friedewald (Fraunhofer)
Lothar Fritsch (Oslo Metropolitan University)
Marit Hansen (ULD)
Tanja Heuer (Ostfalia University of Applied Sciences)
Stefan Katzenbeisser (University of Passau)
Os Keyes (University of Washington)
Kai Kimppa (University of Turku)
Agnieszka Kitkowska (Karlstad Univeristy)
Stephan Krenn (AIT Austrian Institute of Technology GmbH)
Cedric Lauradoux (INRIA)
Konstantinos Limniotis (Hellenic Data Protection Authority)
Pierre Lison (Norsk Regnesentral)
Luigi Lo Iacono (H-BRS University of Applied Sciences)
Zoltan Mann (University of Amsterdam)
Joachim Meyer (Tel Aviv University)
Victor Morel (Chalmers University of Technology)
Frank Pallas (TU Berlin)
Sebastian Pape (Continental Automotive Technologies GmbH)
Robin Pierce (University of Exeter)
Davy Preuveneers (imec-DistriNet, KU Leuven)
Arnold Roosendaal (Privacy Company)
Stefan Schiffner (BHH Hamburg)
Sandra Schmitz (Universite du Luxembourg)
Yefim Shulman (Tel Aviv University)
Juraj Somorovsky (Paderborn University)
Christoph Sorge (Saarland University)
Stefan Strauss (Austrian Academy of Sciences, Institute of Technology Assessment (ITA))
Niels van Dijk (Vrije Universiteit Brussel)
Andreas Weich (Leibniz-Institut für Bildungsmedien, Georg-Eckert-Institut)