Show simple item record

dc.contributor.authorCrepax, Tommaso
dc.contributor.authorMuntés-Mulero, Victor
dc.contributor.authorMartinez, Jabier
dc.contributor.authorRuiz, Alejandra
dc.date.accessioned2022-08-23T11:07:25Z
dc.date.available2022-08-23T11:07:25Z
dc.date.issued2022-08
dc.identifier.citationCrepax, T., Muntés-Mulero, V., Martinez, J., & Ruiz, A. (2022). Information technologies exposing children to privacy risks: Domains and children-specific technical controls. Computer Standards & Interfaces, 82, 103624. doi:10.1016/j.csi.2022.103624en
dc.identifier.issn0920-5489en
dc.identifier.urihttp://hdl.handle.net/11556/1397
dc.description.abstractEU data protection law requires that digital service providers and system developers put in place technical measures that are adequate to protect children’s informational privacy. The stringent legal obligations of implementing principles of data protection by design into digital systems intensified the engineers’ need to create processes and technological solutions to enhance children’s privacy in digital services. However, in several cases, generic controls have proven to have limited effects on the protection of children’s privacy, raising questions about the need to further develop children- specific technical controls. This paper contributes to address the need for privacy controls by providing (a) a summary of real-world applications of information technologies domains that expose children to privacy risks, and (b) a list that represents the state-of-the-art of the technical controls designed specifically to protect children’s privacy. We identify 24 technical controls that we manually classify with NIST Security and Privacy control categories and Hoepman’s Privacy design strategies. We find that most controls relate to identification and authentication, many of which in the form of techniques for age verification. In general, the vast majority of controls belong to minimization strategies. Our findings show that the field of technical controls specifically designed for children is yet to be developed.en
dc.description.sponsorshipThis work has been conducted in the scope of the project PDP4E (Methods and tools for GDPR compliance through Privacy and Data Protection Engineering). This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034.en
dc.language.isoengen
dc.publisherElsevier B.V.en
dc.titleInformation technologies exposing children to privacy risks: Domains and children-specific technical controlsen
dc.typejournal articleen
dc.identifier.doi10.1016/j.csi.2022.103624en
dc.relation.projectIDinfo:eu-repo/grantAgreement/EC/H2020/787034/EU/Methods and tools for GDPR compliance through Privacy and Data Protection Engineering/PDP4Een
dc.rights.accessRightsembargoed accessen
dc.subject.keywordsPrivacyen
dc.subject.keywordsChildrenen
dc.subject.keywordsTechnical controlsen
dc.subject.keywordsPrivacy enhancing technologiesen
dc.subject.keywordsGDPRen
dc.journal.titleComputer Standards & Interfacesen
dc.page.initial103624en
dc.volume.number82en


Files in this item

Thumbnail

    Show simple item record