July 3rd

09:00-09:10 Welcome, introductions and opening remarks
09:10-10:30 Session 1: Privacy Enhancing Technologies. Chair: Isabel Wagner
-Secure Key Management for Multi-Party Computation in MOZAIK by Enzo Marquet, Jerico Moeyersons, Erik Pohle, Michiel Van Kenhove, Aysajan Abidin and Bruno Volckaert. This paper presents a comprehensive, end-to-end secure system called MOZAIK for privacy-preserving data collection, analysis, and sharing. The article focuses on the key management aspect of the secure multi-party computation (MPC) component in a distributed privacy-preserving analytics architecture and the specific challenges created by introducing MPC.
-Lessons Learned: Building a Privacy-Preserving Entity Resolution Adaptation of PPJoin using End-to-End Homomorphic Encryption by Tanmay Ghai, Yixiang Yao and Srivatsan Ravi. This paper presents the lessons learned while adapting an existing entity resolution algorithms - PPJoin, to the private domain via end-to-end homomorphic encryption to build HE-PPJoin. In building and designing HE-PPJoin, the authors faced numerous challenges that required making tradeoffs and analyzing possible alternatives, which will be presented.
-Can Location Data Truly Be Anonymized? A risk-based approach to location data anonymization, Industry Talk by Stefano Bennati (Here Technologies) and Engin Bozdag (Uber Technologies). This talk will discuss technical and business challenges in obtaining true anonymization. It will first discuss different anonymization guidelines from different jurisdictions. It will then discuss prominent examples where specific anonymization techniques have failed (generalization, aggregation, density, noise addition and downsampling). It will then introduce business/policy challenges in getting fully anonymized data (budget considerations, scaling, regulatory requirements).
10:30-11:00 Coffee Break
11:00-12:35 Session 2: Privacy engineering. Chair: Meiko Jensen
-2023, the year of the Privacy Engineer?, Invited Talk by R. Jason Cronk (Institute of Operational Privacy Design).
-Automating privacy decisions – where to draw the line? by Victor Morel and Simone Fischer-Hübner. This paper provides an overview of the main challenges raised by the automation of privacy decisions, together with a classification scheme of the existing and envisioned work and proposals addressing automation of privacy decisions.
-Privacy as an Architectural Quality: A Definition and Architectural View by Immanuel Kunz and Shuqian Xu. This paper first defines privacy as an architectural quality, and then proposes a privacy-by-design architectural view which uses an extended data flow diagram to support the documentation, evaluation, and comparison of architecture designs. It also presents a method to create the view automatically from source code.
12:35-13:30 Lunch
13:30-14:50 Session 3: Privacy and Society. Chair: Isabel Barbera
-A ‘Human-in-the-Loop’ approach for Information Extraction from Privacy Policies under Data Scarcity by Michael Gebauer, Faraz Maschhur, Nicola Leschke, Elias Grünewald and Frank Pallas. This paper presents a prototype system for a `Human-in-the-Loop' approach to privacy policy annotation that integrates ML-generated suggestions and ultimately human annotation decisions. It proposes an ML-based suggestion system specifically tailored to the constraint of data scarcity prevalent in the domain of privacy policy annotation.
-Unified Communication: What do Digital Activists need? by Thomas Reisinger, Isabel Wagner and Eerke Boiten. This paper uses semi-structured interviews to collect and analyze the specific requirements for functionality, security, and privacy of Unified Communications (UC) i.e., audio/video conferencing plus instant messaging. It then compares these requirements with features provided by common UC platforms and derive critical technical requirements and guidelines for sociotechnical aspects which need further research.
-Privacy for All: Achieving Inclusive Privacy in the Digital Age, Industry Talk by Sri Maddipati and Norbert Nthala (Google). The presentation will explore how privacy intersects with identity markers such as race, gender, sexuality, disability, and class, among others. By analyzing these intersections, we can develop a nuanced understanding of how privacy is experienced and perceived by individuals from different backgrounds. We will also examine the ways in which privacy policies and practices can either promote or hinder inclusivity. We will draw on case studies to illustrate how inclusive privacy can be operationalized in practice.
14:50-15:20 Coffee Break
15:20-16:10 Session 4: Privacy labels and policies. Chair: Meiko Jensen
-Comparing Privacy Label Disclosures of Apps Published in both the App Store and Google Play Stores, by David Rodriguez, Jose M. del Alamo, Akshath Jain and Norman Sadeh. This paper compares the data practices privacy labels are intended to capture in Apple's and Google's app stores. It then proceeds to analyze the disclosures of 822 apps published in both app stores, focusing on possible discrepancies. This analysis reveals that privacy label disclosures of what is ostensibly the same mobile app can be quite different.
-ATLAS: Automatically Detecting Discrepancies Between Privacy Policies and Privacy Labels by Akshath Jain, David Rodriguez, Jose M. del Alamo and Norman Sadeh. This paper introduces the Automated Privacy Label Analysis System (ATLAS). ATLAS includes three components: a pipeline to systematically retrieve iOS App Store listings and privacy policies; an ensemble based classifier capable of predicting privacy labels from the text of privacy policies with 91.3% accuracy using state-of-the-art document classification techniques; and a compliance analysis mechanism that enables a large scale privacy analysis of the iOS App Store. ATLAS has been used to analyze 354,725 iOS apps finding several concerning trends.
16:10-16:20 Break
16:20-17:10 Session 5: Privacy threats. Chair: Kim Wuyts
-Threat Models over Space and Time: A Case Study of E2EE Messaging Applications, by Partha Das Chowdhury, Maria Sameen, Jenny Blessing, Nicholas Boucher, Joseph Gardiner, Tom Burrows, Ross Anderson and Awais Rashid. This paper examines the desktop clients of six widely used end-to-end-encrypted mobile messaging applications to understand the extent to which they adjusted their threat model over space (when enabling clients on new platforms, such as desktop clients) and time (as new threats emerged). It experimented with short-lived adversarial access against these desktop clients and analyzed the results with respect to two popular threat elicitation frameworks, STRIDE and LINDDUN.
-An Analysis of Requirements and Privacy Threats in Mobile Data Donations by Leonie Reichert and Björn Scheuermann. This paper provides an overview of the functionalities researchers require from data donation apps by analyzing existing apps. It also creates a model of the current practice and analyzes it with the LINDDUN privacy framework to identify privacy threats.
17:10 Closing remarks