# Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

**Authors:** Johanna Johansen, Simone Fischer-H\"ubner

arXiv: 1908.03503 · 2020-08-10

## TL;DR

This paper presents the UP Cube, a visual model integrating usability criteria into privacy evaluation based on GDPR, aiming to improve privacy usability assessments and support certification processes.

## Contribution

It introduces the UP Cube model that combines EuroPriSe criteria with usability metrics, providing a new framework for evaluating privacy usability.

## Key findings

- The UP Cube visualizes privacy evaluation across rights, principles, and usability.
- Usability criteria are derived from GDPR goals, measuring effectiveness, efficiency, and satisfaction.
- The model aims to enable a new certification methodology for privacy usability.

## Abstract

We introduce a new model for evaluating privacy that builds on the criteria proposed by the EuroPriSe certification scheme by adding usability criteria. Our model is visually represented through a cube, called Usable Privacy Cube (or UP Cube), where each of its three axes of variability captures, respectively: rights of the data subjects, privacy principles, and usable privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination of only rights and principles, forming the two axes at the basis of our UP Cube. In this way we also want to bring out two perspectives on privacy: that of the data subjects and, respectively, that of the controllers/processors. We define usable privacy criteria based on usability goals that we have extracted from the whole text of the General Data Protection Regulation. The criteria are designed to produce measurements of the level of usability with which the goals are reached. Precisely, we measure effectiveness, efficiency, and satisfaction, considering both the objective and the perceived usability outcomes, producing measures of accuracy and completeness, of resource utilization (e.g., time, effort, financial), and measures resulting from satisfaction scales. In the long run, the UP Cube is meant to be the model behind a new certification methodology capable of evaluating the usability of privacy, to the benefit of common users. For industries, considering also the usability of privacy would allow for greater business differentiation, beyond GDPR compliance.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1908.03503/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/1908.03503/full.md

## References

34 references — full list in the complete paper: https://tomesphere.com/paper/1908.03503/full.md

---
Source: https://tomesphere.com/paper/1908.03503