Abstract:Privacy measurement instruments (e.g., CFIP, IUIPC, PAQ) predate GDPR by over a decade and measure privacy concerns, distinct from preferences for regulatory protections (e.g., data portability, erasure, automated decision-making rights). This leaves practitioners without tools to assess whether users value the GDPR mechanisms implemented in compliant policies. We developed a GDPR-grounded privacy preference measurement item bank by extracting 669 statements from all 99 GDPR articles, validated by: (1) two-round expert review achieving full consensus on accuracy, (2) semantic clustering into 10 parent themes and 87 subthemes, and (3) consensus review with 50 privacy experts (5 per theme) using a larger or equal than 4/5 vote retention threshold. The final 527-item bank comprises 9 parent themes and 73 subthemes (18 to 112 items per parent theme, 1 to 29 per subtheme), enabling targeted measurement across granularities while covering GDPR at mean pairwise expert agreement of approx. 85%. This work introduces a complementary measurement dimension aligning user preferences with regulatory mechanisms.
| Subjects: | Human-Computer Interaction (cs.HC); Cryptography and Security (cs.CR); Computers and Society (cs.CY) |
| Cite as: | arXiv:2605.24307 [cs.HC] |
| (or arXiv:2605.24307v1 [cs.HC] for this version) | |
| https://doi.org/10.48550/arXiv.2605.24307 arXiv-issued DOI via DataCite (pending registration) |
From: Yahya Hmaiti [view email]
[v1]
Sat, 23 May 2026 00:36:32 UTC (238 KB)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。