View article

Data protection risks play a major role in data protection laws and have shown to be suitable means for accountability in designing for usable privacy. Especially in the legal realm, risks are typically collected heuristically or deductively, e.g., by referring to fundamental right violations. Following a user-centered design credo, research on usable privacy has shown that a user-perspective on privacy risks can enhance system intelligibility and accountability. However, research on mapping the landscape of user-perceived privacy risks is still in its infancy. To extend the corpus of privacy risks as users perceive them in their daily use of technology, we conducted 9 workshops collecting 91 risks in the fields of web browsing, voice assistants and connected mobility. The body of risks was then categorized by 11 experts from the legal and HCI-domain. We find that, while existing taxonomies generally fit well, a societal …