In the last decades, research has shown that both technical solutions and user perceptions are important for improving security and privacy in the digital realm. The field of usable security already started to emerge in the mid-90s, primarily focused on password and email security. Later on, the research field of usable security and privacy evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions.
In order to give a brief history of the research field in its first quarter century and to highlight research on the transparency and tailorability of user interventions, Prof. Christian Reuter, Science and Technology for Peace and Security (PEASEC), Technical University of Darmstadt, Prof. Luigi Lo Iacono, Cyber Security and Privacy, Hochschule Bonn-Rhein-Sieg University of Applied Sciences, and Prof. Alexander Benlian, Information Systems & E-Services, Technical University of Darmstadt, edited a special issue in the Journal Behaviour & Information Technology (BIT)
Besides a retrospective analysis of the last quarter century of research and development of current trends, the special issue contains six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights.
- The article ‘A Quarter Century of Usable Security and Privacy Research: Transparency, Tailorability, and the Road Ahead’ by Christian Reuter, Luigi Lo Iacono and Alexander Benlian (Technical University of Darmstadt and University of Applied Sciences Bonn-Rhein-Sieg) provides a brief history of the research field in its first quarter century and then highlights research on the transparency and tailorability of user interventions.
- The article ‘Exploring people’s perceptions and support for data-driven technology in times of COVID-19: the role of trust, risk, and privacy concerns’ by Brahim Zarouali, Joanna Strycharz, Natali Helberger, Claes de Vreese (Universiteit van Amsterdam) addresses the societal responses to as well as the democratic legitimacy of data-driven technological applications during the COVID-19 pandemic.
- The article ‘User-centered Multimodal Authentication: Securing Handheld Mobile Devices using Gaze and Touch Input’ by Mohamed Khamis, Karola Marky, Andreas Bulling and Florian Alt (University of Glasgow & University of Stuttgart & Universität der Bundeswehr München) addresses multimodal authentication schemes for the secure use of mobile devices.
- The article ‘Data Cart – Designing a tool for the GDPR-compliant handling of personal data by employees’ by Jan Tolsdorf, Florian Dehling, and Luigi Lo Iacono (University of Applied Sciences Bonn-Rhein-Sieg) addresses the usability of data protection compliant personal data management tools.
- The article ‘Transparency of privacy notices and contextualisation: effectively conveying information without words’ by Mariavittoria Masotina and Anna Spagnolli (Università di Padova) addresses the connection between the understandability of privacy notices on websites and their sequential context
- The article ‘Supporting Users in Data Disclosure Scenarios in Agriculture through Transparency’ by Sebastian Linsner, Franz Kuntke, Enno Steinbrink, Jonas Franken and Christian Reuter (Technical University of Darmstadt) addresses the transparent collaboration and exchange of operational data between enterprises in the field of agriculture.
- The article ‘Finding, Getting, Understanding: The user journey for the GDPR’s right to access’ by Dominik Pins, Timo Jakobi, Gunnar Stevens, Fatemeh Alizadeh and Jana Krüger (University of Siegen & University of Applied Sciences Bonn-Rhein-Sieg) addresses the discrepancy between rights under data protection law and the concrete process if data subjects want to claim those rights.