With the rise in data breach incidents and data leaks and the resulting growing concern of people about their personal data, privacy-enhancing technologies (PETs) are gaining momentum [1]. PETs have been around for over two decades, but it is only recently that they have attained a wider market penetration [1] and a newfound practical application to business problems [2].
Even though privacy-enhancing technologies allow for both data protection and data analytics, when it comes to their adoption there are still many different challenges. Among them are lack of awareness and of clear incentive to invest in PETs. Since managers are the decision makers in companies who determine the technical measures to ensure privacy compliance, they have a vital role in the privacy compliance structure of an organization [3].
The existent literature has indicated that management is an important stakeholder whose concerns and views are missing from privacy research [4] and suggested that managers should be sincerely worried about privacy breaches and should have a legal obligation to ensure compliance with the data protection law [5]. Furthermore, Bélanger and Crossler consider organizations to have a unique set of concerns regarding privacy and the consequences associated with it and imply this should be studied by researchers [6]. Mangiò et al. claim that the subjective and social motives influencing the decision to adopt PETs must be addressed in further research [1]. Yet, the literature to date fails to provide the reader with such studies. While Senarath and Arachchilage examine the organizational motivations and approaches towards user privacy and [5] the organizational motives for adopting privacy-enhancing technologies, their research was conducted before the General Data Protection Regulation (GDPR) became effective in 2018 and the significant changes that followed [7]. With existing research not addressing all the insights that can be gained from practice, a gap in the literature emerges.
As a result, this thesis aims to create an incentive for managers to invest in PETs as appropriate measures to achieve privacy compliance. It will address the gap in the literature by providing a taxonomy that offers an extensive overview of the factors influencing the managerial decisions behind the adoption of PETs.
To achieve this goal, the thesis will be guided by the following three Research Questions:
To answer these research questions, we will conduct a systematic literature review based on Webster & Watson (2002) and Kitchenham et al (2015) and semi-structured expert interviews following the principles of Myers & Newman (2007) with people who have a managerial role in companies that utilize PETs. As a result, we want to identify the factors influencing the adoption of privacy-enhancing technologies by companies both in literature and in practice. On the one hand, we expect to confirm those drivers and, on the other hand, to discover further motivators, which cannot be found in current literature. Finally, a complete taxonomy that summarizes and systemizes all identified factors from both literature and practice is to be created. The taxonomy should encourage managers to invest in PETs and serve as a justification for their decision.
References:
[1] Mangiò, F., Andreini, D., & Pedeliento, G. (2020). Hands off my data: users’ security concerns and intention to adopt privacy enhancing technologies. Italian Journal of Marketing, 2020(4), 309-342.
[2] Gartner, I. (2021). Retrieved from https://www.vaultree.com/blog/three-cases-for-privacy-enhancing-technologies-and-their-relevance/
[3] Klymenko, O., Kosenkov, O., Meisenbacher, S., Elahidoost, P., Mendez, D., Matthes, F.: Understanding the Implementation of Technical Measures in the Process of Data Privacy Compliance: A Qualitative Study. ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Helsinki, Finland, 2022.
[4] Ginosar, A., & Ariel, Y. (2017). An analytical framework for online privacy research: What is missing? Information & Management, 54(7), 948-957.
[5] Borking, J. (2009). Organizational motives for adopting privacy-enhancing technologies (PETs). In D 7.3 PRISE Conference Proceedings: "Towards privacy enhancing security technologies–the next steps" Vienna, April 28th and 29th 2008 (p. 43).
[6] Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS quarterly, 1017-1041.
[7] Senarath, A. R., & Arachchilage, N. A. G. (2017). Understanding Organizational Approach towards End User Privacy. arXiv preprint arXiv:1710.03890.
| Name | Type | Size | Last Modification | Last Editor |
|---|---|---|---|---|
| 20221128 Lilova MA Kick-Off.pdf | 1,03 MB | 21.04.2023 | ||
| Masterarbeit-Iva-Lilova.pdf | 6,70 MB | 07.04.2025 |