Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective

Philippe Valoggia; Anastasia Sergeeva; Arianna Rossi; Marietjie Botes

doi:10.5220/0012393100003648

Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective

Philippe Valoggia, Anastasia Sergeeva, Arianna Rossi, Marietjie Botes

2024

Abstract

The privacy engineering literature proposes requirements for the design of technologies but gives little guidance on how to correctly fulfil them in practice. On the other hand, a growing number of taxonomies document examples of how to circumvent privacy requirements via ”dark patterns,” i.e., manipulative privacy-invasive interface designs. To improve the actionability of the knowledge about dark patterns for the privacy engineering community, we matched a selection of existing dark patterns classifications with the ISO/IEC 29100:2011 standard on Privacy Principles by performing an iterative expert analysis, which resulted in clusters of dark patterns that potentially violate the ISO privacy engineering requirements. Our results can be used to develop practical guidelines for the implementation of technology designs that comply with the ISO Privacy Principles.

Download

Paper Citation

in Harvard Style

Valoggia P., Sergeeva A., Rossi A. and Botes M. (2024). Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 774-784. DOI: 10.5220/0012393100003648

in Bibtex Style

@conference{icissp24,
author={Philippe Valoggia and Anastasia Sergeeva and Arianna Rossi and Marietjie Botes},
title={Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={774-784},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012393100003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective
SN - 978-989-758-683-5
AU - Valoggia P.
AU - Sergeeva A.
AU - Rossi A.
AU - Botes M.
PY - 2024
SP - 774
EP - 784
DO - 10.5220/0012393100003648
PB - SciTePress