The paper evaluates web tracking across ten countries, finding that opt-in jurisdictions (like the EU) generally enforce stronger privacy protections, significantly reducing tracker connections compar…

The paper develops a comprehensive, GDPR-aligned item bank of 527 statements to accurately measure user preferences regarding specific regulatory protections, addressing a gap left by older privacy me…

This paper analyzes digital privacy risks in IoT ecosystems, proposing a comprehensive framework (AURA-IoT) and taxonomy to mitigate threats using advanced privacy-enhancing technologies.

This paper analyzes location-data provenance risks across multiple European sectors, proposing a risk taxonomy and architectural design for a next-generation digital trust infrastructure that treats l…

The paper introduces GDPRuler, a trusted middleware system that enables verifiable GDPR compliance for key-value stores on untrusted cloud environments without requiring modifications to the core data…

The paper introduces UMBRA, a novel system that detects evolved and subtle dark patterns in cookie consent banners, demonstrating that systematic non-compliance and user autonomy erosion are widesprea…

The paper introduces APLiance, a novel ABAC framework that models privacy policies as access requests and checks their compliance against legal requirements by mapping law sections to ABAC rules.

The paper introduces the PrivacyIceberg framework to systematically categorize and empirically demonstrate the high risk of automated, deep personal profiling using LLM agents, revealing a significant…

The paper proposes that party autonomy can be used to determine the applicable law for non-contractual obligations arising from cross-border data transfers by aligning it with the law chosen for the r…

This paper reviews recent EU AI regulatory documents to clarify definitions and synthesize current provisions regarding security, privacy, and autonomous agentic AI.

This paper empirically characterizes the clandestine third-party iOS app stores in Iran, revealing a complex ecosystem driven by sanctions and censorship that facilitates piracy, unauthorized monetiza…

This paper provides a systematic regulatory mapping and compliance architecture for AI agents operating under the complex web of EU laws, concluding that high-risk agents with untraceable behavioral d…

The paper proposes and evaluates DePRa, a system that democratizes privacy assessment by making everyday users active evaluators of mobile app data access, showing its potential to complement expert a…

The paper empirically investigates the lead marketing ecosystem, revealing a highly non-compliant system that aggressively collects, shares, and monetizes sensitive personal data through deceptive bro…

The paper proposes the User Data Sharing System (UDSS), a hardware-anchored middleware that securely manages PII exchange across diverse consumer electronics devices, significantly reducing onboarding…

The paper proposes using Differentially Private (DP) synthetic data, specifically through tabular synthesis and DP-Seeded Agent-Based Modeling (ABM), to resolve the conflict between data utility and p…

This study investigates user perceptions of privacy risks associated with GenAI smartphones, finding that users express heightened concerns across the entire data lifecycle and suggest comprehensive,…

This cross-national review analyzed government cybersecurity guidance for smart homes, finding that while general security advice is abundant, structured, step-by-step incident response guidance is ra…

The paper proposes bPk#, a distributed architecture for pseudonyms that enhances privacy and availability in national eID systems by delegating pseudonym computation rights to users and service provid…

The paper systematically analyzes 36 existing and proposed digital payment system designs to identify recurring patterns, technical trade-offs, and implementation challenges relevant for future Centra…