User-centered Security and Privacy (UCSP)
Cybersecurity and privacy protection with the focus on people
Digitization affects all people: as users of apps, services and AI systems, as data subjects or as actors during the long lifecycle of digital systems. Cybersecurity and privacy protection are essential in this context: they bring about freer and safer societies, competitive advantages and, through user acceptance, progress.
Experiences with the EU General Data Protection Regulation show that sovereignty, i. e. the people's authority to act with regard to their privacy and cyber security, is still lacking. In addition to the capacity to act, i. e. the legal and technical enabling of sovereign action, the competence to act must be ensured as well. People must be able to understand their digital situation and the consequences of their options for action. Thirdly, action economy is required: the options for action must be affordable - in terms of time expenditure, monetary consequences, reduced social participation, etc. - and implementable with the best possible user experience.
In the ATHENE research field UCSP, computer researchers, economists and legal scholars develop results with immediate benefits. Two examples:
New solutions for privacy-protecting and legally compliant data use enable a fair balance of interests between providers and users of data-based business models.
New solutions that allow people to assess the security and privacy level of digital systems objectively, comparatively and reproducibly, will encourage purchasing and deployment decisions, among other things, for more secure - often more expensive - solutions, which in turn will make the development of systems with more cybersecurity and privacy protection lucrative.