{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T21:02:53Z","timestamp":1774299773211,"version":"3.50.1"},"reference-count":71,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"3","license":[{"start":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T00:00:00Z","timestamp":1619481600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,7,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Applied privacy research has so far focused mainly on consumer relations in private life. Privacy in the context of employment relationships is less well studied, although it is subject to the same legal privacy framework in Europe. The European General Data Protection Regulation (GDPR) has strengthened employees\u2019 right to privacy by obliging that employers provide transparency and intervention mechanisms. For such mechanisms to be effective, employees must have a sound understanding of their functions and value. We explored possible boundaries by conducting a semi-structured interview study with 27 office workers in Germany and elicited mental models of the right to informational self-determination, which is the European proxy for the right to privacy. We provide insights into (1) perceptions of different categories of data, (2) familiarity with the legal framework regarding expectations for privacy controls, and (3) awareness of data processing, data flow, safeguards, and threat models. We found that legal terms often used in privacy policies used to describe categories of data are misleading. We further identified three groups of mental models that differ in their privacy control requirements and willingness to accept restrictions on their privacy rights. We also found ignorance about actual data flow, processing, and safeguard implementation. Participants\u2019 mindsets were shaped by their faith in organizational and technical measures to protect privacy. Employers and developers may benefit from our contributions by understanding the types of privacy controls desired by office workers and the challenges to be considered when conceptualizing and designing usable privacy protections in the workplace.<\/jats:p>","DOI":"10.2478\/popets-2021-0035","type":"journal-article","created":{"date-parts":[[2021,4,29]],"date-time":"2021-04-29T01:25:04Z","timestamp":1619659504000},"page":"5-27","source":"Crossref","is-referenced-by-count":8,"title":["Exploring mental models of the right to informational self-determination of office workers in Germany"],"prefix":"10.56553","volume":"2021","author":[{"given":"Jan","family":"Tolsdorf","sequence":"first","affiliation":[{"name":"Bonn-Rhein-Sieg University of Applied Sciences"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Florian","family":"Dehling","sequence":"additional","affiliation":[{"name":"Bonn-Rhein-Sieg University of Applied Sciences"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Delphine","family":"Reinhardt","sequence":"additional","affiliation":[{"name":"University of G\u00f6ttingen"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luigi Lo","family":"Iacono","sequence":"additional","affiliation":[{"name":"Bonn-Rhein-Sieg University of Applied Sciences"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"35752","published-online":{"date-parts":[[2021,4,27]]},"reference":[{"key":"2022061201170873446_j_popets-2021-0035_ref_001_w2aab3b7b4b1b6b1ab1ab1Aa","doi-asserted-by":"crossref","unstructured":"[1] A. Acquisti, L. Brandimarte, and G. Loewenstein. Privacy and Human Behavior in the Age of Information. Science, 347(6221):509\u2013514, 2015.10.1126\/science.aaa146525635091","DOI":"10.1126\/science.aaa1465"},{"key":"2022061201170873446_j_popets-2021-0035_ref_002_w2aab3b7b4b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] A. Acquisti and J. Grossklags. Privacy and Rationality in Individual Decision Making. IEEE Security and Privacy Magazine, 3(1):26\u201333, 2005.10.1109\/MSP.2005.22","DOI":"10.1109\/MSP.2005.22"},{"key":"2022061201170873446_j_popets-2021-0035_ref_003_w2aab3b7b4b1b6b1ab1ab3Aa","doi-asserted-by":"crossref","unstructured":"[3] B. J. Alge, G. A. Ballinger, S. Tangirala, and J. L. Oakley. Information Privacy in Organizations: Empowering Creative and Extrarole Performance. Journal of Applied Psychology, 91(1):221\u2013232, 2006.","DOI":"10.1037\/0021-9010.91.1.221"},{"key":"2022061201170873446_j_popets-2021-0035_ref_004_w2aab3b7b4b1b6b1ab1ab4Aa","doi-asserted-by":"crossref","unstructured":"[4] F. Alizadeh, T. Jakobi, A. Boden, G. Stevens, and J. Boldt. GDPR Reality Check - Claiming and Investigating Personally Identifiable Data from Companies. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroSPW), pages 120\u2013129, 2020.10.1109\/EuroSPW51379.2020.00025","DOI":"10.1109\/EuroSPW51379.2020.00025"},{"key":"2022061201170873446_j_popets-2021-0035_ref_005_w2aab3b7b4b1b6b1ab1ab5Aa","doi-asserted-by":"crossref","unstructured":"[5] M. Watkins Allen, S. J. Coopman, J. L. Hart, and K. L. Walker. Workplace Surveillance and Managing Privacy Boundaries. Management Communication Quarterly, 21(2):172\u2013200, 2007.10.1177\/0893318907306033","DOI":"10.1177\/0893318907306033"},{"key":"2022061201170873446_j_popets-2021-0035_ref_006_w2aab3b7b4b1b6b1ab1ab6Aa","unstructured":"[6] I. Altman. The Environment and Social Behavior: Privacy, Personal Space, Territory, Crowding. Brooks\/Cole Pub. Co, 1975."},{"key":"2022061201170873446_j_popets-2021-0035_ref_007_w2aab3b7b4b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] F. Asgharpour, D. Liu, and L. Jean Camp. Mental Models of Security Risks. In Proceedings of the 11th International Conference on Financial Cryptography and 1st International Conference on Usable Security (FC, USEC), pages 367\u2013377, 2007.10.1007\/978-3-540-77366-5_34","DOI":"10.1007\/978-3-540-77366-5_34"},{"key":"2022061201170873446_j_popets-2021-0035_ref_008_w2aab3b7b4b1b6b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] N. Backhaus. Context Sensitive Technologies and Electronic Employee Monitoring: A Meta-Analytic Review. In Proceedings of the 11th IEEE\/SICE International Symposium on System Integration (SII), pages 548\u2013553, 2019.10.1109\/SII.2019.8700354","DOI":"10.1109\/SII.2019.8700354"},{"key":"2022061201170873446_j_popets-2021-0035_ref_009_w2aab3b7b4b1b6b1ab1ab9Aa","doi-asserted-by":"crossref","unstructured":"[9] K. Ball, E. M. Daniel, and C. Stride. Dimensions of Employee Privacy: An Empirical Study. Information Technology & People, 25(4):376\u2013394, 2012.","DOI":"10.1108\/09593841211278785"},{"key":"2022061201170873446_j_popets-2021-0035_ref_010_w2aab3b7b4b1b6b1ab1ac10Aa","doi-asserted-by":"crossref","unstructured":"[10] D. P. Bhave, L. H. Teo, and R. S. Dalal. Privacy at Work: A Review and a Research Agenda for a Contested Terrain. Journal of Management, 46(1):127\u2013164, 2020.","DOI":"10.1177\/0149206319878254"},{"key":"2022061201170873446_j_popets-2021-0035_ref_011_w2aab3b7b4b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] C. Bravo-Lillo, L. F. Cranor, J. Downs, and S. Komanduri. Bridging the Gap in Computer Security Warnings: A Mental Model Approach. IEEE Security & Privacy Magazine, 9(2):18\u201326, 2011.","DOI":"10.1109\/MSP.2010.198"},{"key":"2022061201170873446_j_popets-2021-0035_ref_012_w2aab3b7b4b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] F. B\u00e9langer and R. E. Crossler. Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. MIS Quarterly, 35(4):1017\u20131042, 2011.","DOI":"10.2307\/41409971"},{"key":"2022061201170873446_j_popets-2021-0035_ref_013_w2aab3b7b4b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] L. J. Camp. Mental Models of Privacy and Security. IEEE Technology and Society Magazine, 28(3):37\u201346, 2009.10.1109\/MTS.2009.934142","DOI":"10.1109\/MTS.2009.934142"},{"key":"2022061201170873446_j_popets-2021-0035_ref_014_w2aab3b7b4b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] J. L. Campbell, C. Quincy, J. Osserman, and O. K. Pedersen. Coding In-depth Semistructured Interviews: Problems of Unitization and Intercoder Reliability and Agreement. Sociological Methods & Research, 42(3):294\u2013320, 2013.","DOI":"10.1177\/0049124113500475"},{"key":"2022061201170873446_j_popets-2021-0035_ref_015_w2aab3b7b4b1b6b1ab1ac15Aa","doi-asserted-by":"crossref","unstructured":"[15] D. Carpenter, A. McLeod, C. Hicks, and M. Maasberg. Privacy and Biometrics: An Empirical Examination of Employee Concerns. Information Systems Frontiers, 20(1):91\u2013110, 2018.","DOI":"10.1007\/s10796-016-9667-5"},{"key":"2022061201170873446_j_popets-2021-0035_ref_016_w2aab3b7b4b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] X. Chen, J. Ma, J. Jin, and P. Fosh. Information Privacy, Gender Differences, and Intrinsic Motivation in the Work-place. International Journal of Information Management, 33(6):917\u2013926, 2013.10.1016\/j.ijinfomgt.2013.08.010","DOI":"10.1016\/j.ijinfomgt.2013.08.010"},{"key":"2022061201170873446_j_popets-2021-0035_ref_017_w2aab3b7b4b1b6b1ab1ac17Aa","unstructured":"[17] K. J. W. Craik. The Nature of Explanation. Cambridge: Cambridge University Press, 1943."},{"key":"2022061201170873446_j_popets-2021-0035_ref_018_w2aab3b7b4b1b6b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] T. Dinev and P. Hart. An Extended Privacy Calculus Model for E-Commerce Transactions. Information Systems Research, 17(1):61\u201380, 2006.10.1287\/isre.1060.0080","DOI":"10.1287\/isre.1060.0080"},{"key":"2022061201170873446_j_popets-2021-0035_ref_019_w2aab3b7b4b1b6b1ab1ac19Aa","doi-asserted-by":"crossref","unstructured":"[19] S. Fischer-H\u00fcbner, J. S. Pettersson, and J. Angulo. HCI Requirements for Transparency and Accountability Tools for Cloud Service Chains. In Accountability and Security in the Cloud: First Summer School, Cloud Accountability Project, A4Cloud, Malaga, Spain, June 2-6, 2014, Revised Selected Papers and Lectures, Lecture Notes in Computer Science, pages 81\u2013113. 2015.10.1007\/978-3-319-17199-9_4","DOI":"10.1007\/978-3-319-17199-9_4"},{"key":"2022061201170873446_j_popets-2021-0035_ref_020_w2aab3b7b4b1b6b1ab1ac20Aa","unstructured":"[20] K. R. Fulton, R. Gelles, A. McKay, Y. Abdi, R. Roberts, and M. L. Mazurek. The Effect of Entertainment Media on Mental Models of Computer Security. In Proceedings of the 15th USENIX Symposium on Usable Privacy and Security (SOUPS), pages 79\u201395, 2019."},{"key":"2022061201170873446_j_popets-2021-0035_ref_021_w2aab3b7b4b1b6b1ab1ac21Aa","doi-asserted-by":"crossref","unstructured":"[21] M. F. Gan, H. N. Chua, and S. F. Wong. Privacy Enhancing Technologies Implementation: An Investigation of its Impact on Work Processes and Employee Perception. Telematics and Informatics, 38(1):13\u201329, 2019.","DOI":"10.1016\/j.tele.2019.01.002"},{"key":"2022061201170873446_j_popets-2021-0035_ref_022_w2aab3b7b4b1b6b1ab1ac22Aa","doi-asserted-by":"crossref","unstructured":"[22] N. Gerber, P. Gerber, and M. Volkamer. Explaining the Privacy Paradox: A Systematic Review of Literature Investigating Privacy Attitude and Behavior. Computers & Security, 77(8):226\u2013261, 2018.","DOI":"10.1016\/j.cose.2018.04.002"},{"key":"2022061201170873446_j_popets-2021-0035_ref_023_w2aab3b7b4b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] N. Gerber, V. Zimmermann, and M. Volkamer. Why Johnny Fails to Protect his Privacy. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroSPW), pages 109\u2013118, 2019.10.1109\/EuroSPW.2019.00019","DOI":"10.1109\/EuroSPW.2019.00019"},{"key":"2022061201170873446_j_popets-2021-0035_ref_024_w2aab3b7b4b1b6b1ab1ac24Aa","unstructured":"[24] J. Johansen and S. Fischer-H\u00fcbner. Making GDPR Usable: A Model to Support Usability Evaluations of Privacy. In Privacy and Identity Management. Data for Better Living: AI and Privacy: 14th IFIP WG 9.2, 9.6\/11.7, 11.6\/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19\u201323, 2019, Revised Selected Papers, pages 275\u2013291. Springer International Publishing, 2020."},{"key":"2022061201170873446_j_popets-2021-0035_ref_025_w2aab3b7b4b1b6b1ab1ac25Aa","unstructured":"[25] P. N. Johnson-Laird. Mental Models: Towards a Cognitive Science of Language, Inference, and Consciousness. Harvard University Press, 1986."},{"key":"2022061201170873446_j_popets-2021-0035_ref_026_w2aab3b7b4b1b6b1ab1ac26Aa","doi-asserted-by":"crossref","unstructured":"[26] N. Jones, H. Ross, T. Lynam, P. Perez, and A. Leitch. Mental Models: An Interdisciplinary Synthesis of Theory and Methods. Ecology and Society, 16(1):1\u201313, 2011.","DOI":"10.5751\/ES-03802-160146"},{"key":"2022061201170873446_j_popets-2021-0035_ref_027_w2aab3b7b4b1b6b1ab1ac27Aa","unstructured":"[27] R. Kang, L. Dabbish, N. Fruchter, and S. Kiesler. \u201cMy Data Just Goes Everywhere:\u201d User Mental Models of the Internet and Implications for Privacy and Security. In Proceedings of the 11th USENIX Symposium on Usable Privacy and Security (SOUPS), pages 39\u201352, 2015."},{"key":"2022061201170873446_j_popets-2021-0035_ref_028_w2aab3b7b4b1b6b1ab1ac28Aa","unstructured":"[28] J. King. Taken Out of Context: An Empirical Analysis of Westin\u2019s Privacy Scale. In Proceedings of the 1st Workshop on Privacy Personas and Segmentation (PPS), pages 1\u20138, 2014."},{"key":"2022061201170873446_j_popets-2021-0035_ref_029_w2aab3b7b4b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] P. Klasnja, S. Consolvo, J. Jung, B. M. Greenstein, L. LeGrand, P. Powledge, and D. Wetherall. \u201cWhen I am on Wi-Fi, I am fearless\u201d: Privacy Concerns & Practices in Everyday Wi-Fi Use. In Proceedings of the ACM Conference on Human Factors in Computing Systems (SIGCHI), pages 1993\u20132002, 2009.10.1145\/1518701.1519004","DOI":"10.1145\/1518701.1519004"},{"key":"2022061201170873446_j_popets-2021-0035_ref_030_w2aab3b7b4b1b6b1ab1ac30Aa","unstructured":"[30] D. Krebs and J. Doctor. \u201cPrivacy by Design\u201d: Nice-to-have or a Necessary Principle of Data Protection Law? Journal of Intellectual Property, Information Technology and E-Commerce Law, 4(1):2\u201320, 2013."},{"key":"2022061201170873446_j_popets-2021-0035_ref_031_w2aab3b7b4b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] K. Krombholz, K. Busse, K. Pfeffer, M. Smith, and E. von Zezschwitz. \u201cIf HTTPS Were Secure, I Wouldn\u2019t Need 2fa\u201d - End User and Administrator Mental Models of HTTPS. In Proceedings of the 40th IEEE Symposium on Security and Privacy (S&P), pages 246\u2013263, 2019.10.1109\/SP.2019.00060","DOI":"10.1109\/SP.2019.00060"},{"key":"2022061201170873446_j_popets-2021-0035_ref_032_w2aab3b7b4b1b6b1ab1ac32Aa","unstructured":"[32] R. A. Krueger and M. A. Casey. Focus Groups: A Practical Guide for Applied Research. SAGE, 2015."},{"key":"2022061201170873446_j_popets-2021-0035_ref_033_w2aab3b7b4b1b6b1ab1ac33Aa","doi-asserted-by":"crossref","unstructured":"[33] P. Kumar, S. Milind Naik, U. R. Devkar, M. Chetty, T. L. Clegg, and J. Vitak. \u2019no telling passcodes out because they\u2019re private\u2019: Understanding children\u2019s mental models of privacy and security online. Proceedings of the ACM on Human-Computer Interaction, 1(CSCW):1\u201321, 2017.","DOI":"10.1145\/3134699"},{"key":"2022061201170873446_j_popets-2021-0035_ref_034_w2aab3b7b4b1b6b1ab1ac34Aa","unstructured":"[34] P. Kumaraguru and L. F. Cranor. Privacy Indexes: A Survey of Westin\u2019s Studies. Technical report, Institute for Software Research, International School of Computer Science Carnegie Mellon University Pittsburgh, 2005."},{"key":"2022061201170873446_j_popets-2021-0035_ref_035_w2aab3b7b4b1b6b1ab1ac35Aa","doi-asserted-by":"crossref","unstructured":"[35] M. Kwasny, K. Caine, W. A. Rogers, and A. D. Fisk. Privacy and Technology: Folk Definitions and Perspectives. Technical report, Atlanta, GA: Georgia Institute of Technology School of Psychology \u2013 Human Factors and Aging Laboratory, 2008.","DOI":"10.1145\/1358628.1358846"},{"key":"2022061201170873446_j_popets-2021-0035_ref_036_w2aab3b7b4b1b6b1ab1ac36Aa","doi-asserted-by":"crossref","unstructured":"[36] Y. Li. Empirical Studies on Online Information Privacy Concerns: Literature Review and an Integrative Framework. Communications of the Association for Information Systems, 28(1):453\u2013496, 2011.","DOI":"10.17705\/1CAIS.02828"},{"key":"2022061201170873446_j_popets-2021-0035_ref_037_w2aab3b7b4b1b6b1ab1ac37Aa","doi-asserted-by":"crossref","unstructured":"[37] J. Lin, N. Sadeh, S. Amini, J. Lindqvist, J. I. Hong, and J. Zhang. Expectation and Purpose: Understanding Users\u2019 Mental Models of Mobile App Privacy Through Crowd-sourcing. In Proceedings of the 14th ACM Conference on Ubiquitous Computing (UbiComp), pages 501\u2013510, 2012.10.1145\/2370216.2370290","DOI":"10.1145\/2370216.2370290"},{"key":"2022061201170873446_j_popets-2021-0035_ref_038_w2aab3b7b4b1b6b1ab1ac38Aa","doi-asserted-by":"crossref","unstructured":"[38] M. Maceli. Librarians\u2019 Mental Models and Use of Privacy-Protection Technologies. Journal of Intellectual Freedom & Privacy, 4(1):18\u201332, 2019.10.5860\/jifp.v4i1.6907","DOI":"10.5860\/jifp.v4i1.6907"},{"key":"2022061201170873446_j_popets-2021-0035_ref_039_w2aab3b7b4b1b6b1ab1ac39Aa","doi-asserted-by":"crossref","unstructured":"[39] E. Markos, G. R. Milne, and J. W. Peltier. Information Sensitivity and Willingness to Provide Continua: A Comparative Privacy Study of the United States and Brazil. Journal of Public Policy & Marketing, 36(1):79\u201396, 2017.","DOI":"10.1509\/jppm.15.159"},{"key":"2022061201170873446_j_popets-2021-0035_ref_040_w2aab3b7b4b1b6b1ab1ac40Aa","unstructured":"[40] P. Mayring. Qualitative Content Analysis. Forum Qualitative Sozialforschung \/ Forum: Qualitative Social Research, 1(2):1\u201310, 2000."},{"key":"2022061201170873446_j_popets-2021-0035_ref_041_w2aab3b7b4b1b6b1ab1ac41Aa","doi-asserted-by":"crossref","unstructured":"[41] T. Mettler and J. Wulf. Physiolytics at the Workplace: Affordances and Constraints of Wearables Use from an Employee\u2019s Perspective. Information Systems Journal, 29(1):245\u2013273, 2019.","DOI":"10.1111\/isj.12205"},{"key":"2022061201170873446_j_popets-2021-0035_ref_042_w2aab3b7b4b1b6b1ab1ac42Aa","unstructured":"[42] M. G. Morgan. Risk Communication: A Mental Models Approach. Cambridge University Press, 2002."},{"key":"2022061201170873446_j_popets-2021-0035_ref_043_w2aab3b7b4b1b6b1ab1ac43Aa","doi-asserted-by":"crossref","unstructured":"[43] A. Morton and M. A. Sasse. Desperately Seeking Assurances: Segmenting Users by Their Information-seeking Preferences. In Proceedings of the 12th IEEE Annual International Conference on Privacy, Security and Trust (PST), pages 102\u2013111, 2014.10.1109\/PST.2014.6890929","DOI":"10.1109\/PST.2014.6890929"},{"key":"2022061201170873446_j_popets-2021-0035_ref_044_w2aab3b7b4b1b6b1ab1ac44Aa","doi-asserted-by":"crossref","unstructured":"[44] P. Murmann and S. Fischer-H\u00fcbner. Tools for Achieving Usable Ex Post Transparency: A Survey. IEEE Access, 5:22965\u201322991, 2017.","DOI":"10.1109\/ACCESS.2017.2765539"},{"key":"2022061201170873446_j_popets-2021-0035_ref_045_w2aab3b7b4b1b6b1ab1ac45Aa","unstructured":"[45] H. Nissenbaum. Privacy as Contextual Integrity. Washington Law Review, 79(1):1119\u2013157, 2004."},{"key":"2022061201170873446_j_popets-2021-0035_ref_046_w2aab3b7b4b1b6b1ab1ac46Aa","doi-asserted-by":"crossref","unstructured":"[46] H. Nissenbaum. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press, 2010.10.1515\/9780804772891","DOI":"10.1515\/9780804772891"},{"key":"2022061201170873446_j_popets-2021-0035_ref_047_w2aab3b7b4b1b6b1ab1ac47Aa","unstructured":"[47] D. A. Norman. Some Observations on Mental Models. In Mental Models, pages 7\u201314. Lawrence Erlbaum Associates Inc., 1983."},{"key":"2022061201170873446_j_popets-2021-0035_ref_048_w2aab3b7b4b1b6b1ab1ac48Aa","doi-asserted-by":"crossref","unstructured":"[48] M. Oates, Y. Ahmadullah, A. Marsh, C. Swoopes, S. Zhang, R. Balebako, and L. F. Cranor. Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration. Proceedings on Privacy Enhancing Technologies, 2018(4):5\u201332, 2018.","DOI":"10.1515\/popets-2018-0029"},{"key":"2022061201170873446_j_popets-2021-0035_ref_049_w2aab3b7b4b1b6b1ab1ac49Aa","doi-asserted-by":"crossref","unstructured":"[49] J. Reitman Olson and H. H. Rueter. Extracting Expertise from Experts: Methods for Knowledge Acquisition. Expert Systems, 4(3):152\u2013168, 1987.","DOI":"10.1111\/j.1468-0394.1987.tb00139.x"},{"key":"2022061201170873446_j_popets-2021-0035_ref_050_w2aab3b7b4b1b6b1ab1ac50Aa","doi-asserted-by":"crossref","unstructured":"[50] S. Petronio. Boundaries of privacy: Dialectics of disclosure. State University of New York Press, 2002.","DOI":"10.1353\/book4588"},{"key":"2022061201170873446_j_popets-2021-0035_ref_051_w2aab3b7b4b1b6b1ab1ac51Aa","doi-asserted-by":"crossref","unstructured":"[51] S. Spickard Prettyman, S. Furman, M. Theofanos, and B. Stanton. Privacy and Security in the Brave New World: The Use of Multiple Mental Models. In Proceedings of the 3rd International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), pages 260\u2013270, 2015.10.1007\/978-3-319-20376-8_24","DOI":"10.1007\/978-3-319-20376-8_24"},{"key":"2022061201170873446_j_popets-2021-0035_ref_052_w2aab3b7b4b1b6b1ab1ac52Aa","doi-asserted-by":"crossref","unstructured":"[52] F. Raja, K. Hawkey, and K. Beznosov. Revealing Hidden Context: Improving Mental Models of Personal Firewall Users. In Proceedings of the 5th ACM Symposium on Usable Privacy and Security (SOUPS), pages 1\u201312, 2009.10.1145\/1572532.1572534","DOI":"10.1145\/1572532.1572534"},{"key":"2022061201170873446_j_popets-2021-0035_ref_053_w2aab3b7b4b1b6b1ab1ac53Aa","doi-asserted-by":"crossref","unstructured":"[53] J. R. Reidenberg, T. Breaux, L. F. Cranor, B. French, A. Grannis, J. T. Graves, F. Liu, A. McDonald, T. B. Norton, R. Ramanath, N C. Russell, N. Sadeh, and F. Schaub. Disagreeable Privacy Policies: Mismatches Between Meaning and Users\u2019 Understanding. Berkeley Technology Law Journal, 30(1):39\u201388, 2015.","DOI":"10.2139\/ssrn.2418297"},{"key":"2022061201170873446_j_popets-2021-0035_ref_054_w2aab3b7b4b1b6b1ab1ac54Aa","doi-asserted-by":"crossref","unstructured":"[54] K. Renaud, M. Volkamer, and A. Renkema-Padmos. Why Doesn\u2019t Jane Protect Her Privacy? In Proceedings of the 14th Privacy Enhancing Technologies Symposium (PETS), pages 244\u2013262, 2014.10.1007\/978-3-319-08506-7_13","DOI":"10.1007\/978-3-319-08506-7_13"},{"key":"2022061201170873446_j_popets-2021-0035_ref_055_w2aab3b7b4b1b6b1ab1ac55Aa","doi-asserted-by":"crossref","unstructured":"[55] A. Rouvroy and Y. Poullet. The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy. In Reinventing Data Protection?, pages 45\u201376. Springer, Dordrecht, 2009.10.1007\/978-1-4020-9498-9_2","DOI":"10.1007\/978-1-4020-9498-9_2"},{"key":"2022061201170873446_j_popets-2021-0035_ref_056_w2aab3b7b4b1b6b1ab1ac56Aa","doi-asserted-by":"crossref","unstructured":"[56] E.-M. Schomakers, C. Lidynia, D. M\u00fcllmann, and M. Ziefle. Internet Users\u2019 Perceptions of Information Sensitivity \u2013 In-sights from Germany. International Journal of Information Management, 46(1):142\u2013150, 2019.10.1016\/j.ijinfomgt.2018.11.018","DOI":"10.1016\/j.ijinfomgt.2018.11.018"},{"key":"2022061201170873446_j_popets-2021-0035_ref_057_w2aab3b7b4b1b6b1ab1ac57Aa","doi-asserted-by":"crossref","unstructured":"[57] E.-M. Schomakers, C. Lidynia, L. Vervier, and M. Ziefle. Of Guardians, Cynics, and Pragmatists - A Typology of Privacy Concerns and Behavior:. In Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security (IoTBDS), pages 153\u2013163, 2018.10.5220\/0006774301530163","DOI":"10.5220\/0006774301530163"},{"key":"2022061201170873446_j_popets-2021-0035_ref_058_w2aab3b7b4b1b6b1ab1ac58Aa","doi-asserted-by":"crossref","unstructured":"[58] E.-M. Schomakers, C. Lidynia, and M. Ziefle. Hidden within a Group of People - Mental Models of Privacy Protection:. In Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security (IoTBDS), pages 85\u201394, 2018.10.5220\/0006678700850094","DOI":"10.5220\/0006678700850094"},{"key":"2022061201170873446_j_popets-2021-0035_ref_059_w2aab3b7b4b1b6b1ab1ac59Aa","doi-asserted-by":"crossref","unstructured":"[59] J. \u0160i\u0161kov\u00e1 and E. L\u0151rinczov\u00e1. Implementation of GDPR into Payroll Accounting in the Czech Republic. In Proceedings of the 10th Hradec Economic Days (HED), pages 1\u20138, 2020.10.36689\/uhk\/hed\/2020-01-090","DOI":"10.36689\/uhk\/hed\/2020-01-090"},{"key":"2022061201170873446_j_popets-2021-0035_ref_060_w2aab3b7b4b1b6b1ab1ac60Aa","doi-asserted-by":"crossref","unstructured":"[60] H. J. Smith, T. Dinev, and H. Xu. Information Privacy Research: An Interdisciplinary Review. MIS Quarterly, 35(4):989\u20131016, 2011.","DOI":"10.2307\/41409970"},{"key":"2022061201170873446_j_popets-2021-0035_ref_061_w2aab3b7b4b1b6b1ab1ac61Aa","doi-asserted-by":"crossref","unstructured":"[61] S. A. Smith and S. R. Brunner. To Reveal or Conceal: Using Communication Privacy Management Theory to Understand Disclosures in the Workplace. Management Communication Quarterly, 31(3):429\u2013446, 2017.","DOI":"10.1177\/0893318917692896"},{"key":"2022061201170873446_j_popets-2021-0035_ref_062_w2aab3b7b4b1b6b1ab1ac62Aa","doi-asserted-by":"crossref","unstructured":"[62] D. J. Solove. A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3):477\u2013560, 2006.10.2307\/40041279","DOI":"10.2307\/40041279"},{"key":"2022061201170873446_j_popets-2021-0035_ref_063_w2aab3b7b4b1b6b1ab1ac63Aa","doi-asserted-by":"crossref","unstructured":"[63] E. F. Stone, H. G. Gueutal, D. G. Gardner, and S. McClure. A Field Experiment Comparing Information-privacy Values, Beliefs, and Attitudes Across Several Types of Organizations. Journal of Applied Psychology, 68(3):459\u2013468, 1983.10.1037\/0021-9010.68.3.459","DOI":"10.1037\/0021-9010.68.3.459"},{"key":"2022061201170873446_j_popets-2021-0035_ref_064_w2aab3b7b4b1b6b1ab1ac64Aa","doi-asserted-by":"crossref","unstructured":"[64] P. D. Tolchinsky, M. K. McCuddy, J. Adams, D. C. Ganster, R. W. Woodman, and H. L. Fromkin. Employee Perceptions of Invasion of Privacy: A Field Simulation Experiment. Journal of Applied Psychology, 66(3):308\u2013313, 1981.","DOI":"10.1037\/0021-9010.66.3.308"},{"key":"2022061201170873446_j_popets-2021-0035_ref_065_w2aab3b7b4b1b6b1ab1ac65Aa","doi-asserted-by":"crossref","unstructured":"[65] J. Tolsdorf and F. Dehling. In Our Employer We Trust: Mental Models of Office Worker\u2019s Privacy Perceptions. In Proceedings of the 1st Asian Workshop on Usable Security (AsiaUSEC, FC workshop), pages 122\u2013136, 2020.10.1007\/978-3-030-54455-3_9","DOI":"10.1007\/978-3-030-54455-3_9"},{"key":"2022061201170873446_j_popets-2021-0035_ref_066_w2aab3b7b4b1b6b1ab1ac66Aa","doi-asserted-by":"crossref","unstructured":"[66] M. Volkamer and K. Renaud. Mental Models \u2013 General Introduction and Review of Their Application to Human-Centred Security. In Number Theory and Cryptography: Papers in Honor of Johannes Buchmann on the Occasion of His 60th Birthday, pages 255\u2013280. Springer Berlin Heidelberg, 2013.10.1007\/978-3-642-42001-6_18","DOI":"10.1007\/978-3-642-42001-6_18"},{"key":"2022061201170873446_j_popets-2021-0035_ref_067_w2aab3b7b4b1b6b1ab1ac67Aa","doi-asserted-by":"crossref","unstructured":"[67] R. Wash. Folk Models of Home Computer Security. In Proceedings of the 6th ACM Symposium on Usable Privacy and Security (SOUPS), pages 1\u201316, 2010.10.1145\/1837110.1837125","DOI":"10.1145\/1837110.1837125"},{"key":"2022061201170873446_j_popets-2021-0035_ref_068_w2aab3b7b4b1b6b1ab1ac68Aa","unstructured":"[68] A. F. Westin. Privacy and Freedom. Athenum Press, 1967."},{"key":"2022061201170873446_j_popets-2021-0035_ref_069_w2aab3b7b4b1b6b1ab1ac69Aa","doi-asserted-by":"crossref","unstructured":"[69] R. W. Woodman, D. C. Ganster, J. Adams, M. K. Mc-Cuddy, P. D. Tolchinsky, and H. Fromkin. A Survey of Employee Perceptions of Information Privacy in Organizations. Academy of Management Journal, 25(3):647\u2013663, 1982.10.5465\/256087","DOI":"10.5465\/256087"},{"key":"2022061201170873446_j_popets-2021-0035_ref_070_w2aab3b7b4b1b6b1ab1ac70Aa","doi-asserted-by":"crossref","unstructured":"[70] E. W\u00e4stlund, J. Angulo, and S. Fischer-H\u00fcbner. Evoking Comprehensive Mental Models of Anonymous Credentials. In Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security (iNetSEc), pages 1\u201314, 2011.10.1007\/978-3-642-27585-2_1","DOI":"10.1007\/978-3-642-27585-2_1"},{"key":"2022061201170873446_j_popets-2021-0035_ref_071_w2aab3b7b4b1b6b1ab1ac71Aa","unstructured":"[71] E. Zeng, S. Mare, and F. Roesner. End User Security and Privacy Concerns with Smart Homes. In Proceedings of the 13th USENIX Symposium on Usable Privacy and Security (SOUPS), pages 65\u201380, 2017."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0035","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,2]],"date-time":"2023-11-02T22:55:40Z","timestamp":1698965740000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0035.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,27]]},"references-count":71,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2021,4,27]]},"published-print":{"date-parts":[[2021,7,1]]}},"alternative-id":["10.2478\/popets-2021-0035"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0035","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,27]]}}}