We present the results of a study done in order to validate concepts and methods that have been introduced in (Johansen and Fischer-Hubner, 2020. "Making GDPR Usable: A Model to Support Usability Evaluations of Privacy." in IFIP AICT 576, 275-291). We use as respondents in our interviews experts working across fields of relevance to these concepts, including law and data protection/privacy, certifications and standardization, and usability (as studied in the field of Human-Computer Interaction). We study the experts' opinions about four new concepts, namely: (i) a definition of Usable Privacy, (ii) 30 Usable Privacy Goals identified as excerpts from the GDPR (European General Data Protection Regulation), (iii) a set of 25 corresponding Usable Privacy Criteria together with their multiple measurable sub-criteria, and (iv) the Usable Privacy Cube model, which puts all these together with the EuroPriSe certification criteria, with the purpose of making explicit several aspects of certification processes such as orderings of criteria, interactions between these, different stakeholder perspectives, and context of use/processing. The expert opinions are varied, example-rich, and forward-looking, which gives a impressive list of open problems where the above four concepts can work as a foundation for further developments. We employed a critical qualitative research, using theory triangulation to analyze the data representing three groups of experts, categorized as 'certifications', 'law', and 'usability', coming both from industry and academia. The results of our analysis show agreement among the experts about the need for evaluations and measuring of usability of privacy in order to allow for exercising data subjects' rights and to evaluate the degree to which data controllers comply with the data protection principles.

翻译：我们呈现了一项研究的结果，旨在验证（Johansen 和 Fischer-Hübner，2020年《让GDPR可用：支持隐私可用性评估的模型》，载于IFIP AICT 576, 275-291）中引入的概念和方法。我们的访谈受访者是来自与这些概念相关领域的专家，包括法律与数据保护/隐私、认证与标准化，以及可用性（人机交互领域的研究对象）。我们研究了专家们对四个新概念的看法，即：(i) 可用隐私的定义，(ii) 从GDPR（欧洲通用数据保护条例）中提炼出的30项可用隐私目标，(iii) 一组25项相应的可用隐私标准及其多个可测量的子标准，以及(iv) 可用隐私立方体模型，该模型将这些内容与EuroPriSe认证标准整合，旨在明确认证过程的多个方面，例如标准的排序、标准之间的交互、不同利益相关者的视角以及使用/处理的环境。专家们的意见多样、富含实例且具有前瞻性，从而提出了一系列令人印象深刻的开放性问题，上述四个概念可作为进一步发展的基础。我们采用了批判性定性研究，并通过理论三角验证分析了代表三个专家群体（来自行业和学术界，分为“认证”、“法律”和“可用性”类别）的数据。分析结果显示，专家们一致认为需要对隐私的可用性进行评估和测量，以便行使其数据主体权利，并评估数据控制者遵守数据保护原则的程度。