Search results

The purpose of this paper is to present the approach taken within the PrimeLife project for designing user‐friendly privacy policy interfaces for the PrimeLife Policy Language (PPL) and report on the lessons learned when designing interfaces for privacy policy management and display.

Taking an iterative process of design, the authors developed the interface of the “Send Data?” prototype, a browser extension designed and developed to deal with the powerful features provided by PPL, and having the purpose of helping users to make conscious decisions on the dissemination of their personal information. The proposed interface introduces the novel features of “on the fly” privacy management, predefined levels of privacy settings, and simplified selection of anonymous credentials. The last iteration of the prototype has been tested using a cognitive walkthrough approach.

Results from usability tests show that users understood and appreciate most of the features contained within the interface and they perceived their benefit for protecting their privacy online. However, improvement is still needed in order to make the display and management of privacy policies more intuitive and seamless. Showing privacy mismatches inside a two‐dimensional table was preferred by users in general.

The paper introduces the novelty of “on the fly” privacy management, which lets users adapt and organize their own privacy preferences whilst an online transaction takes place, Also, it allows users to select credentials to identify themselves in a simpler manner.

The purpose of this paper is to propose visualization techniques as a new representation for privacy policies instead of traditional textual representation and to examine empirically their effects on users’ information privacy awareness level.

The authors selected as a case the privacy policy of Instagram and conducted two empirical investigations, each one with three interventions and each representing a different version of the Instagram privacy policy to users. Through a pre- and a post-questionnaire, the authors examined the effects that each representation technique had on the users’ privacy awareness level.

The paper finds that visualized privacy policies lead to higher privacy awareness levels than conventional textual ones, especially when icons are included.

The authors implemented two new representation techniques offering beneficial guidelines for designing more attractive privacy policy representations. However, the samples are rather limited for generalization to the wide population; nonetheless, they are significant to demonstrate the effect of visualized techniques. The findings might also be subject to bias (e.g. brand bias), although the authors took necessary methodological actions to prevent bias.

The results and the methodology of the paper could guide practitioners for the representation of a privacy policy, given that the authors provide systematic and concrete steps.

This paper examines the value of privacy policy visualization as a new approach for enabling user privacy awareness, as well as implements two visualization techniques for a given privacy policy. The paper and its findings should be useful for researchers, as well as for practitioners.

In the online environment, consumers increasingly feel vulnerable due to firms’ expanding capabilities of collecting and using their data in an unsanctioned manner. Drawing from gossip theory, this research focuses on two key suppressors of consumer vulnerability: transparency and control. Previous studies conceptualize transparency and control from rationalistic approaches that overlook individual experiences and present a unidimensional conceptualization. This research aims to understand how individuals interpret transparency and control concerning privacy vulnerability in the online environment. Additionally, it explores strategic approaches to communicating the value of transparency and control.

An interpretivism paradigm and phenomenology were adopted in the research design. Data were collected through semi-structured interviews with 41 participants, including consumers and experts, and analyzed through thematic analysis.

The findings identify key conceptual dimensions of transparency and control by adapting justice theory. They also reveal that firms can communicate assurance, functional, technical and social values of transparency and control to address consumer vulnerability.

This research makes the following contributions to the data privacy literature. The findings exhibit multidimensional and comprehensive conceptualizations of transparency and control, including user, firm and information perspectives. Additionally, the conceptual framework combines empirical insights from both experiencers and observers to offer an understanding of how transparency and control serve as justice mechanisms to effectively tackle the issue of unsanctioned transmission of personal information and subsequently address vulnerability. Lastly, the findings provide strategic approaches to communicating the value of transparency and control.

The purpose of this paper is to analyse the problem of privacy disclosure of third party applications in online social networks (OSNs) through Facebook, investigate the limitations in the existing models to protect users privacy and propose a permission-based access control (PBAC) model, which gives users complete control over users’ data when accessing third party applications.

A practical model based on the defined permission policies is proposed to manage users information accessed by third party applications and improve user awareness in sharing sensitive information with them. This model is a combination of interfaces and internal mechanisms which can be adopted by any OSN having similar architecture to Facebook in managing third party applications, without much structural changes. The model implemented in Web interface connects with Facebook application programming interface and evaluates its efficacy using test cases.

The results show that the PBAC model can facilitate user awareness about privacy risks of data passed on to third party applications and allow users who are more concerned about their privacy from releasing such information to those applications.

The study provides further research in protecting users’ privacy in OSNs and thus avoid the risks associated with that, thereby increasing users’ trust in using OSNs.

The research has proven to be useful in improving user awareness on the risk associated with sharing private information on OSNs, and the practically implemented PBAC model guarantees full user privacy from unwanted disclosure of personal information to third party applications.

Shopping online is a fast-growing phenomenon. A look into the rapid exponential growth of the primary players in this sector shows huge market potential for e-commerce. Given the convenience of internet shopping, e-commerce is seen as an emerging trend among consumers, specifically the younger generation (Gen Y). The popularity of e-commerce and online shopping has captured the attention of e-retailers, encouraging researchers to focus on this area. This paper aims to examine the relationship between online repurchase intention and other variables such as security, privacy concerns, trust and ease of use (EOU), mediated by e-satisfaction.

A self-administered survey method is used, and students aged between 20 and 35 years at universities in northern India are selected as subjects. To test the hypotheses of this study, an online questionnaire is distributed to participants, with 309 legitimate responses received. The data are analyzed using SPSS version 20.0 and AMOS version 20.0. Structural equation modeling is used to examine the model and to test the hypotheses.

The results of this study show that security, privacy concerns, trust and EOU have a positive significant relationship with repurchase intention. The findings also reveal that e-satisfaction has a full mediation effect between security and repurchase intention and also between trust and repurchase intention. In addition, a partial mediation effect of e-satisfaction is noted between EOU and repurchase intention and between privacy concerns and repurchase intention.

The results show that security, trust, EOU and privacy concerns are the factors that have most impact on consumer purchasing behavior. In terms of the repurchase intention of Gen Y consumers, what is needed are strong security features, an easy-to-use interface, a trusted privacy policy and the creation of trust. Furthermore, it may be beneficial to observe e-satisfaction as a mediator when identifying potential problems; online satisfaction is important for the group in this study, and the results show that it impacts on the relation between repurchase intention and other factors.

In terms of the repurchase intention of Gen Y consumers, what is needed are strong security features, an easy-to-use interface, a trusted privacy policy and the creation of trust. Furthermore, it may be beneficial to observe e-satisfaction as a mediator when identifying potential problems; online satisfaction is important for the group in this study, and the results show that it impacts on the relation between repurchase intention and other factors.

This research determines the impact of security, privacy concerns, EOU and trust on the online repurchasing behavior of Gen Y in India. The mediation effect of e-satisfaction is also determined.

The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.

The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recognized. As a result, an extended framework of information security and privacy standards is developed. Moreover, taking into account the different attributes and focus of information privacy as compared to information security, the elicitation of usability criteria for web applications and interfaces that will assist users to protect their privacy, is being proposed.

Within ICT standards numerous information security standards exist, which enable a common understanding of security requirements and promote global rules and practices for security mechanisms. Through their usage, designed information systems ultimately reach a commonly accepted security level and interoperate with other systems in an efficient and secure way. Nevertheless, a similar compliance environment is missing with regard to information privacy. Often security controls are seen as the solution to privacy protection and security compliance frameworks are regarded as guidance to information privacy as well. This is clearly the wrong approach since the main security and privacy attributes are different; information security refers to information stored, processed and transmitted for completing the information system's functions and purpose, while information privacy is the protection of the information's subject identity.

The identified gaps in compliance environments are based on extensive literature review, while the proposed enhancements for the information privacy standards are, at this stage, an opinion‐based piece of work.

Currently, information privacy is treated mostly as a legal compliance requirement and thus is not adequately handled by security standards. The paper provides recommendations and further guidance in managerial, procedural and technical level for handling information privacy.

This paper aims to demonstrate that a policy-based middleware solution which facilitates the development of context-aware applications and the integration of the heterogeneous devices should be provided for ubiquitous computing environments. Ubiquitous computing targets the provision of seamless services and applications by providing an environment that involves a variety of devices having different capabilities. These applications help transforming the physical spaces into computationally active and smart environments. The design of applications in these environments needs to consider the heterogeneous devices, applications preferences and rapidly changing contexts. The applications, therefore, need to be context-aware so that they can adapt to different situations in real-time.

In this paper, we argue that a policy-based middleware solution that facilitates the development of context-aware applications and the integration of the heterogeneous devices should be provided for ubiquitous computing environments. The middleware allows applications to track items and acquire contextual information about them easily, reason about this information captured using different logics and then adapt to changing contexts. A key issue in these environments is to allow heterogeneous applications to express their business rules once, and get the preferred data once they are captured by the middleware without any intervention from the application side.

Our middleware tackles this problem by using policies to define the different applications’ rules and preferences. These policies can specify rules about the middleware services to be used, type of data captured, devices used, user roles, context information and any other type of conditions.

In this paper, we propose the design of a flexible and performant ubiquitous computing, and context-aware middleware called FlexRFID along with its evaluation results.

This paper aims to address privacy concerns that arise from the use of mobile recommender systems when processing contextual information relating to the user. Mobile recommender systems aim to solve the information overload problem by recommending products or services to users of Web services on mobile devices, such as smartphones or tablets, at any given point in time and in any possible location. They use recommendation methods, such as collaborative filtering or content-based filtering and use a considerable amount of contextual information to provide relevant recommendations. However, because of privacy concerns, users are not willing to provide the required personal information that would allow their views to be recorded and make these systems usable.

This work is focused on user privacy by providing a method for context privacy-preservation and privacy protection at user interface level. Thus, a set of algorithms that are part of the method has been designed with privacy protection in mind, which is done by using realistic dummy parameter creation. To demonstrate the applicability of the method, a relevant context-aware data set has been used to run performance and usability tests.

The proposed method has been experimentally evaluated using performance and usability evaluation tests and is shown that with a small decrease in terms of performance, user privacy can be protected.

This is a novel research paper that proposed a method for protecting the privacy of mobile recommender systems users when context parameters are used.

This paper aims to contribute to the ongoing discourse about the nature of privacy and its role in ubiquitous environments and provide insights for future research.

The paper analyses the privacy implications of particular characteristics of ubiquitous applications and discusses the fundamental principles and information practices used in digital environments for protecting individuals' private data.

A significant trend towards shifting privacy protection responsibility from government to the individuals is identified. Also, specific directions for future research are provided with a focus on interdisciplinary research.

This paper identifies key research issues and provides directions for future research.

This study contributes by identifying major challenges that should be addressed, so that a set of “fair information principles” can be applied in the context of ubiquitous environments. It also discusses the limitations of these principles and provides recommendations for future research.

In June 2017, The Human Data Commons Foundation released its first annual Quantified Self Report Card. This project consisted of a qualitative review of the privacy policy documentation of 55 private sector companies in the self-tracking and biometric data industry. Two researchers recorded their ratings on concrete criteria for each company’s website, as well as providing a blend of objective and subjective ratings on the overall ease of readability and navigability within each site’s documentation. This chapter explains the unique context of user privacy rights within the Quantified Self tracking industry, and summarises the overall results from the 2017 Quantified Self Report Card. The tension between user privacy and data sharing in commercial data-collection practices is explored and the authors provide insight into possibilities for resolving these tensions. The self-as-instrument in research is touched on in autoethnographic narrative confronting and interrogating the difficult process of immersive qualitative analytics in relation to such intensely complex and personal issues as privacy and ubiquitous dataveillance. Drawing upon excerpted reflections from the Report Card’s co-author, a few concluding thoughts are shared on freedom and choice. Finally, goals for next year’s Quantified Self Report Card are revealed, and a call extended for public participation.