Search results

In light of the data economy, data protection law is a key legal element for being able to leverage data-driven innovation and is often regarded as a limitation for businesses and service design. Contrasting this traditional view, this chapter argues why designing with privacy in mind is a win-win situation, not only, but especially in the context of data-based services. On the backdrop of new regulations around the globe setting incentives, we show how research in the domain of usable privacy can be leveraged to embed innovative privacy features for customers into digital services as competitive advantage. Building upon these insights, we argue that a well-designed privacy and/or data protection process should be a key element for customer experience management.

The purpose of this paper is to propose practical and usable interactions that will allow more informed, risk-aware comparisons for individuals during app selections. The authors include an explicit argument for the role of human decision-making during app selection and close with a discussion of the strengths of a Bayesian approach to evaluating privacy and security interventions.

The authors focused on the risk communication in mobile marketplace’s realm, examining how risk indicators can help people choose more secure and privacy-preserving apps. Combining canonical findings in risk perception with previous work in usable security, the authors designed indicators for each app to enable decisions that prioritize risk avoidance. Specifically, the authors performed a natural experiment with N = 60 participants, where they asked them to select applications on Android tablets with accurate real-time marketplace data.

In the aggregate, the authors found that app selections changed to be more risk-averse in the presence of a user-centered multi-level warning system using visual indicators that enabled a click-thru to the more detailed risk and permissions information.

Privacy research in the laboratory is often in conflict with privacy decision-making in the marketplace, resulting in a privacy paradox. To better understand this, the authors implemented a research design based on clinical experimental approaches, testing the interaction in a noisy, confounded field environment.

In June 2017, The Human Data Commons Foundation released its first annual Quantified Self Report Card. This project consisted of a qualitative review of the privacy policy documentation of 55 private sector companies in the self-tracking and biometric data industry. Two researchers recorded their ratings on concrete criteria for each company’s website, as well as providing a blend of objective and subjective ratings on the overall ease of readability and navigability within each site’s documentation. This chapter explains the unique context of user privacy rights within the Quantified Self tracking industry, and summarises the overall results from the 2017 Quantified Self Report Card. The tension between user privacy and data sharing in commercial data-collection practices is explored and the authors provide insight into possibilities for resolving these tensions. The self-as-instrument in research is touched on in autoethnographic narrative confronting and interrogating the difficult process of immersive qualitative analytics in relation to such intensely complex and personal issues as privacy and ubiquitous dataveillance. Drawing upon excerpted reflections from the Report Card’s co-author, a few concluding thoughts are shared on freedom and choice. Finally, goals for next year’s Quantified Self Report Card are revealed, and a call extended for public participation.

This paper presents an initial development of a personal data attitude (PDA) measurement instrument based on established psychometric principles. The aim of the research was to develop a reliable measurement scale for quantifying and comparing attitudes towards personal data that can be incorporated into cybersecurity behavioural research models. Such a scale has become necessary for understanding individuals’ attitudes towards specific sets of data, as more technologies are being designed to harvest, collate, share and analyse personal data.

An initial set of 34 five-point Likert-style items were developed with eight subscales and administered to participants online. The data collected were subjected to exploratory and confirmatory factor analyses and MANOVA. The results are consistent with the multidimensionality of attitude theories and suggest that the adopted methodology for the study is appropriate for future research with a more representative sample.

Factor analysis of 247 responses identified six constructs of individuals’ attitude towards personal data: protective behaviour, privacy concerns, cost-benefit, awareness, responsibility and security. This paper illustrates how the PDA scale can be a useful guide for information security research and design by briefly discussing the factor structure of the PDA and related results.

This study addresses a genuine gap in research by taking the first step towards establishing empirical evidence for dimensions underlying personal data attitudes. It also adds a significant benchmark to a growing body of literature on understanding and modelling computer users’ security behaviours.

The purpose of this paper is to investigate the impact of reciprocity in privacy settings on the compromises and losses in utility encountered by users. The authors base our study on WhatsApp because of the inherent reciprocity in its privacy settings to understand users’ preferences and reasoning in choosing a particular setting in light of its reciprocal consequence.

The authors present a qualitative study whereby we conducted a series of in-depth interviews with 15 individuals, representing a range of ages, nationalities, work experience and WhatsApp usage frequency. The interviews were semi-structured and thematic analysis was employed.

The results showed that reciprocity has a strong influence on privacy choices, and users over time adjusted their settings continuously in various ways to balance the overall utility of the application and their privacy. Type of contacts, usage frequency and underlying intent in using the application significantly impact privacy choices.

The findings recommend improved design for Mobile Instant Messaging that enables flexible privacy configurations that can be controlled separately for different groups and for individual contacts.

The paper provides original insights into how reciprocity affects the utility of the application and the privacy choices of the users. The investigation is unique in that the authors know of no other study that looked into the notion of reciprocity and how it affects users’ privacy choices and preferences when built in to Mobile Instant Messaging applications. Overall, the authors believe that this paper adds significantly to a growing body of research on privacy and social media.

This paper aims to describe a method for combining perceived community support, relationship quality and the extended technology acceptance model in the same empirically derived associative network. The research also examines the moderating role of accumulation of knowledge (based on beliefs and opinions) derived from social interactions.

The Pathfinder algorithm is a valid approach for determining network structures from relatedness data. Such a graphical representation provides managers with a comprehensible picture of how social behaviours relate to loyalty-based dimensions.

As the benefits of community participation and integration might be differently evaluated by new and long-term users, the research examines the associative network by levels of user familiarity. This study indeed contributes to the analysis of enduring social bonds with respect to individuals’ decision-making processes, as it provides details representing specific relationships between diverse concepts based on true-loyalty.

The application of Pathfinder to the study of online social services and user behaviour appears to have potential for unveiling the structures of social network sites members and designing successful strategies for prospective community managers.

This is the first study to the author’s knowledge that empirically tests a theory-grounded framework for integrating individual characteristics and relational driver and focuses on associative structures evidenced as a representation of the most salient loyalty-based concepts by also studying the moderating effects of familiarity.

Past research shows that users of smart home devices (SHDs) have privacy concerns. These concerns have been validated from technical research that shows SHDs introduce a lot of privacy risks. However, there is limited research in addressing these concerns and risks. This paper aims to bridge this gap by informing the design of data-related privacy controls for SHDs.

In this paper, the authors follow a user-centered design approach to design data-related privacy controls from design requirements backed by literature. The authors test the design for usability and perceived information control using psychometrically validated scales. For this purpose, two variations of the prototype (MyCam1 with a listing of data-related privacy controls and MyCam2 with three privacy presets) were created and tested them in a between-subjects experimental setting. Study participants (n = 207) were recruited via Mechanical Turk and asked to use the prototype app. An online survey was distributed to the participants to measure some usability and privacy-related constructs.

Findings show that the presented prototype designs were usable and met the privacy control needs of users. The prototype design with privacy presets (MyCam2) was found to be significantly more usable than the list of privacy controls (MyCam1).

The findings of this paper are original and build on the paper presented at the International Symposium on Human Aspects of Information Security and Assurance (HAISA 2022). This paper contributes improved and usable designs of privacy controls for smart home applications.

The purpose of this paper is to develop a usable configuration management for Archistar, which utilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure and privacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and other settings for securely storing the secret data shares, while meeting all of end user’s requirements and other restrictions, is a complex task. In particular, complex trade-offs between different protection goals and legal privacy requirements need to be made.

A human-centered design approach with structured interviews and cognitive walkthroughs of user interface mockups with system administrators and other technically skilled users was used.

Even technically skilled users have difficulties to adequately select secret sharing parameters and other configuration settings for adequately securing the data to be outsourced.

Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.

The authors present novel human computer interaction (HCI) guidelines for a usable configuration management, which propose to automatically set configuration parameters and to solve trade-offs based on the type of data to be stored in the cloud. Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.

The purpose of this paper is to present the approach taken within the PrimeLife project for designing user‐friendly privacy policy interfaces for the PrimeLife Policy Language (PPL) and report on the lessons learned when designing interfaces for privacy policy management and display.

Taking an iterative process of design, the authors developed the interface of the “Send Data?” prototype, a browser extension designed and developed to deal with the powerful features provided by PPL, and having the purpose of helping users to make conscious decisions on the dissemination of their personal information. The proposed interface introduces the novel features of “on the fly” privacy management, predefined levels of privacy settings, and simplified selection of anonymous credentials. The last iteration of the prototype has been tested using a cognitive walkthrough approach.

Results from usability tests show that users understood and appreciate most of the features contained within the interface and they perceived their benefit for protecting their privacy online. However, improvement is still needed in order to make the display and management of privacy policies more intuitive and seamless. Showing privacy mismatches inside a two‐dimensional table was preferred by users in general.

The paper introduces the novelty of “on the fly” privacy management, which lets users adapt and organize their own privacy preferences whilst an online transaction takes place, Also, it allows users to select credentials to identify themselves in a simpler manner.

A huge amount of personal and sensitive data are shared on Facebook, which makes it a prime target for attackers. Adversaries can exploit third-party applications connected to a user’s Facebook profiles (i.e. Facebook apps) to gain access to this personal information. Users’ lack of knowledge and the varying privacy policies of these apps make them further vulnerable to information leakage. However, little has been done to identify mismatches between users’ perceptions and the privacy policies of Facebook apps. This paper aims to address this challenge in the work.

The authors conducted a lab study with 31 participants, where the authors received data on how they share information on Facebook, their Facebook-related security and privacy practices and their perceptions on the privacy aspects of 65 frequently-used Facebook apps in terms of data collection, sharing and deletion. The authors then compared participants’ perceptions with the privacy policy of each reported app. Participants also reported their expectations about the types of information that should not be collected or shared by any Facebook app.

The analysis reveals significant mismatches between users’ privacy perceptions and reality (i.e. privacy policies of Facebook apps), where the authors identified over-optimism not only in users’ perceptions of information collection but also in their self-efficacy in protecting their information in Facebook despite experiencing negative incidents in the past.

To the best of the knowledge, this is the first study on the gap between users’ privacy perceptions around Facebook apps and reality. The findings from this study offer direction for future research to address that gap through designing usable, effective and personalized privacy notices to help users to make informed decisions about using Facebook apps.