Evaluating End Users’ Online Privacy Preferences and Identifying PET Design Requirements: A Literature Review

Kolivodiakos, Paraskevas

January 2018

In this research end user privacy preferences regarding online resources web and mobile applications and websites are investigated and design requirements needed for the development of a privacy focused, privacy enhancing technology tool are identified, as derived from the literature, the crowd source based solution is the most appealing solution so it is fully analyzed according to our research main focus.

Evaluating Privacy Preferences

privacy in web apps

privacy in android

Computer Systems

Datorsystem

Brand Equity and Data Privacy: Beyond Selling Eyeballs : A business case for online privacy-friendly data practices in regions covered by the GDPR.

Arango Kure, Maria

January 2022

This thesis investigates the ways in which businesses’ privacy practices in pay-with-data scenarios affect the way users interact with the business, both in terms of their on-site behavior and the creation of brand equity, in regions covered by the GDPR. I address a gap in the literature by exploring a possible business case for using privacy-friendly data collection practices in the context of brand equity creation and growth. The methodology consists in a randomized survey experiment with a 3 x 3 within-subjects design, with participants recruited via Prolific. Results show that privacy-friendly practices reduce the likelihood of transaction abandonment use of data falsification and other data controlling techniques which reduce data accuracy and quality; they also show an increased likelihood in forming trust associations with the brand and resulting in increased brand preference and willingness to recommend the brand to friends and family. The primary practical implication is that an increase in conversion rates, collected data accuracy and increased brand equity are integral to building a business case in favor of privacy-friendly approaches in online scenarios.

Online brand equity

consumer behavior

pay-with-data transactions

data disclosure

privacy preferences

data control techniques

Engineering and Technology

Teknik och teknologier

Recommending privacy preferences in location-sharing services

Zhao, Yuchen

January 2017

Location-sharing services have become increasingly popular with the proliferation of smartphones and online social networks. People share their locations with each other to record their daily lives or satisfy their social needs. At the same time, inappropriate disclosure of location information poses threats to people's privacy. One of the reasons why people fail to protect their location privacy is the difficulty of using the current mechanisms to manually configure location-privacy settings. Since people's location-privacy preferences are context-aware, manual configuration is cumbersome. People's incapability and unwillingness to do so lead to unexpected location disclosures that violate their location privacy. In this thesis, we investigate the feasibility of using recommender systems to help people protect their location privacy. We examine the performance of location-privacy recommender systems and compare it with the state-of-the-art. We also conduct online user studies to understand people's acceptance of such recommender systems and their concerns. We revise our design of the systems according to the results of the user studies. We find that user-based collaborative filtering can accurately recommend location-privacy preferences and outperform the state-of-the-art when training data are insufficient. From users' perspective, their acceptance of location-privacy recommender systems is affected by the openness and the context of recommendations and their privacy concerns about the systems. It is feasible to use data obfuscation or decentralisation to alleviate people's concerns and meanwhile keep the systems robust against malicious data attacks.

621.382

Towards Automated Negotiation : A qualitative study on privacy preferences

Huang, Zhiqian, Mrška, Dalibor

January 2023

Users have limited knowledge and control over their data, while needing personalization-based services that are requesting their data. The Automated Privacy Negotiation Agent (APNA) model is brought up as a solution by assisting users’ privacy management with less effort, but more accurate options. To bring insights for APNA to gather requirements from different users, this research described how users have been managing their privacy settings and consenting, and their preferences when it comes to their data processing through semi-structured interviews. We conducted interviews on 11 participants with different levels of motivation and knowledge to enhance privacy, from ages 21 to 35, living in Jönköping, Sweden. By thematic analysis we identified and described 5 types of behaviour and how users have articulated their considerations behind each of the 5 types of behaviour. We found 22 privacy preferences of users when it comes to how their data should be collected, stored, and used. These could be considered as required options to be implemented in the preference set-up.

online privacy

privacy preferences

automated privacy negotiation

privacy settings

privacy-enhancing technology

consenting behaviour

personal data

Övrig annan teknik

Towards Usable Privacy and Identity Management for Smart Environments

Islami, Lejla

January 2022

Smart environments provide users with a large number of new services that will improve their lives, however, they also have the potential for collecting staggering amounts of personal information, which, if misused, poses a multitude of privacy threats to users ranging from identification, tracking, stalking, monitoring and profiling. Consequently, the users’ right to informational self-determination is at stake in smart environments. Usable Privacy-Enhancing Identity Management (PE-IdM) can re-establish user control by offering users a selection of meaningful privacy preference settings that they could choose from. However, different privacy trade-offs need to be considered and managed for the configuration of the identity management system as well as cultural privacy aspects influencing user's privacy preferences. Guidelines for usable management of privacy settings that address varying end user preferences for control and privacy conflicting goals are needed.   The objective of this thesis is to explore approaches for enforcing usable PE-IdM for smart environments, with a focus on vehicular ad hoc networks (VANETs). To that end, we unravel the technical state of the art regarding the problem space and solutions, as well as investigating users’ privacy preferences cross-culturally in Sweden and South Africa. We elicit requirements for achieving usable PE-IdM, which are based on usable configuration options, offering suitable selectable privacy settings that will cater for the needs and preferences of users with different cultural backgrounds.

Privacy-enhancing technologies (PETs)

Usability

Smart environments

Intelligent transportation systems

Privacy preferences

Qualitative research

Computer Systems

Datorsystem

Um modelo de negociação de privacidade para sistemas de recomendação social

Rocha, Ânderson Kanegae Soares

27 February 2015

Made available in DSpace on 2016-06-02T19:06:22Z (GMT). No. of bitstreams: 1 6770.pdf: 4215500 bytes, checksum: 31340bf5dc86076ef8911622315ba83c (MD5) Previous issue date: 2015-02-27 / Financiadora de Estudos e Projetos / The high rate of growth and variety of information available on the Internet can overwhelm users, not leading them to the best decisions. In this context, social recommender systems play an important role on helping users against the effects of information overload. However, these systems need for data collection from its users social context motivates privacy concerns and may discourage its use. Thus, this dissertation presents a privacy negotiation model for social recommender systems to enable user to control his own privacy from the perspective of computer science. So, the user can decide to provide access to their data considering the personalization benefits that the system can offer him in exchange and is not forced to fully accept the privacy policies though. In this model, the privacy control is possible by means of a user interface design pattern using privacy negotiation techniques. The SocialRecSys social recommender system is an implementation of this model that was used in an evaluation with 32 users. The results showed that users are not satisfied with traditional interfaces and the model can better deal with the potentially different privacy preferences of each user. The results also indicated the high usability of the user interfaces of this model, which increase the flexibility of the systems regarding the configuration options of privacy preferences without harm the usage easiness of it. The implementation of this model shows that this is an alternative to reduce the concerns of privacy of social recommender systems users by increasing the flexibility and providing them a better understanding of the recommender systems. So users can feel encouraged to share their data in social recommender systems and take advantage of its personalization benefits. / A alta taxa de crescimento e variedade de informações disponíveis na Internet podem sobrecarregar os usuários, levando-os a não tomar as melhores decisões. Nesse contexto, os sistemas de recomendação social desempenham um importante papel ao auxiliar os usuários contra os efeitos da sobrecarga de informação. No entanto, a necessidade desses sistemas de coletar dados do contexto social dos seus usuários motiva preocupações de privacidade e pode desencorajar o seu uso. Assim, esta dissertação apresenta um modelo de negociação de privacidade para sistemas de recomendação social visando possibilitar ao usuário o controle de sua própria privacidade sob a perspectiva da ciência da computação. Desse modo o usuário pode decidir fornecer acesso aos seus dados considerando os benefícios de personalização que o sistema pode lhe oferecer em troca e ele não é obrigado a aceitar completamente as politicas de privacidade. Nesse modelo, o controle de privacidade é possível por meio de um padrão de projeto de interface de usuário que faz uso de técnicas de negociação de privacidade. O sistema de recomendação social SocialRecSys é uma implementação desse modelo e foi utilizado em uma avaliação com 32 usuários. Os resultados evidenciaram que os usuários não estão satisfeitos com as interfaces tradicionais e que o modelo apresentado pode tratar melhor as potencialmente diferentes preferências de privacidade de cada usuário. Os resultados também indicam a alta usabilidade das interfaces de usuário desse modelo. São interfaces que aumentam a flexibilidade dos sistemas em relação às opções de configuração de preferências de privacidade, sem tornar mais complexo o uso desses sistemas. A implementação do modelo proposto se mostra uma alternativa para reduzir as preocupações com privacidade dos usuários de sistemas de recomendação social, aumentando a flexibilidade e provendo aos usuários maior entendimento desses sistemas. Assim, os usuários podem se sentir encorajados a compartilhar seus dados com os sistemas de recomendação social e desfrutar de seus benefícios de personalização.

Privacidade e personalização

Negociação

Sistemas de recomendação

Redes sociais online

Controle de privacidade

Preocupações com privacidade

Web social

Privacy negotiation

Social recommender systems

Privacy control

Privacy personalization

Privacy preferences

Privacy concerns

Social web