Motivating Users to Manage Privacy Concerns in Cyber-Physical Settings—A Design Science Approach Considering Self-Determination Theory

Connectivity is key to the latest technologies propagating into everyday life. Cyber-Physical Systems (CPS) and Internet-of-Things (IoT) applications enable users, machines, and technologically enriched objects (‘Things’) to sense, communicate, and interact with their environment. Albeit making human beings’ lives more comfortable, these systems collect huge quantities of data that may affect human privacy and their digital sovereignty. Engaging in control over individuals by digital means, the data and the artefacts that process privacy-relevant data can be addressed by Self-Determination Theory (SDT) and its established instruments. In this paper, we discuss how the theory and its methodological knowledge can be considered for user-centric privacy management. We set the stage for studying motivational factors to improve user engagement in identifying privacy needs and preserving privacy when utilizing or aiming to adapt CPS or IoT applications according to their privacy needs. SDT considers user autonomy, self-perceived competence, and social relatedness relevant for human engagement. Embodying these factors into a Design Science-based CPS development framework could help to motivate users to articulate privacy needs and adopt cyber-physical technologies for personal task accomplishment.

Youth media repertoires: Age ranges, context factors and privacy management

The overall aim of the study is to trace the interaction between the composition of the media repertoire and the everyday world of adolescents, also looking at privacy management in the course of acquiring digital communication media as part of the media repertoire. In order to do justice to this complexity, young people were not considered as a uniform demographic group, but were divided into three stages. Through this differentiation, a recursive process is to be worked out that makes it possible to also include contextual influencing factors such as peer group, family environment etc. and to expand previous findings on the media repertoire of young people. As a result of this approach, a multi-stage development process was elaborated as well as the privacy management of digital communication media of young people.

When Facebook Becomes a Part of the Self: How Do Motives for Using Facebook Influence Privacy Management?

This study examines how three different motivations for using an SNS (i.e., self-expression, belonging, and memory archiving) influence multi-facets of privacy boundary management on the platform mediated by self-extension to it. In recognition of the fact that information management on SNSs often goes beyond the “disclosure-withdrawal” dichotomy, the study investigates the relationships between the three SNS motives and privacy boundary management strategies (i.e., collective boundary and boundary turbulence management). An online survey with Facebook users (N = 305) finds that the three Facebook motivations are positively correlated to users’ self-extension to Facebook. The motivations for using Facebook are positively associated with the management of different layers of privacy boundaries (i.e., basic, sensitive, and highly sensitive), when Facebook self-extension is mediated. In addition, the three motives have indirect associations with potential boundary turbulence management mediated by Facebook self-extension. Extending the classic idea that privacy is deeply rooted in the self, the study demonstrates that perceiving an SNS as part of the self-system constitutes a significant underlying psychological factor that explains the linkage between motives for using SNSs and privacy management.

Moving beyond consent in data privacy law. An effective privacy management system for Internet services

<p>This thesis looks for a way to overcome the failure of consent as a means of addressing privacy problems associated with online services. It argues that consent to collection and use of personal data is an imperfect mechanism for individual authorisation because data privacy in relation to online services is a dynamic, continuous process. If people are to have autonomous choice in respect of their privacy processes, then they need to be able to manage these processes themselves. After careful examination of online services which pinpoints both the privacy problems caused by online service providers and the particular features of the online environment, the thesis devises a set of measures to enable individuals to manage these processes. The tool for achieving this is a Privacy Management Model (PMM) which consists of three interlocking functions: controlling (which consent may be a part of), organising, and planning. The thesis then proposes a way of implementing these functions in the context of online services. This requires a mix of regulatory tools: a particular business model in which individuals are supported by third parties (Personal Information Administrators), a set of technical/architectural tools to manage data within the ICT systems of the online service providers, and laws capable of supporting all these elements. The proposed legal measures aim to overcome the shortcomings of procedural principles by implementing a comprehensive model in which substantive legal principle underpins a bundle of statutory-level laws which enable privacy management functions. Those are explained against the background of the General Data Protection Regulation. All of this is designed to change the way decision-makers think about Internet privacy and form the theoretical backbone of the next generation of privacy laws.</p>

Moving beyond consent in data privacy law. An effective privacy management system for Internet services

<p>This thesis looks for a way to overcome the failure of consent as a means of addressing privacy problems associated with online services. It argues that consent to collection and use of personal data is an imperfect mechanism for individual authorisation because data privacy in relation to online services is a dynamic, continuous process. If people are to have autonomous choice in respect of their privacy processes, then they need to be able to manage these processes themselves. After careful examination of online services which pinpoints both the privacy problems caused by online service providers and the particular features of the online environment, the thesis devises a set of measures to enable individuals to manage these processes. The tool for achieving this is a Privacy Management Model (PMM) which consists of three interlocking functions: controlling (which consent may be a part of), organising, and planning. The thesis then proposes a way of implementing these functions in the context of online services. This requires a mix of regulatory tools: a particular business model in which individuals are supported by third parties (Personal Information Administrators), a set of technical/architectural tools to manage data within the ICT systems of the online service providers, and laws capable of supporting all these elements. The proposed legal measures aim to overcome the shortcomings of procedural principles by implementing a comprehensive model in which substantive legal principle underpins a bundle of statutory-level laws which enable privacy management functions. Those are explained against the background of the General Data Protection Regulation. All of this is designed to change the way decision-makers think about Internet privacy and form the theoretical backbone of the next generation of privacy laws.</p>

The Effectiveness of Adaptation Methods in Improving User Engagement and Privacy Protection on Social Network Sites

Research finds that the users of Social Networking Sites (SNSs) often fail to comprehensively engage with the plethora of available privacy features— arguably due to their sheer number and the fact that they are often hidden from sight. As different users are likely interested in engaging with different subsets of privacy features, an SNS could improve privacy management practices by adapting its interface in a way that proactively assists, guides, or prompts users to engage with the subset of privacy features they are most likely to benefit from. Whereas recent work presents algorithmic implementations of such privacy adaptation methods, this study investigates the optimal user interface mechanism to present such adaptations. In particular, we tested three proposed “adaptation methods” (automation, suggestions, highlights) in an online between-subjects user experiment in which 406 participants used a carefully controlled SNS prototype. We systematically evaluate the effect of these adaptation methods on participants’ engagement with the privacy features, their tendency to set stricter settings (protection), and their subjective evaluation of the assigned adaptation method. We find that the automation of privacy features afforded users the most privacy protection, while giving privacy suggestions caused the highest level of engagement with the features and the highest subjective ratings (as long as awkward suggestions are avoided). We discuss the practical implications of these findings in the effectiveness of adaptations improving user awareness of, and engagement with, privacy features on social media.

A Novel Fingerprinting Technique for Data Storing and Sharing through Clouds

With the emerging growth of digital data in information systems, technology faces the challenge of knowledge prevention, ownership rights protection, security, and privacy measurement of valuable and sensitive data. On-demand availability of various data as services in a shared and automated environment has become a reality with the advent of cloud computing. The digital fingerprinting technique has been adopted as an effective solution to protect the copyright and privacy of digital properties from illegal distribution and identification of malicious traitors over the cloud. Furthermore, it is used to trace the unauthorized distribution and the user of multimedia content distributed through the cloud. In this paper, we propose a novel fingerprinting technique for the cloud environment to protect numeric attributes in relational databases for digital privacy management. The proposed solution with the novel fingerprinting scheme is robust and efficient. It can address challenges such as embedding secure data over the cloud, essential to secure relational databases. The proposed technique provides a decoding accuracy of 100%, 90%, and 40% for 10% to 30%, 40%, and 50% of deleted records.

Fitness Tracker Information and Privacy Management: Empirical Study

Background Fitness trackers allow users to collect, manage, track, and monitor fitness-related activities, such as distance walked, calorie intake, sleep quality, and heart rate. Fitness trackers have become increasingly popular in the past decade. One in five Americans use a device or an app to track their fitness-related activities. These devices generate massive and important data that could help physicians make better assessments of their patients’ health if shared with health providers. This ultimately could lead to better health outcomes and perhaps even lower costs for patients. However, sharing personal fitness information with health care providers has drawbacks, mainly related to the risk of privacy loss and information misuse. Objective This study investigates the influence of granting users granular privacy control on their willingness to share fitness information. Methods The study used 270 valid responses collected from Mtrurkers through Amazon Mechanical Turk (MTurk). Participants were randomly assigned to one of two groups. The conceptual model was tested using structural equation modeling (SEM). The dependent variable was the intention to share fitness information. The independent variables were perceived risk, perceived benefits, and trust in the system. Results SEM explained about 60% of the variance in the dependent variable. Three of the four hypotheses were supported. Perceived risk and trust in the system had a significant relationship with the dependent variable, while trust in the system was not significant. Conclusions The findings show that people are willing to share their fitness information if they have granular privacy control. This study has practical and theoretical implications. It integrates communication privacy management (CPM) theory with the privacy calculus model.