A recommendation approach for user privacy preferences in the fitness domain

  • Odnan Ref Sanchez
  • Ilaria TorreEmail author
  • Yangyang He
  • Bart P. Knijnenburg


Fitness trackers are undoubtedly gaining in popularity. As fitness-related data are persistently captured, stored, and processed by these devices, the need to ensure users’ privacy is becoming increasingly urgent. In this paper, we apply a data-driven approach to the development of privacy-setting recommendations for fitness devices. We first present a fitness data privacy model that we defined to represent users’ privacy preferences in a way that is unambiguous, compliant with the European Union’s General Data Protection Regulation (GDPR), and able to represent both the user and the third party preferences. Our crowdsourced dataset is collected using current scenarios in the fitness domain and used to identify privacy profiles by applying machine learning techniques. We then examine different personal tracking data and user traits which can potentially drive the recommendation of privacy profiles to the users. Finally, a set of privacy-setting recommendation strategies with different guidance styles are designed based on the resulting profiles. Interestingly, our results show several semantic relationships among users’ traits, characteristics, and attitudes that are useful in providing privacy recommendations. Even though several works exist on privacy preference modeling, this paper makes a contribution in modeling privacy preferences for data sharing and processing in the IoT and fitness domain, with specific attention to GDPR compliance. Moreover, the identification of well-identified clusters of preferences and predictors of such clusters is a relevant contribution for user profiling and for the design of interactive recommendation strategies that aim to balance users’ control over their privacy permissions and the simplicity of setting these permissions.


Privacy preferences Fitness trackers Profiling Privacy-setting recommendations Privacy management Wearable IoT devices 



  1. Abhigna, B., Soni, N., Dixit, S.: Crowdsourcing—a step towards advanced machine learning. Proc. Comput. Sci. 132, 632–642 (2018)CrossRefGoogle Scholar
  2. Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)CrossRefGoogle Scholar
  3. Agarwal, Y., Hall, M.: Protectmyprivacy: detecting and mitigating privacy leaks on IOS devices using crowdsourcing. In: Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services, pp. 97–110. ACM (2013)Google Scholar
  4. Almuhimedi, H., Schaub, F., Sadeh, N., Adjerid, I., Acquisti, A., Gluck, J., Cranor, L.F., Agarwal, Y.: Your location has been shared 5398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)Google Scholar
  5. Assad, M., Carmichael, D., Kay, J., Kummerfeld, B.: Giving users control over location privacy. In: Workshop on Ubicomp Privacy (2007)Google Scholar
  6. Bahirat, P., He, Y., Menon, A., Knijnenburg, B.: A data-driven approach to developing iot privacy-setting interfaces. In: 23rd International Conference on Intelligent User Interfaces, pp. 165–176. ACM (2018)Google Scholar
  7. Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Proceedings of the Third European Conference on Computer-Supported Cooperative Work, 13–17 September 1993, Milan, Italy ECSCW’93, pp. 77–92. Springer (1993)Google Scholar
  8. Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: Mockdroid: trading privacy for application functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)Google Scholar
  9. Brank, J., Grobelnik, M., Mladenić, D.: A survey of ontology evaluation techniques. In Proceedings of the conference on data mining and data warehouses (SiKDD 2005). Ljubljana, Slovenia, pp. 166–170 (2005)Google Scholar
  10. Brar, A., Kay, J.: Privacy and Security in Ubiquitous Personalized Applications. University of Sydney, School of Information Technologies, Sydney (2004)Google Scholar
  11. Carmagnola, F., Osborne, F., Torre, I.: Escaping the big brother: an empirical study on factors influencing identification and information leakage on the web. J. Inf. Sci. 40(2), 180–197 (2014)CrossRefGoogle Scholar
  12. Chakraborty, S., Shen, C., Raghavan, K.R., Shoukry, Y., Millar, M., Srivastava, M.B.: ipshield: A framework for enforcing context-aware privacy. In: NSDI, pp. 143–156 (2014)Google Scholar
  13. Chaturvedi, A., Green, P.E., Caroll, J.D.: \(K\)-modes clustering. J. Classif. 18(1), 35–55 (2001)MathSciNetCrossRefGoogle Scholar
  14. Chaudhry, A., Crowcroft, J., Howard, H., Madhavapeddy, A., Mortier, R., Haddadi, H., McAuley, D.: Personal data: thinking inside the box. In: Proceedings of The Fifth Decennial Aarhus Conference on Critical Alternatives, pp. 29–32. Aarhus University Press (2015)Google Scholar
  15. Conger, S., Pratt, J.H., Loch, K.D.: Personal information privacy and emerging technologies. Inf. Syst. J. 23(5), 401–417 (2013). CrossRefGoogle Scholar
  16. Dinev, T., Hart, P.: An extended privacy calculus model for e-commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006)CrossRefGoogle Scholar
  17. Egele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: Detecting privacy leaks in ios applications. In: NDSS, pp. 177–183 (2011)Google Scholar
  18. Elluri, L., Joshi, K.P., et al.: A knowledge representation of cloud data controls for EU GDPR compliance. In: 11th IEEE International Conference on Cloud Computing (CLOUD) (2018)Google Scholar
  19. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 1–14. ACM (2012)Google Scholar
  20. Fu, H., Yang, Y., Shingte, N., Lindqvist, J., Gruteser, M.: A field study of run-time location access disclosures on android smartphones. Proc. Usable Secur. 14, 10 (2014)Google Scholar
  21. Google/Ipsos, U.: How people discover, use, and stay engaged with apps, pp. 1–15 (2016).
  22. He, Y., Bahirat, P., Menon, A., Knijnenburg, B.P.: A data driven approach to designing for privacy in household iot. ACM Trans. Interact. Intell. Syst. 10(1) (2019)CrossRefGoogle Scholar
  23. Hlomani, H., Stacey, D.: Approaches, methods, metrics, measures, and subjectivity in ontology evaluation: a survey. Semant. Web J. 1(5), 1–11 (2014)Google Scholar
  24. Johnson, E.J., Bellman, S., Lohse, G.L.: Defaults, framing and privacy: why opting in-opting out. Market. Lett. 13(1), 5–15 (2002)CrossRefGoogle Scholar
  25. Joosse, M., Lohse, M., Evers, V.: Crowdsourcing culture in HRI: Lessons learned from quantitative and qualitative data collections. In: 3rd International Workshop on Culture Aware Robotics at ICSR, vol. 15 (2015)Google Scholar
  26. Kay, J., Kummerfeld, B.: Scrutability, user control and privacy for distributed personalization. In: Proceedings of the CHI2006 Workshop on Privacy-Enhanced Personalization, pp. 21–22 (2006)Google Scholar
  27. Kay, J., Kummerfeld, B., Lauder, P.: Personis: a server for user models. In: International Conference on Adaptive Hypermedia and Adaptive Web-Based Systems, pp. 203–212. Springer (2002)Google Scholar
  28. Kelley, P., Consolvo, S., Cranor, L., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: International conference on Financial Cryptography and Data Security, Springer, Berlin, Heidelberg, pp. 68–79 (2012)CrossRefGoogle Scholar
  29. Knijnenburg, B., Raybourn, E., Cherry, D., Wilkinson, D., Sivakumar, S., Sloan, H.: Death to the privacy calculus? (2017). Available at SSRN:
  30. Knijnenburg, B.P.: Information disclosure profiles for segmentation and recommendation. In: SOUPS2014 Workshop on Privacy Personas and Segmentation (2014)Google Scholar
  31. Knijnenburg, B.P.: A user-tailored approach to privacy decision support. Ph.D. Thesis, University of California, Irvine (2015).
  32. Knijnenburg, B.P.: Privacy? I can’t even! Making a case for user-tailored privacy. IEEE Secur. Privacy 15(4), 62–67 (2017)CrossRefGoogle Scholar
  33. Knijnenburg, B.P., Jin, H.: The persuasive effect of privacy recommendations. In: Twelth Annual Workshop on HCI Research in MIS, Milan (2013).
  34. Knijnenburg, B.P., Kobsa, A.: Helping users with information disclosure decisions: potential for adaptation. In: Proceedings of the 2013 International Conference on Intelligent User Interfaces, pp. 407–416. ACM (2013)Google Scholar
  35. Knijnenburg, B.P., Kobsa, A., Jin, H.: Counteracting the negative effect of form auto-completion on the privacy calculus. In: ICIS 2013 Proceedings, Milan (2013)Google Scholar
  36. Knijnenburg, B.P., Kobsa, A., Jin, H.: Dimensionality of information disclosure behavior. Int. J. Hum. Comput. Stud. 71(12), 1144–1162 (2013). CrossRefGoogle Scholar
  37. Kobsa, A.: Tailoring privacy to users’ needs. In: International Conference on User Modeling, pp. 301–313. Springer (2001)Google Scholar
  38. Kodinariya, T.M., Makwana, P.R.: Review on determining number of cluster in \(k\)-means clustering. Int. J. 1(6), 90–95 (2013)Google Scholar
  39. Kurtz, C., Semmann, M., Schulz, W.: Towards a framework for information privacy in complex service ecosystems. In: ICIS 2018 Proceedings (2018).
  40. Lee, H., Kobsa, A.: Understanding user privacy in internet of things environments. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 407–412. IEEE (2016)Google Scholar
  41. Lee, H., Kobsa, A.: Privacy preference modeling and prediction in a simulated campuswide iot environment. In: IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 276–285. IEEE (2017)Google Scholar
  42. Li, Y., Kobsa, A., Knijnenburg, B.P., Nguyen, M.C.: Cross-cultural privacy prediction. Proc. Privacy Enhanc. Technol. 2017(2), 113–132 (2017)CrossRefGoogle Scholar
  43. Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In proceedings of the 10th Symposium On Usable Privacy and Security (SOUPS), pp. 199–212 (2014)Google Scholar
  44. Liu, B., Andersen, M.S., Schaub, F., Almuhimedi, H., Zhang, S., Sadeh, N., Acquisti, A., Agarwal, Y.: Follow my recommendations: A personalized privacy assistant for mobile app permissions. In: Twelfth Symposium on Usable Privacy and Security, pp. 26–41 (2016)Google Scholar
  45. Liu, B., Lin, J., Sadeh, N.: Reconciling mobile app privacy and usability on smartphones: Could user privacy profiles help? In: Proceedings of the 23rd International Conference on World Wide Web, pp. 201–212. ACM (2014b)Google Scholar
  46. Madejski, M., Johnson, M., Bellovin, S.: A study of privacy settings errors in an online social network. In: Fourth International Workshop on Security and Social Networking, SECSOC ’12, pp. 340–345. Lugano (2012).
  47. Malhotra, N.K., Kim, S.S., Agarwal, J.: Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Inf. Syst. Res. 15(4), 336–355 (2004)CrossRefGoogle Scholar
  48. Noy, N.F., McGuinness, D.L., et al.: Ontology development 101: a guide to creating your first ontology. Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880, March 2001 (2001)
  49. Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: Pronto: privacy ontology for legal reasoning. In: International Conference on Electronic Government and the Information Systems Perspective, pp. 139–152. Springer (2018)Google Scholar
  50. Pandit, H., Lewis, D.: Modelling provenance for GDPR compliance using linked open data vocabularies. In: 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn 2017), CEUR 1951 (2017).
  51. Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: Gdprtext-gdpr as a linked data resource. In: European Semantic Web Conference, pp. 481–495. Springer (2018)Google Scholar
  52. Patil, T.R., Sherekar, S.: Performance analysis of naive bayes and j48 classification algorithm for data classification. Int. J. Comput. Sci. Appl. 6(2), 256–261 (2013)Google Scholar
  53. Perera, C., Liu, C., Ranjan, R., Wang, L., Zomaya, A.Y.: Privacy-knowledge modeling for the internet of things: a look back. Computer 49(12), 60–68 (2016)CrossRefGoogle Scholar
  54. Raber, F., Krüger, A.: Deriving privacy settings for location sharing: Are context factors always the best choice? In: 2018 IEEE Symposium on Privacy-Aware Computing (PAC), pp. 86–94. IEEE (2018)Google Scholar
  55. Rafailidis, D., Nanopoulos, A.: Modeling users preference dynamics and side information in recommender systems. IEEE Trans. Syst. Man Cybern. Syst. 46(6), 782–792 (2016)CrossRefGoogle Scholar
  56. Sacco, O., Breslin, J.G.: Ppo & ppm 2.0: extending the privacy preference framework to provide finer-grained access control for the web of data. In: Proceedings of the 8th International Conference on Semantic Systems, pp. 80–87 (2012)Google Scholar
  57. Sanchez, O., Torre, I., Knijnenburg, B.: Semantic-based privacy settings negotiation and management. In: Future Generation Computer Systems (2019). (Under publication)Google Scholar
  58. Schemmann, B., Herrmann, A.M., Chappin, M.M., Heimeriks, G.J.: Crowdsourcing ideas: involving ordinary users in the ideation phase of new product development. Res. Policy 45(6), 1145–1154 (2016)CrossRefGoogle Scholar
  59. Sharma, S., Chen, K., Sheth, A.: Toward practical privacy-preserving analytics for iot and cloud-based healthcare systems. IEEE Internet Comput. 22(2), 42–51 (2018)CrossRefGoogle Scholar
  60. Si, C., Jiao, L., Wu, J., Zhao, J.: A group evolving-based framework with perturbations for link prediction. Physica A 475, 117–128 (2017)CrossRefGoogle Scholar
  61. Smith, H.J., Milberg, S.J., Burke, S.J.: Information privacy: measuring individuals’ concerns about organizational practices. MIS Quarterly: Management Information Systems 20(2), 167–196 (1996)CrossRefGoogle Scholar
  62. Sutanto, J., Palme, E., Tan, C.H., Phang, C.W.: Addressing the personalization-privacy paradox: an empirical assessment from a field experiment on smartphone users. Mis Quart. 37(4), 1141–1164 (2013)CrossRefGoogle Scholar
  63. The European Parliament and the Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council. Official Journal of the European Union, p. 1:88 (2016)Google Scholar
  64. Torre, I., Adorni, G., Koceva, F., Sanchez, O.: Preventing disclosure of personal data in iot networks. In: 12th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS), pp. 389–396. IEEE (2016a)Google Scholar
  65. Torre, I., Koceva, F., Sanchez, O.R., Adorni, G.: Fitness trackers and wearable devices: How to prevent inference risks? In: Proceedings of the 11th EAI International Conference on Body Area Networks, pp. 125–131. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2016b)Google Scholar
  66. Torre, I., Koceva, F., Sanchez, O.R., Adorni, G.: A framework for personal data protection in the iot. In: 11th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 384–391. IEEE (2016c)Google Scholar
  67. Torre, I., Sanchez, O.R., Koceva, F., Adorni, G.: Supporting users to take informed decisions on privacy settings of personal devices. Pers. Ubiquit. Comput. 22(2), 345–364 (2018)CrossRefGoogle Scholar
  68. Tsai, L., Wijesekera, P., Reardon, J., Reyes, I., Egelman, S., Wagner, D., Good, N., Chen, J.W.: Turtle guard: helping android users apply contextual privacy preferences. In: Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  69. Vescovi, M., Moiso, C., Pasolli, M., Cordin, L., Antonelli, F.: Building an eco-system of trusted services via user control and transparency on personal data. In: IFIP International Conference on Trust Management, pp. 240–250. Springer (2015)Google Scholar
  70. Vicente, C.R., Freni, D., Bettini, C., Jensen, C.S.: Location-related privacy in geo-social networks. IEEE Internet Comput. 15(3), 20–27 (2011)CrossRefGoogle Scholar
  71. Walters, M.L., Lohse, M., Hanheide, M., Wrede, B., Syrdal, D.S., Koay, K.L., Green, A., Hüttenrauch, H., Dautenhahn, K., Sagerer, G., et al.: Evaluating the robot personality and verbal behavior of domestic robots using video-based studies. Adv. Robot. 25(18), 2233–2254 (2011)CrossRefGoogle Scholar
  72. Wijesekera, P., Baokar, A., Tsai, L., Reardon, J., Egelman, S., Wagner, D., Beznosov, K.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: IEEE Symposium on Security and Privacy (SP), pp. 1077–1093. IEEE (2017)Google Scholar
  73. Wisniewski, P., Knijnenburg, B.P., Lipford, H.R.: Profiling facebook users privacy behaviors. In: SOUPS2014 Workshop on Privacy Personas and Segmentation (2014)Google Scholar
  74. Woods, S., Walters, M., Koay, K.L., Dautenhahn, K.: Comparing human robot interaction scenarios using live and video based methods: towards a novel methodological approach. In: 9th IEEE International Workshop on Advanced Motion Control, pp. 750–755. IEEE (2006)Google Scholar
  75. Wu, L., Ge, Y., Liu, Q., Chen, E., Hong, R., Du, J., Wang, M.: Modeling the evolution of users’ preferences and social links in social networking services. IEEE Trans. Knowl. Data Eng. 29(6), 1240–1253 (2017)CrossRefGoogle Scholar
  76. Wu, L., Ge, Y., Liu, Q., Chen, E., Long, B., Huang, Z.: Modeling users’ preferences and social links in social networking services: a joint-evolving perspective. In: Thirtieth AAAI Conference on Artificial Intelligence (2016)Google Scholar
  77. Xie, J., Knijnenburg, B.P., Jin, H.: Location sharing privacy preference: analysis and personalized recommendation. In: Proceedings of the 19th international conference on Intelligent User Interfaces, pp. 189–198. ACM (2014)Google Scholar
  78. Xu, H., Dinev, T., Smith, H.J., Hart, P.: Examining the formation of individual’s privacy concerns: toward an integrative view. In: ICIS 2008 Proceedings, p. 6 (2008)Google Scholar
  79. Xu, H., Gupta, S., Rosson, M.B., Carroll, J.M.: Measuring mobile users’ concerns for information privacy, Proc. of the Third International Conference on Information Systems, Orlando, pp. 2278–2293 (2012)Google Scholar
  80. Zhao, Y., Zhu, Q.: Evaluation on crowdsourcing research: current status and future direction. Inf. Syst. Front. 16(3), 417–434 (2014)CrossRefGoogle Scholar
  81. Zhao, Z., Etemad, S.A., Arya, A.: Gamification of exercise and fitness using wearable activity trackers. In: Proceedings of the 10th International Symposium on Computer Science in Sports (ISCSS), pp. 233–240. Springer (2016)Google Scholar

Copyright information

© Springer Nature B.V. 2019

Authors and Affiliations

  1. 1.Department of Computer Science, Bioengineering, Robotics and Systems Engineering (DIBRIS)University of GenoaGenoaItaly
  2. 2.School of ComputingClemson UniversityClemsonUSA

Personalised recommendations