A recommendation approach for user privacy preferences in the fitness domain


Fitness trackers are undoubtedly gaining in popularity. As fitness-related data are persistently captured, stored, and processed by these devices, the need to ensure users’ privacy is becoming increasingly urgent. In this paper, we apply a data-driven approach to the development of privacy-setting recommendations for fitness devices. We first present a fitness data privacy model that we defined to represent users’ privacy preferences in a way that is unambiguous, compliant with the European Union’s General Data Protection Regulation (GDPR), and able to represent both the user and the third party preferences. Our crowdsourced dataset is collected using current scenarios in the fitness domain and used to identify privacy profiles by applying machine learning techniques. We then examine different personal tracking data and user traits which can potentially drive the recommendation of privacy profiles to the users. Finally, a set of privacy-setting recommendation strategies with different guidance styles are designed based on the resulting profiles. Interestingly, our results show several semantic relationships among users’ traits, characteristics, and attitudes that are useful in providing privacy recommendations. Even though several works exist on privacy preference modeling, this paper makes a contribution in modeling privacy preferences for data sharing and processing in the IoT and fitness domain, with specific attention to GDPR compliance. Moreover, the identification of well-identified clusters of preferences and predictors of such clusters is a relevant contribution for user profiling and for the design of interactive recommendation strategies that aim to balance users’ control over their privacy permissions and the simplicity of setting these permissions.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14


  1. 1.


  2. 2.


  3. 3.


  4. 4.


  5. 5.

    Platform for Privacy Preferences https://www.w3.org/P3P/.

  6. 6.


  7. 7.


  8. 8.


  9. 9.


  10. 10.


  11. 11.

    The distinction among such subjects in the GDPR, which clarifies the legal obligations of the TP, is not relevant to the aim of a user-side privacy manager.

  12. 12.


  13. 13.


  14. 14.

    We restricted our study to Fitbit users rather than users of any fitness trackers to make sure that our sample had a more homogeneous existing experience with fitness permission setting interfaces.

  15. 15.

    The prototype can be used at http://pdm-aids.dibris.unige.it/simulation.php.

  16. 16.


  17. 17.


  18. 18.

    We obtain similar results using other clustering algorithms, such as hierarchical clustering.

  19. 19.

    The generally accepted thresholds for odds ratios are 1.68 for a small effect size, 3.47 for a medium effect size, and 6.71 for a large effect size.

  20. 20.

    The UI design can be found in http://pdm-aids.dibris.unige.it/interface/.

  21. 21.



  1. Abhigna, B., Soni, N., Dixit, S.: Crowdsourcing—a step towards advanced machine learning. Proc. Comput. Sci. 132, 632–642 (2018)

    Google Scholar 

  2. Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)

    Google Scholar 

  3. Agarwal, Y., Hall, M.: Protectmyprivacy: detecting and mitigating privacy leaks on IOS devices using crowdsourcing. In: Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services, pp. 97–110. ACM (2013)

  4. Almuhimedi, H., Schaub, F., Sadeh, N., Adjerid, I., Acquisti, A., Gluck, J., Cranor, L.F., Agarwal, Y.: Your location has been shared 5398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)

  5. Assad, M., Carmichael, D., Kay, J., Kummerfeld, B.: Giving users control over location privacy. In: Workshop on Ubicomp Privacy (2007)

  6. Bahirat, P., He, Y., Menon, A., Knijnenburg, B.: A data-driven approach to developing iot privacy-setting interfaces. In: 23rd International Conference on Intelligent User Interfaces, pp. 165–176. ACM (2018)

  7. Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Proceedings of the Third European Conference on Computer-Supported Cooperative Work, 13–17 September 1993, Milan, Italy ECSCW’93, pp. 77–92. Springer (1993)

  8. Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: Mockdroid: trading privacy for application functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)

  9. Brank, J., Grobelnik, M., Mladenić, D.: A survey of ontology evaluation techniques. In Proceedings of the conference on data mining and data warehouses (SiKDD 2005). Ljubljana, Slovenia, pp. 166–170 (2005)

  10. Brar, A., Kay, J.: Privacy and Security in Ubiquitous Personalized Applications. University of Sydney, School of Information Technologies, Sydney (2004)

    Google Scholar 

  11. Carmagnola, F., Osborne, F., Torre, I.: Escaping the big brother: an empirical study on factors influencing identification and information leakage on the web. J. Inf. Sci. 40(2), 180–197 (2014)

    Google Scholar 

  12. Chakraborty, S., Shen, C., Raghavan, K.R., Shoukry, Y., Millar, M., Srivastava, M.B.: ipshield: A framework for enforcing context-aware privacy. In: NSDI, pp. 143–156 (2014)

  13. Chaturvedi, A., Green, P.E., Caroll, J.D.: \(K\)-modes clustering. J. Classif. 18(1), 35–55 (2001)

    MathSciNet  MATH  Google Scholar 

  14. Chaudhry, A., Crowcroft, J., Howard, H., Madhavapeddy, A., Mortier, R., Haddadi, H., McAuley, D.: Personal data: thinking inside the box. In: Proceedings of The Fifth Decennial Aarhus Conference on Critical Alternatives, pp. 29–32. Aarhus University Press (2015)

  15. Conger, S., Pratt, J.H., Loch, K.D.: Personal information privacy and emerging technologies. Inf. Syst. J. 23(5), 401–417 (2013). https://doi.org/10.1111/j.1365-2575.2012.00402.x

    Article  Google Scholar 

  16. Dinev, T., Hart, P.: An extended privacy calculus model for e-commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006)

    Google Scholar 

  17. Egele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: Detecting privacy leaks in ios applications. In: NDSS, pp. 177–183 (2011)

  18. Elluri, L., Joshi, K.P., et al.: A knowledge representation of cloud data controls for EU GDPR compliance. In: 11th IEEE International Conference on Cloud Computing (CLOUD) (2018)

  19. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 1–14. ACM (2012)

  20. Fu, H., Yang, Y., Shingte, N., Lindqvist, J., Gruteser, M.: A field study of run-time location access disclosures on android smartphones. Proc. Usable Secur. 14, 10 (2014)

    Google Scholar 

  21. Google/Ipsos, U.: How people discover, use, and stay engaged with apps, pp. 1–15 (2016). https://www.thinkwithgoogle.com/data/smartphone-users-discover-apps-browsing/

  22. He, Y., Bahirat, P., Menon, A., Knijnenburg, B.P.: A data driven approach to designing for privacy in household iot. ACM Trans. Interact. Intell. Syst. 10(1) (2019)

  23. Hlomani, H., Stacey, D.: Approaches, methods, metrics, measures, and subjectivity in ontology evaluation: a survey. Semant. Web J. 1(5), 1–11 (2014)

    Google Scholar 

  24. Johnson, E.J., Bellman, S., Lohse, G.L.: Defaults, framing and privacy: why opting in-opting out. Market. Lett. 13(1), 5–15 (2002)

    Google Scholar 

  25. Joosse, M., Lohse, M., Evers, V.: Crowdsourcing culture in HRI: Lessons learned from quantitative and qualitative data collections. In: 3rd International Workshop on Culture Aware Robotics at ICSR, vol. 15 (2015)

  26. Kay, J., Kummerfeld, B.: Scrutability, user control and privacy for distributed personalization. In: Proceedings of the CHI2006 Workshop on Privacy-Enhanced Personalization, pp. 21–22 (2006)

  27. Kay, J., Kummerfeld, B., Lauder, P.: Personis: a server for user models. In: International Conference on Adaptive Hypermedia and Adaptive Web-Based Systems, pp. 203–212. Springer (2002)

  28. Kelley, P., Consolvo, S., Cranor, L., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: International conference on Financial Cryptography and Data Security, Springer, Berlin, Heidelberg, pp. 68–79 (2012)

  29. Knijnenburg, B., Raybourn, E., Cherry, D., Wilkinson, D., Sivakumar, S., Sloan, H.: Death to the privacy calculus? (2017). Available at SSRN:http://dx.doi.org/10.2139/ssrn.2923806

  30. Knijnenburg, B.P.: Information disclosure profiles for segmentation and recommendation. In: SOUPS2014 Workshop on Privacy Personas and Segmentation (2014)

  31. Knijnenburg, B.P.: A user-tailored approach to privacy decision support. Ph.D. Thesis, University of California, Irvine (2015). http://search.proquest.com/docview/1725139739/abstract

  32. Knijnenburg, B.P.: Privacy? I can’t even! Making a case for user-tailored privacy. IEEE Secur. Privacy 15(4), 62–67 (2017)

    Google Scholar 

  33. Knijnenburg, B.P., Jin, H.: The persuasive effect of privacy recommendations. In: Twelth Annual Workshop on HCI Research in MIS, Milan (2013). http://aisel.aisnet.org/sighci2013/16

  34. Knijnenburg, B.P., Kobsa, A.: Helping users with information disclosure decisions: potential for adaptation. In: Proceedings of the 2013 International Conference on Intelligent User Interfaces, pp. 407–416. ACM (2013)

  35. Knijnenburg, B.P., Kobsa, A., Jin, H.: Counteracting the negative effect of form auto-completion on the privacy calculus. In: ICIS 2013 Proceedings, Milan (2013)

  36. Knijnenburg, B.P., Kobsa, A., Jin, H.: Dimensionality of information disclosure behavior. Int. J. Hum. Comput. Stud. 71(12), 1144–1162 (2013). https://doi.org/10.1016/j.ijhcs.2013.06.003

    Article  Google Scholar 

  37. Kobsa, A.: Tailoring privacy to users’ needs. In: International Conference on User Modeling, pp. 301–313. Springer (2001)

  38. Kodinariya, T.M., Makwana, P.R.: Review on determining number of cluster in \(k\)-means clustering. Int. J. 1(6), 90–95 (2013)

    Google Scholar 

  39. Kurtz, C., Semmann, M., Schulz, W.: Towards a framework for information privacy in complex service ecosystems. In: ICIS 2018 Proceedings (2018). https://aisel.aisnet.org/icis2018/bridging/Presentations/7

  40. Lee, H., Kobsa, A.: Understanding user privacy in internet of things environments. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 407–412. IEEE (2016)

  41. Lee, H., Kobsa, A.: Privacy preference modeling and prediction in a simulated campuswide iot environment. In: IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 276–285. IEEE (2017)

  42. Li, Y., Kobsa, A., Knijnenburg, B.P., Nguyen, M.C.: Cross-cultural privacy prediction. Proc. Privacy Enhanc. Technol. 2017(2), 113–132 (2017)

    Google Scholar 

  43. Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In proceedings of the 10th Symposium On Usable Privacy and Security (SOUPS), pp. 199–212 (2014)

  44. Liu, B., Andersen, M.S., Schaub, F., Almuhimedi, H., Zhang, S., Sadeh, N., Acquisti, A., Agarwal, Y.: Follow my recommendations: A personalized privacy assistant for mobile app permissions. In: Twelfth Symposium on Usable Privacy and Security, pp. 26–41 (2016)

  45. Liu, B., Lin, J., Sadeh, N.: Reconciling mobile app privacy and usability on smartphones: Could user privacy profiles help? In: Proceedings of the 23rd International Conference on World Wide Web, pp. 201–212. ACM (2014b)

  46. Madejski, M., Johnson, M., Bellovin, S.: A study of privacy settings errors in an online social network. In: Fourth International Workshop on Security and Social Networking, SECSOC ’12, pp. 340–345. Lugano (2012). https://doi.org/10.1109/PerComW.2012.6197507

  47. Malhotra, N.K., Kim, S.S., Agarwal, J.: Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Inf. Syst. Res. 15(4), 336–355 (2004)

    Google Scholar 

  48. Noy, N.F., McGuinness, D.L., et al.: Ontology development 101: a guide to creating your first ontology. Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880, March 2001 (2001) http://www.ksl.stanford.edu/people/dlm/papers/ontology-tutorial-noy-mcguinness.pdf

  49. Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: Pronto: privacy ontology for legal reasoning. In: International Conference on Electronic Government and the Information Systems Perspective, pp. 139–152. Springer (2018)

  50. Pandit, H., Lewis, D.: Modelling provenance for GDPR compliance using linked open data vocabularies. In: 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn 2017), CEUR 1951 (2017). http://ceur-ws.org/Vol-1951/#paper-06

  51. Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: Gdprtext-gdpr as a linked data resource. In: European Semantic Web Conference, pp. 481–495. Springer (2018)

  52. Patil, T.R., Sherekar, S.: Performance analysis of naive bayes and j48 classification algorithm for data classification. Int. J. Comput. Sci. Appl. 6(2), 256–261 (2013)

    Google Scholar 

  53. Perera, C., Liu, C., Ranjan, R., Wang, L., Zomaya, A.Y.: Privacy-knowledge modeling for the internet of things: a look back. Computer 49(12), 60–68 (2016)

    Google Scholar 

  54. Raber, F., Krüger, A.: Deriving privacy settings for location sharing: Are context factors always the best choice? In: 2018 IEEE Symposium on Privacy-Aware Computing (PAC), pp. 86–94. IEEE (2018)

  55. Rafailidis, D., Nanopoulos, A.: Modeling users preference dynamics and side information in recommender systems. IEEE Trans. Syst. Man Cybern. Syst. 46(6), 782–792 (2016)

    Google Scholar 

  56. Sacco, O., Breslin, J.G.: Ppo & ppm 2.0: extending the privacy preference framework to provide finer-grained access control for the web of data. In: Proceedings of the 8th International Conference on Semantic Systems, pp. 80–87 (2012)

  57. Sanchez, O., Torre, I., Knijnenburg, B.: Semantic-based privacy settings negotiation and management. In: Future Generation Computer Systems (2019). (Under publication)

  58. Schemmann, B., Herrmann, A.M., Chappin, M.M., Heimeriks, G.J.: Crowdsourcing ideas: involving ordinary users in the ideation phase of new product development. Res. Policy 45(6), 1145–1154 (2016)

    Google Scholar 

  59. Sharma, S., Chen, K., Sheth, A.: Toward practical privacy-preserving analytics for iot and cloud-based healthcare systems. IEEE Internet Comput. 22(2), 42–51 (2018)

    Google Scholar 

  60. Si, C., Jiao, L., Wu, J., Zhao, J.: A group evolving-based framework with perturbations for link prediction. Physica A 475, 117–128 (2017)

    Google Scholar 

  61. Smith, H.J., Milberg, S.J., Burke, S.J.: Information privacy: measuring individuals’ concerns about organizational practices. MIS Quarterly: Management Information Systems 20(2), 167–196 (1996)

    Google Scholar 

  62. Sutanto, J., Palme, E., Tan, C.H., Phang, C.W.: Addressing the personalization-privacy paradox: an empirical assessment from a field experiment on smartphone users. Mis Quart. 37(4), 1141–1164 (2013)

    Google Scholar 

  63. The European Parliament and the Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council. Official Journal of the European Union, p. 1:88 (2016)

  64. Torre, I., Adorni, G., Koceva, F., Sanchez, O.: Preventing disclosure of personal data in iot networks. In: 12th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS), pp. 389–396. IEEE (2016a)

  65. Torre, I., Koceva, F., Sanchez, O.R., Adorni, G.: Fitness trackers and wearable devices: How to prevent inference risks? In: Proceedings of the 11th EAI International Conference on Body Area Networks, pp. 125–131. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2016b)

  66. Torre, I., Koceva, F., Sanchez, O.R., Adorni, G.: A framework for personal data protection in the iot. In: 11th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 384–391. IEEE (2016c)

  67. Torre, I., Sanchez, O.R., Koceva, F., Adorni, G.: Supporting users to take informed decisions on privacy settings of personal devices. Pers. Ubiquit. Comput. 22(2), 345–364 (2018)

    Google Scholar 

  68. Tsai, L., Wijesekera, P., Reardon, J., Reyes, I., Egelman, S., Wagner, D., Good, N., Chen, J.W.: Turtle guard: helping android users apply contextual privacy preferences. In: Symposium on Usable Privacy and Security (SOUPS) (2017)

  69. Vescovi, M., Moiso, C., Pasolli, M., Cordin, L., Antonelli, F.: Building an eco-system of trusted services via user control and transparency on personal data. In: IFIP International Conference on Trust Management, pp. 240–250. Springer (2015)

  70. Vicente, C.R., Freni, D., Bettini, C., Jensen, C.S.: Location-related privacy in geo-social networks. IEEE Internet Comput. 15(3), 20–27 (2011)

    Google Scholar 

  71. Walters, M.L., Lohse, M., Hanheide, M., Wrede, B., Syrdal, D.S., Koay, K.L., Green, A., Hüttenrauch, H., Dautenhahn, K., Sagerer, G., et al.: Evaluating the robot personality and verbal behavior of domestic robots using video-based studies. Adv. Robot. 25(18), 2233–2254 (2011)

    Google Scholar 

  72. Wijesekera, P., Baokar, A., Tsai, L., Reardon, J., Egelman, S., Wagner, D., Beznosov, K.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: IEEE Symposium on Security and Privacy (SP), pp. 1077–1093. IEEE (2017)

  73. Wisniewski, P., Knijnenburg, B.P., Lipford, H.R.: Profiling facebook users privacy behaviors. In: SOUPS2014 Workshop on Privacy Personas and Segmentation (2014)

  74. Woods, S., Walters, M., Koay, K.L., Dautenhahn, K.: Comparing human robot interaction scenarios using live and video based methods: towards a novel methodological approach. In: 9th IEEE International Workshop on Advanced Motion Control, pp. 750–755. IEEE (2006)

  75. Wu, L., Ge, Y., Liu, Q., Chen, E., Hong, R., Du, J., Wang, M.: Modeling the evolution of users’ preferences and social links in social networking services. IEEE Trans. Knowl. Data Eng. 29(6), 1240–1253 (2017)

    Google Scholar 

  76. Wu, L., Ge, Y., Liu, Q., Chen, E., Long, B., Huang, Z.: Modeling users’ preferences and social links in social networking services: a joint-evolving perspective. In: Thirtieth AAAI Conference on Artificial Intelligence (2016)

  77. Xie, J., Knijnenburg, B.P., Jin, H.: Location sharing privacy preference: analysis and personalized recommendation. In: Proceedings of the 19th international conference on Intelligent User Interfaces, pp. 189–198. ACM (2014)

  78. Xu, H., Dinev, T., Smith, H.J., Hart, P.: Examining the formation of individual’s privacy concerns: toward an integrative view. In: ICIS 2008 Proceedings, p. 6 (2008)

  79. Xu, H., Gupta, S., Rosson, M.B., Carroll, J.M.: Measuring mobile users’ concerns for information privacy, Proc. of the Third International Conference on Information Systems, Orlando, pp. 2278–2293 (2012)

  80. Zhao, Y., Zhu, Q.: Evaluation on crowdsourcing research: current status and future direction. Inf. Syst. Front. 16(3), 417–434 (2014)

    Google Scholar 

  81. Zhao, Z., Etemad, S.A., Arya, A.: Gamification of exercise and fitness using wearable activity trackers. In: Proceedings of the 10th International Symposium on Computer Science in Sports (ISCSS), pp. 233–240. Springer (2016)

Download references

Author information



Corresponding author

Correspondence to Ilaria Torre.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.



Table 4 Study Questionnaire
Table 5 Table of accuracies

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sanchez, O.R., Torre, I., He, Y. et al. A recommendation approach for user privacy preferences in the fitness domain. User Model User-Adap Inter 30, 513–565 (2020). https://doi.org/10.1007/s11257-019-09246-3

Download citation


  • Privacy preferences
  • Fitness trackers
  • Profiling
  • Privacy-setting recommendations
  • Privacy management
  • Wearable IoT devices