To Be, or Not to Be Notified
Millions of people are tracking and quantifying their fitness and health, and entrust online mobile health (mhealth) services with storing and processing their sensitive personal data. Ex post transparency-enhancing tools (TETs) enable users to keep track of how their personal data are processed, and represent important building blocks to understand privacy implications and control one’s online privacy. Particularly, privacy notifications provide users of TETs with the insight necessary to make informed decision about controlling their personal data that they have disclosed previously. To investigate the notification preferences of users of online mhealth services, we conducted an online study. We analysed how notification scenarios can be grouped contextually, and how user preferences with respect to being notified relate to intervenability. Moreover, we examined to what extent ex post notification preferences correlate with privacy personas established in the context of trust in and reliability of online data services. Based on our findings, we discuss the implications for the design of usable ex post TETs.
KeywordsPrivacy Transparency-enhancing tool Usability Personas mHealth
This research has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 67573 and the SSF project SURPRISE.
The authors thank Dan Larsson and Erik Wästlund for advice on the study design, and advice on conducting and interpreting various statistical analyses.
- 1.Dupree, J.L., Devries, R., Berry, D.M., Lank, E.: Privacy personas: clustering users via attitudes and behaviors toward security practices. In: Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI) (2016)Google Scholar
- 2.The European Parliament and the Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council (2016)Google Scholar
- 3.Fischer-Hübner, S., Pettersson, J.S., Angulo, J., Edbom, J., Toresson, M., Andersson, H.: D:C-7.3 Report on end-user perceptions of privacy-enhancing transparency and accountability. Technical report D37.3, A4Cloud Project (2014)Google Scholar
- 4.Harkous, H., Rahman, R., Aberer, K.: Data-driven privacy indicators. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS) (2016)Google Scholar
- 5.Peter Kincaid, J., Fishburne Jr., R.P., Rogers, R.L., Chissom, B.S.: Derivation of new readability formulas (automated readability index, fog count and flesch reading ease formula) for navy enlisted personnel. Technical report, Institute for Simulation and Training, University of Central Florida (1975)Google Scholar
- 7.Lowens, B., Motti, V.G., Caine, K.: Wearable privacy: skeletons in the data closet. In: Proceedings of the IEEE International Conference on Healthcare Informatics (ICHI) (2017)Google Scholar
- 8.Morton, A.: Individual privacy concern and organisational privacy practice - bridging the gap. Ph.D. thesis, University College London (2015)Google Scholar
- 9.Morton, A., Angela Sasse, M.: Desperately seeking assurances: segmenting users by their information-seeking preferences. In: Proceedings of the IEEE Annual International Conference on Privacy, Security and Trust (PST) (2014)Google Scholar
- 10.Murmann, P.: Supplementary material. https://murmann.hotell.kau.se/notification-preferences/. Accessed 13 Nov 2018
- 12.Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
- 15.Prolific Academic Ltd., Prolific. https://www.prolific.ac/demographics. Accessed 27 Aug 2018
- 16.Statista. Number of connected wearable devices worldwide from 2016 to 2021. https://www.statista.com/statistics/487291/. Accessed 28 June 2018
- 17.Wagner, I., He, Y., Rosenberg, D., Janicke, H.: User interface design for privacy awareness in ehealth technologies. In: Proceedings of the IEEE Annual Consumer Communications & Networking Conference (CCNC) (2016)Google Scholar
- 19.Woodruff, A., Pihur, V., Consolvo, S., Schmidt, L., Brandimarte, L., Acquisti, A.: Would a privacy fundamentalist sell their DNA for \$1000... if nothing bad happened as a result? The Westin categories, behavioral intentions, and consequences. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS) (2014)Google Scholar