Abstract
Although there are many privacy-enhancing tools designed to protect users’ online privacy, it is surprising to see a lack of user-centric solutions allowing privacy control based on the joint assessment of privacy risks and benefits, due to data disclosure to multiple platforms. In this paper, we propose a conceptual framework to fill the gap: aiming at user-centric privacy protection, we show that the framework can assess not only privacy risks in using online services but also the added values earned from data disclosure. Through following a human-in-the-loop approach, it is expected that the framework can provide a personalized solution via preference learning, continuous privacy assessment, behavioral monitoring and nudging. Finally, we describe a case study about “leisure travelers” and some areas for further research.
An extended version of the paper can be found at http://www.hooklee.com/Papers/DependSys2019a_full.pdf.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Such value refers to the added values a user can obtain by disclosing data to service providers, in addition to receiving the basic services wanted.
- 2.
The ontology described in this paper is an extended version of the one reported in [16], which focuses on data flows only but not returned values.
References
Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users & choices online. ACM Comput. Surv. 50(3), 44:1–44:41 (2017)
Almuhimedi, H., et al.: Your location has been shared 5,398 times!: a field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)
Alnemr, R., et al.: A data protection impact assessment methodology for cloud. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 60–92. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31456-3_4
Ali-Eldin, A., Zuiderwijk, A., Janssen, M.: A privacy risk assessment model for open data. In: Shishkov, B. (ed.) BMSD 2017. LNBIP, vol. 309, pp. 186–201. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78428-1_10
Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_9
Cavoukian, A.: Privacy by design - the 7 foundational principles. Tech. rep. (2011). https://ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf
Das, A., Degeling, M., Smullen, D., Sadeh, N.: Personalized privacy assistants for the internet of things: providing users with notice and choice. IEEE Pervasive Comput. 17(3), 35–46 (2018)
Elueze, I., Quan-Haase, A.: Privacy attitudes and concerns in the digital lives of older adults: Westin’s privacy attitude typology revisited. Am. Behav. Sci. 62(10), 1372–1391 (2018)
Gómez-Barroso, J.L.: Experiments on personal information disclosure: past and future avenues. Telematics Inform. 35(5), 1473–1490 (2018)
Hansen, M.: Marrying transparency tools with user-controlled identity management. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds.) Privacy and Identity 2007. ITIFIP, vol. 262, pp. 199–220. Springer, Boston, MA (2008). https://doi.org/10.1007/978-0-387-79026-8_14
Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) Privacy and Identity 2008. IAICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03315-5_5
Kaur, K., Gupta, I., Singh, A.K.: A comparative study of the approach provided for preventing the data leakage. Int. J. Netw. Secur. Appl. 9(5), 21–33 (2017)
King, J.: Taken out of context: an empirical analysis of Westin’s privacy scale. In: Workshop on Privacy Personas and Segmentation, p. 2014 (2014)
Kumaraguru, P., Cranor, L.F.: Privacy indexes: a survey of Westin’s studies. Tech. rep. (2005). http://reports-archive.adm.cs.cmu.edu/anon/isri2005/CMU-ISRI-05-138.pdf
Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In: Proceedings of 10th Symposium On Usable Privacy and Security, pp. 199–212 (2014)
Lu, Y., Li, S.: From data flows to privacy issues: a user-centric semantic model for representing and discovering privacy issues. In: Proceedings of 53rd Hawaii International Conference on System Sciences (2020)
Lu, Y., Ou, C., Angelopoulos, S.: Exploring the effect of monetary incentives on user behavior in online sharing platforms. In: Proceedings of the 51st Hawaii International Conference on System Sciences (2018)
Miniwatts Marketing Group: World Internet usage and population statistics - Updated in March, 2019. Internet World Stats (2019). https://www.internetworldstats.com/stats.htm
Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in Android: a user-centric approach. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, M.-F. (eds.) RISK 2013. LNCS, vol. 8418, pp. 21–37. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07076-6_2
Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: Proceedings of 13th Symposium on Usable Privacy and Security, pp. 399–412. USENIX Association (2017)
Park, Y.J.: Digital literacy and privacy behavior online. Commun. Res. 40(2), 215–236 (2013)
Peddinti, S.T., Collins, A., Sedley, A., Taft, N., Turner, A., Woodruff, A.: Perceived frequency of advertising practices (2015). https://cups.cs.cmu.edu/soups/2015/papers/ppsPeddiniti.pdf
Qiu, M., Gai, K., Thuraisingham, B., Tao, L., Zhao, H.: Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Gener. Comput. Sys. 80, 421–429 (2018)
Rastogi, V., Qu, Z., McClurg, J., Cao, Y., Chen, Y.: Uranine: real-time privacy leakage monitoring without system modification for Android. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICST, vol. 164, pp. 256–276. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28865-9_14
Schneider, C., Weinmann, M., vom Brocke, J.: Digital nudging: guiding online user choices through interface design. Commun. ACM 61(7), 67–73 (2018)
Seto, Y.: Application of privacy impact assessment in the smart city. Electron. Commun. Jpn 98(2), 52–61 (2015)
Sheehan, K.B.: Toward a typology of internet users and online privacy concerns. Inf. Soc. 18(1), 21–32 (2002)
Tian, Y., et al.: SmartAuth: user-centered authorization for the Internet of Things. In: Proceedings of 26th USENIX Security Symposium, pp. 361–378. USENIX (2017)
Wagner, I., Boiten, E.: Privacy risk assessment: from art to science, by metrics. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds.) DPM/CBT -2018. LNCS, vol. 11025, pp. 225–241. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00305-0_17
Warren, A., Bayley, R., Bennett, C., Charlesworth, A., Clarke, R., Oppenheim, C.: Privacy impact assessments: International experience as a basis for UK guidance. Comput. Law Secur. Rev. 24(3), 233–242 (2008)
Weinmann, M., Schneider, C., vom Brocke, J.: Digital nudging. Bus. Inf. Sys. Eng. 58(6), 433–436 (2016)
Westin, A.F.: Harris-Equifax consumer privacy survey 1991. Equifax Inc. (1991)
Wisniewski, P.J., Knijnenburg, B.P., Lipford, H.R.: Making privacy personal: profiling social network users to inform privacy education and nudging. Int. J. Hum. Comput. Stud. 98, 95–108 (2017)
Woodruff, A., Pihur, V., Consolvo, S., Brandimarte, L., Acquisti, A.: Would a privacy fundamentalist sell their DNA for \$1000... if nothing bad happened as a result? the Westin categories, behavioral intentions, and consequences. In: Proceedings of 10th Symposium On Usable Privacy and Security, pp. 1–18. USENIX Association (2014)
Xu, K., Guo, Y., Guo, L., Fang, Y., Li, X.: My privacy my decision: control of photo sharing on online social networks. IEEE Trans. Dependable Secure Comput. 14(2), 199–210 (2017)
Zhu, H., Chen, E., Xiong, H., Yu, K., Cao, H., Tian, J.: Mining mobile user preferences for personalized context-aware recommendation. ACM Trans. Intell. Syst. Technol. 5(4), 58:1–58:27 (2015)
Acknowledgement
The authors’ work was supported by the research project, PRIvacy-aware personal data management and Value Enhancement for Leisure Travellers (PriVELT), funded by the EPSRC in the UK, under grant number EP/R033749/1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lu, Y., Li, S., Ioannou, A., Tussyadiah, I. (2019). From Data Disclosure to Privacy Nudges: A Privacy-Aware and User-Centric Personal Data Management Framework. In: Wang, G., Bhuiyan, M.Z.A., De Capitani di Vimercati, S., Ren, Y. (eds) Dependability in Sensor, Cloud, and Big Data Systems and Applications. DependSys 2019. Communications in Computer and Information Science, vol 1123. Springer, Singapore. https://doi.org/10.1007/978-981-15-1304-6_21
Download citation
DOI: https://doi.org/10.1007/978-981-15-1304-6_21
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1303-9
Online ISBN: 978-981-15-1304-6
eBook Packages: Computer ScienceComputer Science (R0)