Privacy and User Trust in Context-Aware Systems

Privacy and User Trust in Context-Aware Systems

Saskia Koldijk1,2, Gijs Koot2, Mark Neerincx1,3, Wessel Kraaij1,2

www.swell-project.net

(1) (2) (3)


Recent trends

Big data, advances in sensing, smartphones, ubiquitous user modeling…

Opportunity Thread

Context Aware Systems Better personalized and contextualized services

Privacy Losing control over

personal (context) data

Definition CAS: “use of environmental elements by applications to personalize their service for the user” [1].

Definition Privacy: “boundary control process in which individuals regulate when, how, and to what extent information about them is communicated to others” [2].


• Outline of this talk– Introduction context aware SWELL system– Privacy Impact Assessment– How to apply Privacy by Design– User study: • Effects of Privacy by Design, on

– Trust– Attitude towards using the system

– Results

How to build a privacy-friendly CAS?


• Outline of this talk– Introduction context aware SWELL system– Privacy Impact Assessment– How to apply Privacy by Design– User study: • Effects of Privacy by Design, on


– Results

How to build a privacy-friendly CAS?

Problem to address:

Knowledge workers often experience

stress building up, which in the worst

case results in burn-out.

SWELL

SWELL Workload Mirror

to look back at the day:

I work in the office from 9 till 5. I perform knowledge work.

My work is demanding. I often feel so tired.

SWELL tool: Workload Mirror to manage well-being at work

1) Working behavior is captured with sensors and the system learns to interpret this personal data.

2) Intelligible information is provided as feedback to help adjust behavior and improve well-being.

Content worked on Mental effort/ energy

Computer activityPosture

Facial expressions

Can collect: Overview of:

Tasks

StressSelf reports


– Introduction context aware SWELL system– Privacy Impact Assessment– How to apply Privacy by Design– User study: • Effects of Privacy by Design, on


– Results

Outline


Privacy Impact Assessment• Detect potential privacy problems– before the development of a new technology

• Question catalogue


• Goal of data collection– The goal of data collection should be clearly described.– The user should have a clear view on what the system does and how the data is used.

• Type of data– The user must know which data is collected.– Which data is collected and processed will be kept to a minimum to enable required functionality.– The data should be stored as aggregated as possible.– The system should provide an alternative means to provide data (e.g. manual user input).

• Reactions to the system– The user should be aware of his privacy settings.

• User control– The user must give permission to collect data, based on a well-informed decision.– The user should be able to see his own data and delete data.

Results: Important privacy aspects (1)


• Quality of the data– The system should give correct information.– The user should be able to check and correct the data.

• Security of the data– The data should be stored as locally as possible.– The data should be encrypted.– Others should not have access to your data.

• Data responsibilities– An security plan should be established to prevent unauthorized access.– All involved parties should adhere to the security plan.

• Data sharing– When the user voluntarily shares data, it should be shared in line with the user’s expectations.– The user must know who (if applicable) will have access to the data

Results: Important privacy aspects (2)




– Results

Outline


• Outlined privacy aspects can be addressed from the developers side!

• Apply 8 Privacy Design StrategiesCAS follows current privacy legislation

• ‘Privacy Patterns’ used for implementation

Privacy by Design Cavoukian (2012)Hoepman (2012)


1. Informo Informed consento Privacy Dashboard

2. Controlo Privacy Choices

3. Minimizeo Pseudonymso Anonymization (k-anonymity)

4. Separateo Decentralisationo Horizontal/ vertical data separation

8 Privacy Design Strategies (+ patterns)

Hoepman (2012)

strategy

pattern


5. Aggregateo Aggregate over timeo Blur personal data

6. Hideo Authenticationo Store data encrypted

7. Enforce & 8. Demonstrateo Sticky Policies

8 Privacy Design Strategies (+ patterns)

Hoepman (2012)




– Results

Outline


• 124 participants• Presentation SWELL system • Between subject design: Privacy information (yes/no)

• Questionnaire on:– Transparency– Privacy/ Trust– Attitude towards use of

the SWELL system

• Hypothesized model:

Effect on Users’ Attitudes

• Purpose limitation: The collected data is only used for giving yourself insights to enable self-management.

• Control: You can enable or disable the computer logging, camera or Kinect sensors.

• Data minimization: The tool only processes data that is necessary to provide the functionality that you desire, e.g. the tool will use document content only when you want an overview of topics worked on.

• Data aggregation: The sensor data is processed locally on your device. Only summary information, like topics, average posture or facial expression, is stored – no keystrokes or video.

• Adequate protection: Your data is hidden from unauthorized access.• Data subjects right: You have full control over your data, can view or

delete it.

Privacy by Design<Privacy group>

Installing SWELL

0Goal of the SWELL tool: Supporting self-management of stress.

0You can enable or disable functionalities as you wish, such that the SWELL tool optimally supports you with functionality that you desire.0E.g. you can decide if you want to

share (parts of) information with others.

<Privacy group>

Installing SWELL

0Goal of the SWELL tool: Supporting self-management of stress.

0You can enable or disable functionalities as you wish, such that the SWELL tool optimally supports you with functionality that you desire.0E.g. you can decide if you want to

share (parts of) information with others.

<Control group>




– Results

Outline


• Privacy information had a positive effect on perceived privacy/ trust in the SWELL system

• Attitude towards using the SWELL system was – not related to perceived privacy/ trust!!– related to personal motivation!

Results

(* significant on the .05 level, ** significant at the 0.01 level)


• There are users that state privacy concerns;nevertheless they are going to use the system

(when they have personal motivation)• ‘Privacy paradox’, also found in related work

• It is important to implement Privacy by Design to adequately protect the privacy of the users!

• The 8 Privacy Strategies are an easy start point for developing privacy friendly CAS, use them

Conclusions


1. Dey, A. K., Brown, & Abowd, G. D. (1999). Towards a better understanding of context and context-awareness. In Handheld and ubiquitous computing (pp. 304-307). Springer Berlin Heidelberg.

2. Van De Garde-Perik, E., Markopoulos, P., De Ruyter, B., Eggen, B., & Ijsselsteijn, W. (2008). Investigating privacy attitudes and behavior in relation to personalization. Social Science Computer Review, 26(1), 20-43.

3. Cavoukian, A. (2012). Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices. Ontario: Information and Privacy Commissioner of Ontario.

4. Hoepman, J. H. (2012). Privacy Design Strategies. arXiv preprint arXiv:1210.6621.

References

Thank you for your attention!

Privacy and User Trust in Context-Aware Systems

(1) (2) (3)


(1) (2) (3)

Publications: cs.ru.nl/~skoldijk

Saskia Koldijk1,2, Gijs Koot2, Mark Neerincx1,3, Wessel Kraaij1,2

http://www.cs.ru.nl/~skoldijk

http://www.cs.ru.nl/~skoldijk

Date post:	23-Feb-2016
Category:	Documents
Upload:	caron
View:	42 times
Download:	0 times

Privacy and User Trust in Context-Aware Systems

Documents