Abstract
With the rapid deployment of Internet of Things (IoT) technologies and the variety of ways in which IoT-connected sensors collect and use personal data, there is a need for transparency, control, and new tools to ensure that individual privacy requirements are met. To develop these tools, it is important to better understand how people feel about the privacy implications of IoT and the situations in which they prefer to be notified about data collection. We report on a 1,007-participant vignette study focusing on privacy expectations and preferences as they pertain to a set of 380 IoT data collection and use scenarios. Participants were presented with 14 scenarios that varied across eight categorical factors, including the type of data collected (e.g. location, biometrics, temperature), how the data is used (e.g., whether it is shared, and for what purpose), and other attributes such as the data retention period. Our findings show that privacy preferences are diverse and context dependent; participants were more comfortable with data being collected in public settings rather than in private places, and are more likely to consent to data being collected for uses they find beneficial. They are less comfortable with the collection of biometrics (e.g. fingerprints) than environmental data (e.g. room temperature, physical presence). We also find that participants are more likely to want to be notified about data practices that they are uncomfortable with. Finally, our study suggests that after observing individual decisions in just three data-collection scenarios, it is possible to predict their preferences for the remaining scenarios, with our model achieving an average accuracy of up to 86%.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017 |
| Publisher | USENIX Association |
| Pages | 399-412 |
| Number of pages | 14 |
| ISBN (Electronic) | 9781931971393 |
| State | Published - 2019 |
| Event | 13th Symposium on Usable Privacy and Security, SOUPS 2017 - Santa Clara, United States Duration: Jul 12 2017 → Jul 14 2017 |
Publication series
| Name | Proceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017 |
|---|
Conference
| Conference | 13th Symposium on Usable Privacy and Security, SOUPS 2017 |
|---|---|
| Country/Territory | United States |
| City | Santa Clara |
| Period | 7/12/17 → 7/14/17 |
Funding
This research has been supported in part by DARPA and the Air Force Research Laboratory under agreement number FA8750-15-2-0277 and by the National Science Foundation under grant SBE-1513957. The US Government is authorized to reproduce and distribute reprints for Governmental purposes not withstanding any copyright notation thereon. Additional support has also been provided by Google. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA, the Air Force Research Laboratory, the NSF, Google, or the US Government.
ASJC Scopus subject areas
- Computer Networks and Communications
- Safety, Risk, Reliability and Quality