Privacy expectations and preferences in an IoT world

Pardis Emami-Naeini, Sruti Bhagavatula, Hana Habib, Martin Degeling, Lujo Bauer, Lorrie Faith Cranor, Norman Sadeh

Research output: Chapter in Book/Report/Conference proceedingConference contribution

186 Scopus citations

Abstract

With the rapid deployment of Internet of Things (IoT) technologies and the variety of ways in which IoT-connected sensors collect and use personal data, there is a need for transparency, control, and new tools to ensure that individual privacy requirements are met. To develop these tools, it is important to better understand how people feel about the privacy implications of IoT and the situations in which they prefer to be notified about data collection. We report on a 1,007-participant vignette study focusing on privacy expectations and preferences as they pertain to a set of 380 IoT data collection and use scenarios. Participants were presented with 14 scenarios that varied across eight categorical factors, including the type of data collected (e.g. location, biometrics, temperature), how the data is used (e.g., whether it is shared, and for what purpose), and other attributes such as the data retention period. Our findings show that privacy preferences are diverse and context dependent; participants were more comfortable with data being collected in public settings rather than in private places, and are more likely to consent to data being collected for uses they find beneficial. They are less comfortable with the collection of biometrics (e.g. fingerprints) than environmental data (e.g. room temperature, physical presence). We also find that participants are more likely to want to be notified about data practices that they are uncomfortable with. Finally, our study suggests that after observing individual decisions in just three data-collection scenarios, it is possible to predict their preferences for the remaining scenarios, with our model achieving an average accuracy of up to 86%.

Original languageEnglish (US)
Title of host publicationProceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017
PublisherUSENIX Association
Pages399-412
Number of pages14
ISBN (Electronic)9781931971393
StatePublished - 2019
Event13th Symposium on Usable Privacy and Security, SOUPS 2017 - Santa Clara, United States
Duration: Jul 12 2017Jul 14 2017

Publication series

NameProceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017

Conference

Conference13th Symposium on Usable Privacy and Security, SOUPS 2017
Country/TerritoryUnited States
CitySanta Clara
Period7/12/177/14/17

Funding

This research has been supported in part by DARPA and the Air Force Research Laboratory under agreement number FA8750-15-2-0277 and by the National Science Foundation under grant SBE-1513957. The US Government is authorized to reproduce and distribute reprints for Governmental purposes not withstanding any copyright notation thereon. Additional support has also been provided by Google. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA, the Air Force Research Laboratory, the NSF, Google, or the US Government.

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Privacy expectations and preferences in an IoT world'. Together they form a unique fingerprint.

Cite this