Privacy expectations and preferences in an IoT world

Pardis Emami-Naeini, Sruti Bhagavatula, Hana Habib, Martin Degeling, Lujo Bauer, Lorrie Faith Cranor, Norman Sadeh

Research output: Chapter in Book/Report/Conference proceedingConference contribution

93 Scopus citations


With the rapid deployment of Internet of Things (IoT) technologies and the variety of ways in which IoT-connected sensors collect and use personal data, there is a need for transparency, control, and new tools to ensure that individual privacy requirements are met. To develop these tools, it is important to better understand how people feel about the privacy implications of IoT and the situations in which they prefer to be notified about data collection. We report on a 1,007-participant vignette study focusing on privacy expectations and preferences as they pertain to a set of 380 IoT data collection and use scenarios. Participants were presented with 14 scenarios that varied across eight categorical factors, including the type of data collected (e.g. location, biometrics, temperature), how the data is used (e.g., whether it is shared, and for what purpose), and other attributes such as the data retention period. Our findings show that privacy preferences are diverse and context dependent; participants were more comfortable with data being collected in public settings rather than in private places, and are more likely to consent to data being collected for uses they find beneficial. They are less comfortable with the collection of biometrics (e.g. fingerprints) than environmental data (e.g. room temperature, physical presence). We also find that participants are more likely to want to be notified about data practices that they are uncomfortable with. Finally, our study suggests that after observing individual decisions in just three data-collection scenarios, it is possible to predict their preferences for the remaining scenarios, with our model achieving an average accuracy of up to 86%.

Original languageEnglish (US)
Title of host publicationProceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017
PublisherUSENIX Association
Number of pages14
ISBN (Electronic)9781931971393
StatePublished - 2019
Externally publishedYes
Event13th Symposium on Usable Privacy and Security, SOUPS 2017 - Santa Clara, United States
Duration: Jul 12 2017Jul 14 2017

Publication series

NameProceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017


Conference13th Symposium on Usable Privacy and Security, SOUPS 2017
Country/TerritoryUnited States
CitySanta Clara

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Privacy expectations and preferences in an IoT world'. Together they form a unique fingerprint.

Cite this