Privacy and User Trust in
Context-Aware Systems
Saskia Koldijk1,2, Gijs Koot2, Mark Neerincx1,3, Wessel Kraaij1,2
(1)
www.swell-project.net
(2)
(3)
Recent trends
Big data, advances in sensing, smartphones,
ubiquitous user modeling…
Opportunity
Thread
Context Aware Systems
Privacy
Better personalized and
Losing control over
contextualized services personal (context) data
Definition CAS: “use of environmental
elements by applications to personalize
their service for the user” [1].
www.swell-project.net
Definition Privacy: “boundary control
process in which individuals regulate when,
how, and to what extent information about
them is communicated to others” [2].
How to build a privacy-friendly CAS?
• Outline of this talk
– Introduction context aware SWELL system
– Privacy Impact Assessment
– How to apply Privacy by Design
– User study:
• Effects of Privacy by Design, on
– Trust
– Attitude towards using the system
– Results
www.swell-project.net
How to build a privacy-friendly CAS?
• Outline of this talk
– Introduction context aware SWELL system
– Privacy Impact Assessment
– How to apply Privacy by Design
– User study:
• Effects of Privacy by Design, on
– Trust
– Attitude towards using the system
– Results
www.swell-project.net
I work in the office from 9 till 5. I
perform knowledge work.
My work is demanding.
I often feel so tired.
SWELL Workload
Mirror
to look back at the day:
SWELL tool: Workload Mirror
to manage well-being at work
1) Working behavior is captured with
sensors and the system learns to
interpret this personal data.
Can collect:
Computer activity
Posture
Facial expressions
Self reports
2) Intelligible information is provided
as feedback to help adjust behavior
and improve well-being.
Overview of:
Tasks
Content worked on
Mental effort/ energy
Stress
Outline
– Introduction context aware SWELL system
– Privacy Impact Assessment
– How to apply Privacy by Design
– User study:
• Effects of Privacy by Design, on
– Trust
– Attitude towards using the system
– Results
www.swell-project.net
Privacy Impact Assessment
• Detect potential privacy problems
– before the development of a new technology
• Question catalogue
www.swell-project.net
Results: Important privacy aspects (1)
•
Goal of data collection
–
–
•
Type of data
–
–
–
–
•
The user must know which data is collected.
Which data is collected and processed will be kept to a minimum to enable required functionality.
The data should be stored as aggregated as possible.
The system should provide an alternative means to provide data (e.g. manual user input).
Reactions to the system
–
•
The goal of data collection should be clearly described.
The user should have a clear view on what the system does and how the data is used.
The user should be aware of his privacy settings.
User control
–
–
The user must give permission to collect data, based on a well-informed decision.
The user should be able to see his own data and delete data.
www.swell-project.net
Results: Important privacy aspects (2)
•
Quality of the data
–
–
•
Security of the data
–
–
–
•
The data should be stored as locally as possible.
The data should be encrypted.
Others should not have access to your data.
Data responsibilities
–
–
•
The system should give correct information.
The user should be able to check and correct the data.
An security plan should be established to prevent unauthorized access.
All involved parties should adhere to the security plan.
Data sharing
–
–
When the user voluntarily shares data, it should be shared in line with the user’s expectations.
The user must know who (if applicable) will have access to the data
www.swell-project.net
Outline
– Introduction context aware SWELL system
– Privacy Impact Assessment
– How to apply Privacy by Design
– User study:
• Effects of Privacy by Design, on
– Trust
– Attitude towards using the system
– Results
www.swell-project.net
Privacy by Design
Cavoukian (2012)
Hoepman (2012)
• Outlined privacy aspects can be addressed from
the developers side!
• Apply 8 Privacy Design Strategies
CAS follows current privacy legislation 
• ‘Privacy Patterns’ used for implementation
www.swell-project.net
8 Privacy Design Strategies (+ patterns)
1. Inform
o Informed consent
o Privacy Dashboard
strategy
pattern
2. Control
o Privacy Choices
3. Minimize
o Pseudonyms
o Anonymization (k-anonymity)
4. Separate
Hoepman (2012)
o Decentralisation
o Horizontal/ vertical data separation
www.swell-project.net
8 Privacy Design Strategies (+ patterns)
5. Aggregate
o Aggregate over time
o Blur personal data
6. Hide
o Authentication
o Store data encrypted
7. Enforce & 8. Demonstrate
o Sticky Policies
Hoepman (2012)
www.swell-project.net
Outline
– Introduction context aware SWELL system
– Privacy Impact Assessment
– How to apply Privacy by Design
– User study:
• Effects of Privacy by Design, on
– Trust
– Attitude towards using the system
– Results
www.swell-project.net
Effect on Users’ Attitudes
•
•
•
•
124 participants
Presentation SWELL system
Between subject design: Privacy information (yes/no)
Questionnaire on:
– Transparency
– Privacy/ Trust
– Attitude towards use
of the SWELL system
• Hypothesized model:
www.swell-project.net
<Privacy group>
Privacy by Design
• Purpose limitation: The collected data is only used for giving yourself
insights to enable self-management.
• Control: You can enable or disable the computer logging, camera or Kinect
sensors.
• Data minimization: The tool only processes data that is necessary to
provide the functionality that you desire, e.g. the tool will use document
content only when you want an overview of topics worked on.
• Data aggregation: The sensor data is processed locally on your device.
Only summary information, like topics, average posture or facial
expression, is stored – no keystrokes or video.
• Adequate protection: Your data is hidden from unauthorized access.
• Data subjects right: You have full control over your data, can view or
delete it.
Installing SWELL
<Privacy group>
0 Goal of the SWELL tool:
Supporting self-management
of stress.
0 You can enable or disable
functionalities as you wish,
such that the SWELL tool
optimally supports you with
functionality that you desire.
0 E.g. you can decide if you want to
share (parts of) information with
others.
Installing SWELL
<Control group>
0 Goal of the SWELL tool:
Supporting self-management
of stress.
0 You can enable or disable
functionalities as you wish,
such that the SWELL tool
optimally supports you with
functionality that you desire.
0 E.g. you can decide if you want to
share (parts of) information with
others.
Outline
– Introduction context aware SWELL system
– Privacy Impact Assessment
– How to apply Privacy by Design
– User study:
• Effects of Privacy by Design, on
– Trust
– Attitude towards using the system
– Results
www.swell-project.net
Results
• Privacy information had a positive effect on perceived
privacy/ trust in the SWELL system
• Attitude towards using the SWELL system was
– not related to perceived privacy/ trust!!
– related to personal motivation!
(* significant on the .05 level, ** significant at the 0.01 level)
www.swell-project.net
Conclusions
• There are users that state privacy concerns;
nevertheless they are going to use the system
(when they have personal motivation)
• ‘Privacy paradox’, also found in related work
• It is important to implement Privacy by Design to
adequately protect the privacy of the users!
• The 8 Privacy Strategies are an easy start point for
developing privacy friendly CAS, use them 
www.swell-project.net
References
1.
2.
3.
4.
Dey, A. K., Brown, & Abowd, G. D. (1999). Towards a better
understanding of context and context-awareness. In Handheld and
ubiquitous computing (pp. 304-307). Springer Berlin Heidelberg.
Van De Garde-Perik, E., Markopoulos, P., De Ruyter, B., Eggen, B., &
Ijsselsteijn, W. (2008). Investigating privacy attitudes and behavior in
relation to personalization. Social Science Computer Review, 26(1), 2043.
Cavoukian, A. (2012). Operationalizing Privacy by Design: A Guide to
Implementing Strong Privacy Practices. Ontario: Information and
Privacy Commissioner of Ontario.
Hoepman, J. H. (2012). Privacy Design Strategies. arXiv preprint
arXiv:1210.6621.
www.swell-project.net
Thank you for your attention!
Privacy and User Trust
in Context-Aware Systems
Saskia Koldijk1,2, Gijs Koot2, Mark Neerincx1,3, Wessel Kraaij1,2
Publications: cs.ru.nl/~skoldijk
(1)
(1)
www.swell-project.net
(2)
(2)
(3)
(3)