On-line privacy and consent: a dialogue, not a monologue

With the move to deliver services on-line, there is a reduction in opportunities for a service user to discuss and agree to the terms of the management of their personal data. As the focus is turned to on-line technologies, the design question becomes one of privacy protection not privacy negotiation and conflict resolution. However, the findings from a large privacy survey and the outputs of several follow-up focus groups reflect a need for privacy systems to also support different types of privacy and consent dialogues. These dialogues are used to support the resolution of privacy dilemmas through the selection of effective privacy protection practices. As the face to face contact between service user and service provider decreases, the potential for these types of dialogues to become increasingly important grows. The work presented in this paper forms the initial part of a study to learn more about the types of privacy dialogue and negotiation that should be deployed in on-line services. In this position paper we outline the types of privacy and consent dialogues that service providers and service users want to have. We also explore how a socio-technical approach should ideally form the basis of the design and implementation of any dialogue system.

[1]  Robert Boguslaw,et al.  Privacy and Freedom , 1968 .

[2]  Stefan Stieger,et al.  Internet users' perceptions of 'privacy concerns' and 'privacy actions' , 2007, Int. J. Hum. Comput. Stud..

[3]  Adam N. Joinson,et al.  Development of measures of online privacy concern and protection for use on the Internet , 2007, J. Assoc. Inf. Sci. Technol..

[4]  J. Horrigan,et al.  Trust and privacy online: Why Americans want to rewrite the rules , 2000 .

[5]  Edgar A. Whitley,et al.  Informational privacy, consent and the "control" of personal data , 2009, Inf. Secur. Tech. Rep..

[6]  A. Joinson,et al.  Development of measures of online privacy concern and protection for use on the Internet , 2007, J. Assoc. Inf. Sci. Technol..

[7]  M. Bruhn,et al.  Theory, development and implementation of national customer satisfaction indices: The Swiss Index of Customer Satisfaction (SWICS) , 2000 .

[8]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[9]  Christian W. Probst,et al.  Fluid information systems , 2009, NSPW '09.

[10]  Alfred Kobsa,et al.  Impacts of User Privacy Preferences on Personalized Systems , 2004, Designing Personalized User Experiences in eCommerce.

[11]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[12]  Luke Church,et al.  Generative usability: security and user centered design beyond the appliance , 2009, NSPW '09.

[13]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[14]  Anne Adams,et al.  The User is not the enemy , 2005 .

[15]  J. W. DeCew,et al.  Uneasy Access: Privacy for Women in a Free Society , 1988 .

[16]  Sven Türpe What is the shape of your security policy?: security as a classification problem , 2009, NSPW '09.

[17]  Ajay K. Kohli,et al.  Relational behavior in business markets : Iplications for relationship management , 1995 .

[18]  Louise Bennett Reflections on privacy, identity and consent in on-line services , 2009, Inf. Secur. Tech. Rep..

[19]  Peter Schaar,et al.  Privacy by Design , 2010 .

[20]  Gavriel Salvendy,et al.  Determinant elements of customer relationship management in e-business , 2005, Behav. Inf. Technol..

[21]  Allan Tomlinson,et al.  Privacy and consent in pervasive networks , 2009, Inf. Secur. Tech. Rep..

[22]  David Evans,et al.  The user is not the enemy: fighting malware by tracking user intentions , 2008, NSPW '08.

[23]  Colin Potts,et al.  Privacy practices of Internet users: Self-reports versus observed behavior , 2005, Int. J. Hum. Comput. Stud..

[24]  Abe Singer,et al.  Choose the red pill and the blue pill: a position paper , 2008, NSPW '08.

[25]  H. Jeff Smith,et al.  Information Privacy: Measuring Individuals' Concerns About Organizational Practices , 1996, MIS Q..

[26]  Lizzie Coles-Kemp,et al.  The need for enhanced privacy and consent dialogues , 2009, Inf. Secur. Tech. Rep..