Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices

ABSTRACT Users increasingly use mobile devices to engage in social activity and commerce, enabling new forms of data collection by firms and marketers. User privacy expectations for these new forms of data collection remain unclear. A particularly difficult challenge is meeting expectations for contextual integrity, as user privacy expectations vary depending upon data type collected and context of use. This article illustrates how fine-grained, contextual privacy expectations can be measured. It presents findings from a factorial vignette survey that measured the impact of diverse real-world contexts (e.g., medical, navigation, music), data types, and data uses on user privacy expectations. Results demonstrate that individuals’ general privacy preferences are of limited significance for predicting their privacy judgments in specific scenarios. Instead, the results present a nuanced portrait of the relative importance of particular contextual factors and information uses, and demonstrate how those contextual factors can be found and measured. The results also suggest that current common activities of mobile application companies, such as harvesting and reusing location data, images, and contact lists, do not meet users’ privacy expectations. Understanding how user privacy expectations vary according to context, data types, and data uses highlights areas requiring stricter privacy protections by governments and industry.

[1]  Hock-Hai Teo,et al.  The Value of Privacy Assurance: An Exploratory Field Experiment , 2007, MIS Q..

[2]  Mary J. Culnan,et al.  Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys , 2002, Inf. Soc..

[3]  Adam N. Joinson,et al.  Development of measures of online privacy concern and protection for use on the Internet , 2007, J. Assoc. Inf. Sci. Technol..

[4]  H. Nissenbaum A Contextual Approach to Privacy Online , 2011, Daedalus.

[5]  Donna L. Hoffman,et al.  Information Privacy in the Marketspace: Implications for the Commercial Uses of Anonymity on the Web , 1999, Inf. Soc..

[6]  Katie Shilton,et al.  Four billion little brothers? , 2009, Commun. ACM.

[7]  Fred H. Cate,et al.  The Limits of Notice and Choice , 2010, IEEE Security & Privacy.

[8]  J. Phelps,et al.  Privacy Concerns and Consumer Willingness to Provide Personal Information , 2000 .

[9]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[10]  Federal Trade Commission Protecting Consumer Privacy in an Era of Rapid Change - A Proposed Framework for Businesses and Policymakers (Preliminary FTC Staff Report) , 2011, J. Priv. Confidentiality.

[11]  William T. Ross,et al.  Social Contracts and Marketing Ethics , 1999 .

[12]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[13]  Kirsten E. Martin Understanding Privacy Online: Development of a Social Contract Approach to Privacy , 2016 .

[14]  Tara S. Behrend,et al.  The viability of crowdsourcing for survey research , 2011, Behavior research methods.

[15]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[16]  Rathindra Sarathy,et al.  Understanding Situational Online Information Disclosure as a Privacy Calculus , 2010, J. Comput. Inf. Syst..

[17]  Adam J. Berinsky,et al.  Evaluating Online Labor Markets for Experimental Research: Amazon.com's Mechanical Turk , 2012, Political Analysis.

[18]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[19]  J. C. Buitelaar,et al.  Privacy and Narrativity in the Internet Era , 2014, Inf. Soc..

[20]  Jessica Staddon,et al.  Indirect content privacy surveys: measuring privacy without asking about it , 2011, SOUPS.

[21]  M. E. Gordon,et al.  Direct Mail Privacy-Efficiency Trade-offs within an Implied Social Contract Framework , 1993 .

[22]  E. Ramsey,et al.  Trust considerations on attitudes towards online purchasing: The moderating effect of privacy and security concerns , 2010 .

[23]  Michael S. Bernstein,et al.  Mechanical Turk is Not Anonymous , 2013 .

[24]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[25]  Lisa Wallander 25 years of factorial surveys in sociology: A review , 2009 .

[26]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[27]  Kirsten E. Martin Diminished or Just Different? A Factorial Vignette Study of Privacy as a Social Contract , 2012 .

[28]  R. Bies,et al.  Consumer Privacy: Balancing Economic and Justice Considerations , 2003 .

[29]  Heng Xu,et al.  Exploring the role of overt vs. covert personalization strategy in privacy calculus , 2009 .

[30]  Priscilla M. Regan,et al.  Emergency Response Systems and the Creeping Legibility of People and Places , 2004, Inf. Soc..

[31]  George R. Milne,et al.  A Longitudinal Assessment of Online Privacy Notice Readability , 2006 .

[32]  Mary J. Culnan,et al.  How Ethics Can Enhance Organizational Privacy: Lessons from the ChoicePoint and TJX Data Breaches , 2009, MIS Q..

[33]  Paul A. Pavlou,et al.  Building Effective Online Marketplaces with Institution-Based Trust , 2004, Inf. Syst. Res..

[34]  Bill Tomlinson,et al.  Who are the crowdworkers?: shifting demographics in mechanical turk , 2010, CHI Extended Abstracts.

[35]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[36]  A. Cavoukian Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices , 2012 .

[37]  Kirsten E. Martin,et al.  Transaction costs, privacy, and trust: The laudable goals and ultimate failure of notice and choice to respect privacy online , 2013, First Monday.

[38]  Jenny Fry,et al.  Engaging Privacy and Information Technology in a Digital Age , 2008 .

[39]  Hock-Hai Teo,et al.  Research Note - Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services , 2012, Inf. Syst. Res..

[40]  Peter H. Rossi,et al.  Measuring social judgments : the factorial survey approach , 1983 .

[41]  Kim Sheehan,et al.  Toward a Typology of Internet Users and Online Privacy Concerns , 2002, Inf. Soc..

[42]  K. Jamal,et al.  Privacy Rights on the Internet: Self-Regulation or Government Regulation? , 2006, Business Ethics Quarterly.

[43]  Catherine Heeney,et al.  Breaching the Contract? Privacy and the UK Census , 2012, Inf. Soc..

[44]  Mihaela Popescu,et al.  Captive But Mobile: Privacy Concerns and Remedies for the Mobile Environment , 2013, Inf. Soc..

[45]  Timothy J. Muris,et al.  Choice or Consequences: Protecting Privacy in Commercial Information , 2008 .

[46]  G. Jasso Factorial Survey Methods for Studying Beliefs and Judgments , 2006 .

[47]  M. Culnan Consumer awareness of name removal procedures: Implications for direct marketing , 1995 .

[48]  David Wright,et al.  A Strategy for Operationalizing Privacy by Design , 2014, Inf. Soc..

[49]  Deborah G. Johnson Is the global information infrastructure a democratic technology? , 1997, CSOC.

[50]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[51]  L. Cranor,et al.  Are They Worth Reading? An In-Depth Analysis of Online Trackers’ Privacy Policies , 2015 .

[52]  Mary Ann Eastlick,et al.  Understanding online B-to-C relationships: An integrated model of privacy concerns, trust, and commitment , 2006 .