"If You Put All The Pieces Together...": Attitudes Towards Data Combination and Sharing Across Services and Companies

Online services often rely on processing users' data, which can be either provided directly by the users or combined from other services. Although users are aware of the latter, it is unclear whether they are comfortable with such data combination, whether they view it as beneficial for them, or the extent to which they believe that their privacy is exposed. Through an online survey (N=918) and follow-up interviews (N=14), we show that (1) comfort is highly dependent on the type of data, type of service and on the existence of a direct relationship with a company, (2) users have a highly different opinion about the presence of benefits for them, irrespectively of the context, and (3) users perceive the combination of online data as more identifying than data related to offline and physical behavior (such as location). Finally, we discuss several strategies for companies to improve upon these issues.

[1]  Mayuram S. Krishnan,et al.  The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to be Profiled Online for Personalization , 2006, MIS Q..

[2]  Alessandro Mei,et al.  Exploiting Delay Patterns for User IPs Identification in Cellular Networks , 2014, Privacy Enhancing Technologies.

[3]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[4]  C. Gould,et al.  The Information Web , 1989 .

[5]  Hui Zang,et al.  Anonymization of location data does not work: a large-scale measurement study , 2011, MobiCom.

[6]  Lorrie Faith Cranor,et al.  A comparative study of online privacy policies and formats , 2009, Privacy Enhancing Technologies.

[7]  J. Rubenfeld The Right of Privacy , 1989 .

[8]  Yi-Hsuan Yang,et al.  Inferring personal traits from music listening history , 2012, MIRUM '12.

[9]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[10]  Albert-László Barabási,et al.  Limits of Predictability in Human Mobility , 2010, Science.

[11]  Yang Wang,et al.  Who Is Concerned about What? A Study of American, Chinese and Indian Users' Privacy Concerns on Social Network Sites - (Short Paper) , 2011, TRUST.

[12]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[13]  Martin Ortlieb,et al.  A Comparison of Six Sample Providers Regarding Online Privacy Benchmarks , 2014 .

[14]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[15]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[16]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[17]  Gabi Nakibly,et al.  PowerSpy: Location Tracking Using Mobile Device Power Analysis , 2015, USENIX Security Symposium.

[18]  Berker Agir,et al.  A machine-learning based approach to privacy-aware information-sharing in mobile social networks , 2016, Pervasive Mob. Comput..

[19]  A. Pentland,et al.  Life in the network: The coming age of computational social science: Science , 2009 .

[20]  Joseph Bonneau,et al.  The Privacy Jungle: On the Market for Data Protection in Social Networks , 2009, WEIS.

[21]  Brian Neil Levine,et al.  Turning Off GPS Is Not Enough: Cellular Location Leaks over the Internet , 2013, Privacy Enhancing Technologies.

[22]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[23]  Louise Barkhuus The mismeasurement of privacy: using contextual integrity to reconsider privacy in HCI , 2012, CHI.

[24]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[25]  Kristene Unsworth Questioning trust in the era of big (and small) data , 2014 .

[26]  L. Sweeney Simple Demographics Often Identify People Uniquely , 2000 .

[27]  Jean-Pierre Hubaux,et al.  Reconciling Utility with Privacy in Genomics , 2014, WPES.

[28]  Jean-Pierre Hubaux,et al.  Addressing the concerns of the lacks family: quantification of kin genomic privacy , 2013, CCS.

[29]  Chuan-Hoo Tan,et al.  Addressing the Personalization-Privacy Paradox: An Empirical Assessment from a Field Experiment on Smartphone Users , 2013, MIS Q..

[30]  Edgar A. Whitley,et al.  Informational privacy, consent and the "control" of personal data , 2009, Inf. Secur. Tech. Rep..

[31]  Carmela Troncoso,et al.  Unraveling an old cloak: k-anonymity for location privacy , 2010, WPES '10.

[32]  Michael S. Bernstein,et al.  The future of crowd work , 2013, CSCW.

[33]  Serge Gutwirth,et al.  European Data Protection: In Good Health? , 2012, European Data Protection.

[34]  Nisheeth Shrivastava,et al.  Do not embarrass: re-examining user concerns for online tracking and advertising , 2013, SOUPS.

[35]  Serge Gutwirth,et al.  European Data Protection: Coming of Age , 2013, European Data Protection.

[36]  Reza Shokri,et al.  Quantifying the Effect of Co-location Information on Location Privacy , 2014, Privacy Enhancing Technologies.

[37]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[38]  Claude Castelluccia,et al.  On the uniqueness of Web browsing history patterns , 2014, Ann. des Télécommunications.

[39]  Marina Blanton,et al.  Secure Multiparty Computation , 2011, Encyclopedia of Cryptography and Security.

[40]  Ramnath K. Chellappa,et al.  Personalization versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma , 2005, Inf. Technol. Manag..

[41]  M. Angela Sasse,et al.  "Fairly Truthful": The Impact of Perceived Effort, Fairness, Relevance, and Sensitivity on Personal Data Disclosure , 2013, TRUST.

[42]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[43]  Sören Preibusch,et al.  Unwillingness to Pay for Privacy: A Field Experiment , 2011, SSRN Electronic Journal.

[44]  Lorrie Faith Cranor,et al.  Privacy in India: Attitudes and Awareness , 2005, Privacy Enhancing Technologies.

[45]  Yang Wang,et al.  Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems , 2012, User Modeling and User-Adapted Interaction.

[46]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[47]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[48]  Amit Sahai,et al.  Secure Multi-Party Computation , 2013 .

[49]  Yang Wang,et al.  What matters to users?: factors that affect users' willingness to share information with online advertisers , 2013, SOUPS.

[50]  Reza Shokri,et al.  Predicting Users' Motivations behind Location Check-Ins and Utility Implications of Privacy Protection Mechanisms , 2015, NDSS.

[51]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[52]  Siddharth Suri,et al.  Conducting behavioral research on Amazon’s Mechanical Turk , 2010, Behavior research methods.

[53]  H. John Heinz Price Discrimination , Privacy Technologies , and User Acceptance , 2006 .

[54]  Anne Adams,et al.  Privacy in Multimedia Communications: Protecting Users, Not Just Data , 2001, BCS HCI/IHM.

[55]  Alessandro Acquisti,et al.  Gone in 15 Seconds: The Limits of Privacy Transparency and Control , 2013, IEEE Security & Privacy.

[56]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.