Privacy Expectations and Preferences in an IoT World. Naeini, P., E., Bhagavatula, S., Habib, H., Degeling, M., Bauer, L., Cranor, L., & Sadeh, N. In Symposium on Usable Privacy and Security (SOUPS), pages 399-412, 2017. USENIX.
Privacy Expectations and Preferences in an IoT World [link]Website  abstract   bibtex   
With the rapid deployment of Internet of Things (IoT) technologies and the variety of ways in which IoT-connected sensors collect and use personal data, there is a need for transparency, control, and new tools to ensure that individual privacy requirements are met. To develop these tools, it is important to better understand how people feel about the privacy implications of IoT and the situations in which they prefer to be notified about data collection. We report on a 1,007-participant vignette study focusing on privacy expectations and preferences as they pertain to a set of 380 IoT data collection and use scenarios. Participants were presented with 14 scenarios that varied across eight categorical factors, including the type of data collected (e.g. location, biometrics, temperature), how the data is used (e.g., whether it is shared, and for what purpose), and other attributes such as the data retention period. Our findings show that privacy preferences are diverse and context dependent; participants were more comfortable with data being collected in public settings rather than in private places, and are more likely to consent to data being collected for uses they find beneficial. They are less comfortable with the collection of biometrics (e.g. fingerprints) than environmental data (e.g. room temperature, physical presence). We also find that participants are more likely to want to be notified about data practices that they are uncomfortable with. Finally, our study suggests that after observing individual decisions in just three data-collection scenarios, it is possible to predict their preferences for the remaining scenarios, with our model achieving an average accuracy of up to 86%.
@inProceedings{
 title = {Privacy Expectations and Preferences in an IoT World},
 type = {inProceedings},
 year = {2017},
 keywords = {iot,iotsec,privacy,user-study},
 pages = {399-412},
 websites = {https://www.usenix.org/conference/soups2017/technical-sessions/presentation/naeini},
 publisher = {USENIX},
 id = {d2e684e2-2a39-33f7-ac06-7a2050e7f081},
 created = {2018-07-12T21:31:54.655Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:31:54.655Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {naeini:iot-expectations},
 source_type = {inproceedings},
 notes = {An extensive study of individual preferences and perceptions about privacy in IoT scenarios, with N>1000. They posed 14 scenarios, a subset of 380 IoT data-collection scenarios, to each user, and asked about their level of comfort in having such data collected, and about whether and how often they'd like to be informed about data collection. The study design allowed them to pick apart the various factors that affect subjects' responses. They show they can build a model to predict a user's preferences in new scenarios based on their choices on earlier scenarios. Section 6 provides a useful discussion.},
 private_publication = {false},
 abstract = {With the rapid deployment of Internet of Things (IoT) technologies and the variety of ways in which IoT-connected sensors collect and use personal data, there is a need for transparency, control, and new tools to ensure that individual privacy requirements are met. To develop these tools, it is important to better understand how people feel about the privacy implications of IoT and the situations in which they prefer to be notified about data collection. We report on a 1,007-participant vignette study focusing on privacy expectations and preferences as they pertain to a set of 380 IoT data collection and use scenarios. Participants were presented with 14 scenarios that varied across eight categorical factors, including the type of data collected (e.g. location, biometrics, temperature), how the data is used (e.g., whether it is shared, and for what purpose), and other attributes such as the data retention period. Our findings show that privacy preferences are diverse and context dependent; participants were more comfortable with data being collected in public settings rather than in private places, and are more likely to consent to data being collected for uses they find beneficial. They are less comfortable with the collection of biometrics (e.g. fingerprints) than environmental data (e.g. room temperature, physical presence). We also find that participants are more likely to want to be notified about data practices that they are uncomfortable with. Finally, our study suggests that after observing individual decisions in just three data-collection scenarios, it is possible to predict their preferences for the remaining scenarios, with our model achieving an average accuracy of up to 86%.},
 bibtype = {inProceedings},
 author = {Naeini, Pardis E and Bhagavatula, Sruti and Habib, Hana and Degeling, Martin and Bauer, Lujo and Cranor, Lorrie and Sadeh, Norman},
 booktitle = {Symposium on Usable Privacy and Security (SOUPS)}
}
Downloads: 0