ACADEMIC ARTICLE SUMMARY
Informing the Design of a Personalized Privacy Assistant for the Internet of Things
Article Source: CHI '20: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, Paper No. 262, April, 2020
Publication Date:
Time to Read: 2 minute readSearch for the full article on Bing
ARTICLE SUMMARY
Summary:
Personalized Privacy Assistant (PPAs) will help users manage Internet of Things (IoT) device data collection. The best PPAs will learn from users and offer suggestions from unbiased sources.
POLICY RELEVANCE
Policy Relevance:
Most users will react positively to suggestions from PPAs.
KEY TAKEAWAYS
Key Takeaways:
- PPAS can help users manage large numbers of privacy decisions; in evaluating PPAs, users weigh their desire for control of their personal information against fear of cognitive overload.
- Interviews with 17 participants revealed users’ views on different PPA designs.
- “Notification PPAs” notify users when a nearby device is collecting data, and give the user control over nearby data collection.
- “Recommendation PPAs” notify users when a nearby device is collecting data, and suggest whether the user should allow or disallow collection.
- “Auto PPAs” make decisions for the user based on user preferences.
- “Notification PPAs” notify users when a nearby device is collecting data, and give the user control over nearby data collection.
- Participant reactions to “recommendation PPAs” were mostly positive.
- Participants thought this type of PPA could serve an educational purpose.
- Participants wanted recommendations from unbiased, knowledgeable sources.
- Participants thought this type of PPA could serve an educational purpose.
- About two thirds of participants reacted positively to the idea of “auto PPAs;” many reacted negatively to “notification PPAs,” fearing they would be overwhelmed by choices.
- Good PPA designs would include the following features:
- Allow users to choose from crowd-sourced recommendations, manufacturer recommendations, and recommendations from independent nonprofit organizations.
- Include a "trusted location" feature where notifications would be turned off.
- Allow users to specify situations in which users are always for or against sharing.
- Explain the risks and benefits of data collection to users.
- Record and learn from users' decisions.
- Provide an audit mechanism so users' can verify and adjust decisions made on their behalf.
- Allow users to choose from crowd-sourced recommendations, manufacturer recommendations, and recommendations from independent nonprofit organizations.
- Some participants thought that the benefits of IoT (such as traffic control) would be reduced if people could opt out; policymakers should consider how to reduce the chance that people will opt out of public data collection and bypass safety and security devices.