Understanding the Privacy Design Space for Personal Connected Objects
Presentation about the work I did while I was at Bell Labs on privacy perception in the connected object space.
Conference: 30th British Human Computer Interaction Conference (11 – 15 July 2016, Bournemouth)
objects • Does privacy awareness in the connected object space differ from general privacy awareness (e.g. web and mobile)? • What factors are more important to the users and can help increase their privacy awareness? • What design guidelines can we draw to help address privacy concerns at different stages?
structured interviews with 16 participants. The interviews focused around the concepts of privacy awareness, concern and desired action. We used two connected objects to facilitate our interviews and to help participants in forming their opinions.
a bridge • Remotely controllable (mobile app or website) Withings WS-30 Body Scale • WiFi and BT connectivity • Track and visualisation of weight over time • Sharing options
participants’ privacy awareness, concerns and desired action. Data Collection: nature of the raw data captured (weight, light colours, …) E.g. “Do you know that the scale collects your height?” Data Inference: what the collected data is used for (occupancy, ...) E.g. “Do you know that the Hue infers your lifestyle?” Data Ownership: who has lawful right to access and use the data E.g. “Do you know that Google owns your data?”
and assessment of original level of awareness regarding privacy risks Phase 2: engaged the participants in the privacy questions and recorded awareness, concerns and the desire to take an action Phase 3: open ended discussion regarding participants’ attitude and privacy perception of connected objects. Assessment of privacy awareness level after the study.
not map the data collection to a specific functionality of the object. We uncovered a major cognitive distance between users’ mental models and the objects’ perceived affordances. Difficult to infer when and what data is collected Difficult to understand what could be inferred from the collected data
the increase in privacy awareness for the connected lights was more than for the connected body scale Users are more likely to be initially concerned for those objects that they hold a preconception of the collected data “When I use the device I think about what information I am exposing to others”
to take an action Strong desire to keep the data local P9: “If I know that the data is not leaving the scale and I can delete it, everything is ok” P7: “I don’t want to share data externally, if it remains inside my home is fine”
the objects’ lifecycle. Scripting: directly communicate data practices details at the setup stage (e.g. with peel off stickers). Be careful! I have learned to listen. Privacy Policy Your appliance may capture voice commands so that we can provide you with voice recognition features
during the initial configuration phase (e.g. visualising sample data, acquisition strategy and sample analytics) Persistent Notification: notices to indicate when a data practice is active (i.e. what data is collected and when) Be careful! I have learned to listen.
of the privacy risks as privacy policies and services could change over time. Independent conceptual tool to bring transparency and privacy dialogue to our homes. Notice Make users more aware of the data practices Choice Enable users to take action to control their privacy exposure
simple notification messages about the changes in the object that might affect users’ privacy. Simple Control: offer an intuitive interface to take decisions when notices appear. Tangible form factor: make sure the users are more likely to focus on making decisions on the privacy notifications and are less likely to be distracted.
with the Data Ownership aspect rather than with the Data Collection. Users have difficulties in creating a correct mental model about the connected object, leading to a higher level of concern. We identified the need for a tool to keep users aware of potential privacy threats and we provided possible design guidelines.