Understanding the Privacy Design Space for Personal Connected Objects

Transcript

1. Understanding the Privacy Design Space for Personal Connected Objects Alessandro

   Montanari, Afra Mashhadi, Akhil Mathur, Fahim Kawsar 30th British Human Computer Interaction Conference | 11 – 15 July 2016, Bournemouth

2. Everyday objects are getting a digital makeover and offer smart

   services by collecting more and more data produced by or about people. Are people aware of the potential privacy risks?

3. We aim at understanding privacy perception and awareness for connected

   objects • Does privacy awareness in the connected object space differ from general privacy awareness (e.g. web and mobile)? • What factors are more important to the users and can help increase their privacy awareness? • What design guidelines can we draw to help address privacy concerns at different stages?

4. Research Method We conducted a qualitative study through in-depth semi-

   structured interviews with 16 participants. The interviews focused around the concepts of privacy awareness, concern and desired action. We used two connected objects to facilitate our interviews and to help participants in forming their opinions.

5. Philips Hue LED Lights • Connected to the Internet through

   a bridge • Remotely controllable (mobile app or website) Withings WS-30 Body Scale • WiFi and BT connectivity • Track and visualisation of weight over time • Sharing options

6. Privacy Questions We designed a set of questions to uncover

   participants’ privacy awareness, concerns and desired action. Data Collection: nature of the raw data captured (weight, light colours, …) E.g. “Do you know that the scale collects your height?” Data Inference: what the collected data is used for (occupancy, ...) E.g. “Do you know that the Hue infers your lifestyle?” Data Ownership: who has lawful right to access and use the data E.g. “Do you know that Google owns your data?”

7. Study Procedure Phase 1: familiarisation with the two connected objects

   and assessment of original level of awareness regarding privacy risks Phase 2: engaged the participants in the privacy questions and recorded awareness, concerns and the desire to take an action Phase 3: open ended discussion regarding participants’ attitude and privacy perception of connected objects. Assessment of privacy awareness level after the study.

8. Understanding user’s mental model Participants’ concern raised when they could

   not map the data collection to a specific functionality of the object. We uncovered a major cognitive distance between users’ mental models and the objects’ perceived affordances. Difficult to infer when and what data is collected Difficult to understand what could be inferred from the collected data

9. Understanding user’s mental model At the end of the study,

   the increase in privacy awareness for the connected lights was more than for the connected body scale Users are more likely to be initially concerned for those objects that they hold a preconception of the collected data “When I use the device I think about what information I am exposing to others”

10. The importance of who is accessing the data Participants showed

    more concerns with the Data Ownership questions They felt more concerned when presented with information about potential users/owners of their data

11. The importance of control The majority of the participants wanted

    to take an action Strong desire to keep the data local P9: “If I know that the data is not leaving the scale and I can delete it, everything is ok” P7: “I don’t want to share data externally, if it remains inside my home is fine”

12. Design Guidelines Reduce the cognitive distance at all stages of

    the objects’ lifecycle. Scripting: directly communicate data practices details at the setup stage (e.g. with peel off stickers). Be careful! I have learned to listen. Privacy Policy Your appliance may capture voice commands so that we can provide you with voice recognition features

13. Design Guidelines Feed forward: explicitly highlight the data collection process

    during the initial configuration phase (e.g. visualising sample data, acquisition strategy and sample analytics) Persistent Notification: notices to indicate when a data practice is active (i.e. what data is collected and when) Be careful! I have learned to listen.

14. Need for a perceptual tool Ensure the users are aware

    of the privacy risks as privacy policies and services could change over time. Independent conceptual tool to bring transparency and privacy dialogue to our homes. Notice Make users more aware of the data practices Choice Enable users to take action to control their privacy exposure

15. Need for a perceptual tool Succinct Notification: present short and

    simple notification messages about the changes in the object that might affect users’ privacy. Simple Control: offer an intuitive interface to take decisions when notices appear. Tangible form factor: make sure the users are more likely to focus on making decisions on the privacy notifications and are less likely to be distracted.

16. Need for a perceptual tool

17. Conclusion In the connected object space users are more concerned

    with the Data Ownership aspect rather than with the Data Collection. Users have difficulties in creating a correct mental model about the connected object, leading to a higher level of concern. We identified the need for a tool to keep users aware of potential privacy threats and we provided possible design guidelines.