Privacy attitudes, incentives and behaviours

Privacy attitudes, incentives and behaviours Dr Ian Brown Oxford Internet Institute

Overview
The privacy paradox
Younger people and privacy
Location privacy
Medical privacy
Behavioural economics and market failure
Lessons for data protection governance

Privacy concerns Source: Flash Eurobarometer #225 (2008: 7)

Attitudes vs. disclosure Spiekermann, Grossklags and Berendt (2002)

Young people and privacy
Most young people see Internet as private space for talking to (already-known) friends, and target information to peer group
Lenhart et al. (2007) found stricter access controls on photos/videos by teens than adults (76% v 58% most of time/sometimes)
Teens showed higher privacy concerns with parental monitoring; parental discussions increased privacy concerns and reduced disclosure
Adult users of social media are developing similar behaviours – consequence of mediation, not age (Marwick et al. 2010)

Young adults and privacy
Hoofnagle et al. (2010) found very limited understanding of privacy laws among young adults – 42% answered all 5 questions incorrectly
Jones et al. surveyed 7,421 students at 40 US colleges. 75% concerned about passwords, SSNs, credit card numbers but few about SNSes due to insignificant consequences (2009)

Student information disclosure What kind of personal information do you post online? (first year N=177, final year N=133) Oostveen (2010)

Sampling Facebook Experiences
Mobile phones carried by students
Location retrieved with embedded GPS
Subjects answer questions (e.g., sharing choices)
Facebook Application
Location disclosed to friends
Server
Data are collected in our server
Questions are sent to participants through SMS
Aims
To understand:
Why do students share their location
How (text, picture)
When, to whom they share this location
At what locations are they more willing to share

Location sharing
40 participants responded to over 2000 questions over 2 weeks
Participants are more willing to share their location when they are in ‘Leisure’ or ‘Academic’ locations than in the ‘Library’ or in ‘Residential’ areas.
Abdesslem, Parris & Henderson (2010)

HIV record privacy
Interviews with 41 African women living with HIV in London who use the internet in relation to their health
6 months of fieldwork in 3 HIV clinics in London
2 focus groups at community support groups
Participants asked about their experiences of being diagnosed and living with HIV, information seeking and internet use
Privacy not mentioned by interviewer
Aimed at ‘foregrounding practicalities’ in interviews (Mol, 2002), and interviews were analysed and coded for how participants spoke about ‘doing privacy’
Manzanderani and Brown (2011)

Patient preferences
Strong preference for HIV physicians over others such as GPs due to perceptions of different types of confidentiality practices and professionalism
Strong resistance to moving practitioners
Continuity of care stressed as important for privacy
Took a long time to develop relationships of trust with a given practitioner
People from similar ethnic and cultural background often resisted as a information source for fear of knowledge of a HIV positive diagnosis spreading to community and country of origin
Manzanderani and Brown (2011)

Sharing medical data Source: The Use of Personal Health Information in Medical Research, Medical Research Council, June 2007 pp.54-55

Privacy is contextual
“ Contrary to the assumption … that people have stable, coherent, preferences with respect to privacy, we find that concern about privacy … is highly sensitive to contextual factors”
Privacy salience primes concerns
“ People, it seems, feel more comfortable providing personal information on unprofessional sites that are arguably particularly likely to misuse it.”
“ Covert inquiries … do not trigger concerns about privacy, and hence promote disclosure.”
John, Acquisti and Loewenstein (2011)

Homo economicus vs. sapiens
Bounded rationality
Privacy risks are highly probabilistic, cumulative, and difficult to calculate
Most individuals bad at deferred gratification, and have time-inconsistent preferences
Acquisti (2009)

Market failures in privacy
Negative externalities – sale of personal data without compensation to subject
Information asymmetry – data gathered ubiquitously and invisibly in a way few consumers understand
Privacy policies unreadable and difficult to verify/enforce, with unstable equilibrium. Seals and lemon markets
Information industries are highly concentrated; privacy ignored by competition regulators

Correcting market failure
Minimum standards of care – organisational and technical protections
Simplified privacy policies and breach disclosure reduce information asymmetry
More effective enforcement (group actions?) internalises cost of harms
New focus by privacy regulators on interoperability and defaults?
Romanosky and Acquisti (2009), Brown and Marsden (2008)

Lessons for DP governance
Basing privacy protections on fully-rational individual behaviour will have limited impact
Privacy and competition regulators may have to work together to ensure consumers have meaningful privacy choices
Continued regulatory intervention is needed to protect individual and societal interests in privacy

References

Privacy attitudes, incentives and behaviours

by Ian Brown

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 5

Statistics