• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Privacy attitudes, incentives and behaviours
 

Privacy attitudes, incentives and behaviours

on

  • 1,880 views

Presentation at Data Protection Governance symposium, IViR, University of Amsterdam, 20 June 2011, and at Hong Kong University law school seminar on 2 Mar 2012

Presentation at Data Protection Governance symposium, IViR, University of Amsterdam, 20 June 2011, and at Hong Kong University law school seminar on 2 Mar 2012

Statistics

Views

Total Views
1,880
Views on SlideShare
1,875
Embed Views
5

Actions

Likes
2
Downloads
32
Comments
0

3 Embeds 5

https://twimg0-a.akamaihd.net 3
http://twitter.com 1
http://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Imposes cost of future invasive advertising

Privacy attitudes, incentives and behaviours Privacy attitudes, incentives and behaviours Presentation Transcript

  • Privacy attitudes, incentives and behaviours Dr Ian Brown Oxford Internet Institute
  • Overview
    • The privacy paradox
    • Younger people and privacy
    • Location privacy
    • Medical privacy
    • Behavioural economics and market failure
    • Lessons for data protection governance
  • Privacy concerns Source: Flash Eurobarometer #225 (2008: 7)
  • Attitudes vs. disclosure Spiekermann, Grossklags and Berendt (2002)
  • Young people and privacy
    • Most young people see Internet as private space for talking to (already-known) friends, and target information to peer group
    • Lenhart et al. (2007) found stricter access controls on photos/videos by teens than adults (76% v 58% most of time/sometimes)
    • Teens showed higher privacy concerns with parental monitoring; parental discussions increased privacy concerns and reduced disclosure
    • Adult users of social media are developing similar behaviours – consequence of mediation, not age (Marwick et al. 2010)
  • Young adults and privacy
    • Hoofnagle et al. (2010) found very limited understanding of privacy laws among young adults – 42% answered all 5 questions incorrectly
    • Jones et al. surveyed 7,421 students at 40 US colleges. 75% concerned about passwords, SSNs, credit card numbers but few about SNSes due to insignificant consequences (2009)
  • Student information disclosure What kind of personal information do you post online? (first year N=177, final year N=133) Oostveen (2010)
  • Sampling Facebook Experiences
    • Mobile phones carried by students
    • Location retrieved with embedded GPS
    • Subjects answer questions (e.g., sharing choices)
    • Facebook Application
    • Location disclosed to friends
    • Server
    • Data are collected in our server
    • Questions are sent to participants through SMS
    • Aims
    • To understand:
    • Why do students share their location
    • How (text, picture)
    • When, to whom they share this location
    • At what locations are they more willing to share
  • Location sharing
    • 40 participants responded to over 2000 questions over 2 weeks
    • Participants are more willing to share their location when they are in ‘Leisure’ or ‘Academic’ locations than in the ‘Library’ or in ‘Residential’ areas.
    Abdesslem, Parris & Henderson (2010)
  • HIV record privacy
    • Interviews with 41 African women living with HIV in London who use the internet in relation to their health
    • 6 months of fieldwork in 3 HIV clinics in London
    • 2 focus groups at community support groups
    • Participants asked about their experiences of being diagnosed and living with HIV, information seeking and internet use
    • Privacy not mentioned by interviewer
    • Aimed at ‘foregrounding practicalities’ in interviews (Mol, 2002), and interviews were analysed and coded for how participants spoke about ‘doing privacy’
    Manzanderani and Brown (2011)
  • Patient preferences
    • Strong preference for HIV physicians over others such as GPs due to perceptions of different types of confidentiality practices and professionalism
    • Strong resistance to moving practitioners
    • Continuity of care stressed as important for privacy
    • Took a long time to develop relationships of trust with a given practitioner
    • People from similar ethnic and cultural background often resisted as a information source for fear of knowledge of a HIV positive diagnosis spreading to community and country of origin
    Manzanderani and Brown (2011)
  • Sharing medical data Source: The Use of Personal Health Information in Medical Research, Medical Research Council, June 2007 pp.54-55
  • Privacy is contextual
    • “ Contrary to the assumption … that people have stable, coherent, preferences with respect to privacy, we find that concern about privacy … is highly sensitive to contextual factors”
      • Privacy salience primes concerns
      • “ People, it seems, feel more comfortable providing personal information on unprofessional sites that are arguably particularly likely to misuse it.”
      • “ Covert inquiries … do not trigger concerns about privacy, and hence promote disclosure.”
    John, Acquisti and Loewenstein (2011)
  • Homo economicus vs. sapiens
    • Bounded rationality
    • Privacy risks are highly probabilistic, cumulative, and difficult to calculate
    • Most individuals bad at deferred gratification, and have time-inconsistent preferences
    Acquisti (2009)
  • Market failures in privacy
    • Negative externalities – sale of personal data without compensation to subject
    • Information asymmetry – data gathered ubiquitously and invisibly in a way few consumers understand
    • Privacy policies unreadable and difficult to verify/enforce, with unstable equilibrium. Seals and lemon markets
    • Information industries are highly concentrated; privacy ignored by competition regulators
  • Correcting market failure
    • Minimum standards of care – organisational and technical protections
    • Simplified privacy policies and breach disclosure reduce information asymmetry
    • More effective enforcement (group actions?) internalises cost of harms
    • New focus by privacy regulators on interoperability and defaults?
    Romanosky and Acquisti (2009), Brown and Marsden (2008)
  • Lessons for DP governance
    • Basing privacy protections on fully-rational individual behaviour will have limited impact
    • Privacy and competition regulators may have to work together to ensure consumers have meaningful privacy choices
    • Continued regulatory intervention is needed to protect individual and societal interests in privacy
  • References