Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy attitudes, incentives and behaviours


Published on

Presentation at Data Protection Governance symposium, IViR, University of Amsterdam, 20 June 2011, and at Hong Kong University law school seminar on 2 Mar 2012

Published in: Technology, News & Politics
  • Be the first to comment

Privacy attitudes, incentives and behaviours

  1. 1. Privacy attitudes, incentives and behaviours Dr Ian Brown Oxford Internet Institute
  2. 2. Overview <ul><li>The privacy paradox </li></ul><ul><li>Younger people and privacy </li></ul><ul><li>Location privacy </li></ul><ul><li>Medical privacy </li></ul><ul><li>Behavioural economics and market failure </li></ul><ul><li>Lessons for data protection governance </li></ul>
  3. 3. Privacy concerns Source: Flash Eurobarometer #225 (2008: 7)
  4. 4. Attitudes vs. disclosure Spiekermann, Grossklags and Berendt (2002)
  5. 5. Young people and privacy <ul><li>Most young people see Internet as private space for talking to (already-known) friends, and target information to peer group </li></ul><ul><li>Lenhart et al. (2007) found stricter access controls on photos/videos by teens than adults (76% v 58% most of time/sometimes) </li></ul><ul><li>Teens showed higher privacy concerns with parental monitoring; parental discussions increased privacy concerns and reduced disclosure </li></ul><ul><li>Adult users of social media are developing similar behaviours – consequence of mediation, not age (Marwick et al. 2010) </li></ul>
  6. 6. Young adults and privacy <ul><li>Hoofnagle et al. (2010) found very limited understanding of privacy laws among young adults – 42% answered all 5 questions incorrectly </li></ul><ul><li>Jones et al. surveyed 7,421 students at 40 US colleges. 75% concerned about passwords, SSNs, credit card numbers but few about SNSes due to insignificant consequences (2009) </li></ul>
  7. 7. Student information disclosure What kind of personal information do you post online? (first year N=177, final year N=133) Oostveen (2010)
  8. 8. Sampling Facebook Experiences <ul><li>Mobile phones carried by students </li></ul><ul><li>Location retrieved with embedded GPS </li></ul><ul><li>Subjects answer questions (e.g., sharing choices) </li></ul><ul><li>Facebook Application </li></ul><ul><li>Location disclosed to friends </li></ul><ul><li>Server </li></ul><ul><li>Data are collected in our server </li></ul><ul><li>Questions are sent to participants through SMS </li></ul><ul><li>Aims </li></ul><ul><li>To understand: </li></ul><ul><li>Why do students share their location </li></ul><ul><li>How (text, picture) </li></ul><ul><li>When, to whom they share this location </li></ul><ul><li>At what locations are they more willing to share </li></ul>
  9. 9. Location sharing <ul><li>40 participants responded to over 2000 questions over 2 weeks </li></ul><ul><li>Participants are more willing to share their location when they are in ‘Leisure’ or ‘Academic’ locations than in the ‘Library’ or in ‘Residential’ areas. </li></ul>Abdesslem, Parris & Henderson (2010)
  10. 10. HIV record privacy <ul><li>Interviews with 41 African women living with HIV in London who use the internet in relation to their health </li></ul><ul><li>6 months of fieldwork in 3 HIV clinics in London </li></ul><ul><li>2 focus groups at community support groups </li></ul><ul><li>Participants asked about their experiences of being diagnosed and living with HIV, information seeking and internet use </li></ul><ul><li>Privacy not mentioned by interviewer </li></ul><ul><li>Aimed at ‘foregrounding practicalities’ in interviews (Mol, 2002), and interviews were analysed and coded for how participants spoke about ‘doing privacy’ </li></ul>Manzanderani and Brown (2011)
  11. 11. Patient preferences <ul><li>Strong preference for HIV physicians over others such as GPs due to perceptions of different types of confidentiality practices and professionalism </li></ul><ul><li>Strong resistance to moving practitioners </li></ul><ul><li>Continuity of care stressed as important for privacy </li></ul><ul><li>Took a long time to develop relationships of trust with a given practitioner </li></ul><ul><li>People from similar ethnic and cultural background often resisted as a information source for fear of knowledge of a HIV positive diagnosis spreading to community and country of origin </li></ul>Manzanderani and Brown (2011)
  12. 12. Sharing medical data Source: The Use of Personal Health Information in Medical Research, Medical Research Council, June 2007 pp.54-55
  13. 13. Privacy is contextual <ul><li>“ Contrary to the assumption … that people have stable, coherent, preferences with respect to privacy, we find that concern about privacy … is highly sensitive to contextual factors” </li></ul><ul><ul><li>Privacy salience primes concerns </li></ul></ul><ul><ul><li>“ People, it seems, feel more comfortable providing personal information on unprofessional sites that are arguably particularly likely to misuse it.” </li></ul></ul><ul><ul><li>“ Covert inquiries … do not trigger concerns about privacy, and hence promote disclosure.” </li></ul></ul>John, Acquisti and Loewenstein (2011)
  14. 14. Homo economicus vs. sapiens <ul><li>Bounded rationality </li></ul><ul><li>Privacy risks are highly probabilistic, cumulative, and difficult to calculate </li></ul><ul><li>Most individuals bad at deferred gratification, and have time-inconsistent preferences </li></ul>Acquisti (2009)
  15. 15. Market failures in privacy <ul><li>Negative externalities – sale of personal data without compensation to subject </li></ul><ul><li>Information asymmetry – data gathered ubiquitously and invisibly in a way few consumers understand </li></ul><ul><li>Privacy policies unreadable and difficult to verify/enforce, with unstable equilibrium. Seals and lemon markets </li></ul><ul><li>Information industries are highly concentrated; privacy ignored by competition regulators </li></ul>
  16. 16. Correcting market failure <ul><li>Minimum standards of care – organisational and technical protections </li></ul><ul><li>Simplified privacy policies and breach disclosure reduce information asymmetry </li></ul><ul><li>More effective enforcement (group actions?) internalises cost of harms </li></ul><ul><li>New focus by privacy regulators on interoperability and defaults? </li></ul>Romanosky and Acquisti (2009), Brown and Marsden (2008)
  17. 17. Lessons for DP governance <ul><li>Basing privacy protections on fully-rational individual behaviour will have limited impact </li></ul><ul><li>Privacy and competition regulators may have to work together to ensure consumers have meaningful privacy choices </li></ul><ul><li>Continued regulatory intervention is needed to protect individual and societal interests in privacy </li></ul>
  18. 18. References