1 / 37

Responses to privacy incidents in the US

Control and Transparency: Are they sufficient conditions for privacy protection? Laura Brandimarte – Heinz College, Carnegie Mellon University Joint work with (in alphabetical order): Alessandro Acquisti , Idris Adjerid , George Loewenstein. Responses to privacy incidents in the US.

harding-sweeney
Télécharger la présentation

Responses to privacy incidents in the US

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Control and Transparency:Are they sufficient conditions for privacy protection?Laura Brandimarte – Heinz College, Carnegie Mellon UniversityJoint work with (in alphabetical order):Alessandro Acquisti, IdrisAdjerid, George Loewenstein

  2. Responses to privacy incidents in the US • US policy makers have been using two approaches: • Fines on firms with privacy-invasive practices (Google Buzz settlement, Facebook Sponsored Stories settlement)

  3. Responses to privacy incidents in the US • US policy makers have been using two approaches: • Fines on firms with privacy-invasive practices (Google Buzz settlement, Facebook Sponsored Stories settlement) • Reliance on industry self-regulation, focusing on: • Control (choice) • Transparency (notification)

  4. Responses to privacy incidents in the US • US policy makers have been using two approaches: • Fines on firms with privacy-invasive practices (Google Buzz settlement, Facebook Sponsored Stories settlement) • Reliance on industry self-regulation, focusing on: • Control (choice) • Transparency (notification) • Examples: FTC White Paper on Consumer and Privacy, White House Consumer Bill of Rights • Vast consensus both from industry and privacy advocates

  5. Responses to privacy incidents in the US What if control and transparency were not enough?

  6. Misplaced confidences:Privacy and the Control Paradox Laura Brandimarte Alessandro Acquisti George Loewenstein

  7. Misplaced confidences • Question: we need controls to manage our online privacy, but could more perceived control over release of private information reduceprivacyconcerns to the point that we will be more likely to disclose, even when the objective risks associated with disclosure (access and usage by others) increase?

  8. Misplaced confidences • Theoretical background • Perceived control affects perceived risk and increases risk-taking (Slovic, 1987; Weinstein, 1984) • Perceived control increases users’ trust towards a visited website (Hoffman, Novak & Peralta, 1998) • Release of information is what people have direct control over, whereas access and usage involve behaviors by others. People overestimate the importance of their own actions relative to others’ (Gilovich, Medvec & Savitsky, 2000; Galinsky, 2002) • Access and usage of information by others are both uncertain and distant in time, therefore less salient, which reduces their influence on disclosure decisions (Klein, 1998; Slovic, 1975)

  9. Misplaced confidences • Three experiments manipulating control over disclosure and/or accessibility • DV: willingness to answer non compulsory, sensitive questions • Main finding: Control over disclosure may have the unintended effect of lowering privacy concerns, thus increasing willingness to disclose, even when risks of disclosure increase

  10. Misplaced confidences – Study 3 • Design of Study 3: 4 conditions, between-subjects. Survey on “ethical behaviors” (sensitive questions, pre-tested for level of intrusiveness) • Condition 1: if you answer, then answers will be published • Condition 2: check a box if you allow publication of all answers • Condition 3: check a box for each question if you allow publication of that answer • Condition 4: same as Condition 2 but with demographics (identifying info) • Providing implicit or explicit control over disclosure

  11. Misplaced confidences – Study 3

  12. Misplaced confidences – Study 3 • Main result: As long as people perceive control over disclosure, they will indeed disclose, even if the objective risks increase dramatically. Reported privacy concerns mediate this effect • 134 students (67 males, average age = 21.9, SD = 2.72) • All participants in Conditions 2 and 4 checked the publication permission box • Allparticipants in Condition 4 granted permission to publish all three demographic items • Main effect of control over information release was significant: F(3,130) = 33.53, p < 0.001 • Two-way interaction between condition and question intrusiveness was significant: F(3,130) = 11.98, p < 0.001 • Voluntarily revealing demographic information in the Demographics condition did not affect willingness to answer sensitive questions, even though the objective risk of disclosure was higher

  13. Misplaced confidences – Study 3 Participants who had an explicit option to publish their answers felt less privacy concerned and thus became more likely to not just answer, but also allow the publicationof their answers

  14. Misplaced confidences – Study 3 • Implicit control: only 15% of participants answered ALL questions. • Explicit aggregate controls: 37% answered and gave permission to publish ALL their answers. • Explicit granular controls: 28% answered and gave permission to publish ALL their answers. • Explicit aggregate controls with demographics: 39% answered and gave permission to publish ALL their answers and their gender, age, and birth country (making them easier for a stranger to identify).

  15. Misplaced confidences • Conclusions • Privacy controls may lower concerns regarding the actual accessibility and usability of information, driving people to reveal more sensitive information to larger and riskier audiences • Numerous government and corporate entities in the U.S. have advocated self-regulatory ‘choice and consent’ models of privacy protection that essentially rely on users’ awareness and control • Our findings suggest that control over personal information may be a necessary but not sufficient condition for privacy protection • Technologies meant to assist users for better privacy decision making may end up exacerbating the risks they face

  16. Sleights of Privacy:Framing, Disclosures, and the Limits of Transparency IdrisAdjerid Alessandro Acquisti Laura Brandimarte George Loewenstein

  17. Sleights of Privacy • Question: more control over, and more information about, how personal data is used seem an obvious improvement over a situation in which consumers are left in the dark. But what if, due to human limitations and biases, even straightforward and accessible privacy noticescould be predictably manipulated or entirely thwarted?

  18. Sleights of Privacy • Theoretical background • Privacy decision making is hampered by asymmetric information (Wakefield & Fleming, 2009) • Firms in general know a lot more than consumers about the way personal data is collected and used: privacy policies are hard to read and understand (Jensen & Potts, 2004; McDonald & Cranor, 2009) • Choice in general, and therefore privacy-related choice, is subject to framing effects and salience of available information (Kahneman & Tversky, 1979) • Heuristics and biases can influence and distort the way individuals value data protection and act on privacy concerns (Acquisti, 2004, 2009)

  19. Sleights of Privacy • Two experiments to evaluate the impact of framing and bounded rationality on the propensity of privacy notices to impact disclosure • DV: willingness to answer non compulsory, sensitive questions • Main findings: • The impact of privacy notices is sensitive to reference dependence, with notices framed as increasing (decreasing) in protection eliciting increased (decreased) disclosure • The impact of privacy notices on disclosure can be muted or significantly reduced by a slight misdirection which does not alter the objective risk of disclosure

  20. Sleights of Privacy – Study 2 • Design of Study 2: 2(access)x5(misdirection) conditions, between-subjects • Access was either limited to students or extended to faculty as well • Misdirections: none, time delay, department information pages, student committee, student committee and choice • Misdirections are actions or states that do not alter objective privacy risks but may distract consumers from them • Cover story: University social network and survey on academic life (sensitive questions, pre-tested for level of intrusiveness), similar to Study 1 and 2 in the Misplaced Confidences paper

  21. Sleights of Privacy – Study 2 • Main Result: misdirectionsoffset the negative impact of the Student and Faculty privacy notice on disclosure of sensitive academic questions • 280 participants (37% females, average age = 21.5, SD = 3.1) • Absent a misdirection, participants presented with the “Student Only” notice were 26% more likely to disclose (p<.05) relative to participants presented the “Student and Faculty” notice • This effect vanishes in the conditions with a misdirection

  22. Sleights of Privacy – Study 2 Privacy irrelevant misdirections: time delay; request to sign up for departmental information pages Privacy relevant misdirections: student planning committee will use participant’s profile To plan student activities; choice (control) over sharing with the same committee

  23. Conclusions • Current policy and design approaches focusing just on control and transparency may be limited in their ability to improve consumer privacy decision making

  24. Conclusions • Current policy and design approaches focusing just on control and transparency may be limited in their ability to improve consumer privacy decision making • Worse, they may constitute a mere de-responsibilization strategy: choice and notification make consumers responsible for their own privacy protection, and clear institutions from the burden of regulation

  25. Conclusions • Current policy and design approaches focusing just on control and transparency may be limited in their ability to improve consumer privacy decision making • Worse, they may constitute a mere de-responsibilization strategy: choice and notification make consumers responsible for their own privacy protection, and clear institutions from the burden of regulation • Human limited attention and biases may limit the effectiveness of even simple and clear privacy notices

  26. Conclusions • Current policy and design approaches focusing just on control and transparency may be limited in their ability to improve consumer privacy decision making • Worse, they may constitute a mere de-responsibilization strategy: choice and notification make consumers responsible for their own privacy protection, and clear institutions from the burden of regulation • Human limited attention and biases may limit the effectiveness of even simple and clear privacy notices • A way forward? We need to expand the concepts of choice transparency to not only include clarity and ease of comprehension, but also making privacy risks salient and readily available to consumers when they most need them, at the point of disclosure • Examples? ‘Privacy Nudges’

  27. Thank you! • Questions…

  28. Misplaced confidences – Study 1 • Design of Study 1: 2 conditions, between-subjects • Survey on academic life (sensitive questions, pre-tested for level of intrusiveness) • Cover story: CMU networking website • Condition 1: Profile automatically published • Condition 2: profile published with 50% probability • Treatment decreases participants’ feeling of control over public release of their survey answers, while actually reducing the probability of access by others

  29. Misplaced confidences – Study 1 • Main Result: Participants with lower control over information release were significantly less willing to answer personal questions, but especially so for more intrusive questions • 67 students in Condition 1, 65 in Condition 2 (62 males, average age = 21.5, SD = 2.85) • Participants were less likely to answer the more intrusive questions than the less intrusive ones: t(130) = 11.41, p < 0.001 • Main effect of control was significant: F(1,130) = 7.71, p < 0.001 • Two-way interaction between condition and question intrusiveness was significant: F(1,130) = 32.43, p < 0.001

  30. Misplaced confidences – Study 1 Participants with lower control over information release were significantly less willing to answer personal questions, but especially so for more intrusive questions

  31. Misplaced confidences – Study 2 • Design of Study 2: 4 conditions, between-subjects • Survey on academic life (sensitive questions, pre-tested for level of intrusiveness) • Cover story: same as study 1 (CMU networking website) • Condition 1: Profile automatically published and visible to students only • Condition 2: Profile published with 50% probability and visible to students only • Condition 3: Profile automatically published and visible to students and faculty • Condition 4: Profile published with 50% probability and visible to students and faculty • Treatments decreased participants’ feeling of control over public release of their survey answers or increased their direct accessibility

  32. Misplaced confidences – Study 2 • Main Result: Reassurances about control over public release seemed to decrease participants’ attention to issues of actual accessibility • 200 participants (80 males, average age = 21.3, SD = 2.23) • Main effect of control on question-responding was significant: F(1,196) = 36.4, p < 0.001 • Significant two-way interaction between control over release and question intrusiveness: F(1,196) = 15.67, p < 0.001 • Main effect of accessibility by faculty also significant: F(1,196) = 7.86, p < 0.01 • But, as predicted, effect of accessibility was smaller in the case of certain publication: significant interaction of control and accessibility (F(1,196) = 4.12, p < 0.05)

  33. Misplaced confidences – Study 2 When disclosure was uncertain, participants were less willing to answer intrusive questions if the audience was composed of students and faculty as compared to students only (t(98) = 3.92, p < .001). This difference was, however, smaller and barely significant when disclosure was certain (t(98) = .864, p = .052)

  34. Sleights of Privacy – Study 1 • Design of Study 1: 2-survey study, 4 conditions, between-subjects • Condition 1: Low privacy protections (identifiedsurvey, throughemail address) whichdidnotchangeacross the 2 phases • Condition 2: Decreasing privacy protections, from high (anonymous survey) to low • Condition 3: High privacy protectionswhichdidnotchangeacross the 2 phases • Condition 4: Increasing privacy protections, from low to high • Surveys on sensitive behaviors, such as drug use or related to sex-life

  35. Sleights of Privacy – Study 1 • Design of Study 1

  36. Sleights of Privacy – Study 1 • Main Result: People tend to disclose more (less) if provided with increasing (decreasing) levels of protection than when they perceive no change, but in fact end up with the same level of protection • 386 participants (43% females, average age = 30, SD = 13.5) • In Survey 1, participants disclosed more if they were provided high protection, but this effect vanishes in Survey 2, suggesting that people may fall into some default mode of disclosure • For the most sensitive questions, participants presented decreasing protection disclosed 14% less (p<.05) than participants that were presented no change in privacy notices • Participants that were presented increasing privacy protection shared 11% more (p<.05) than participants that were presented no change in privacy notices

  37. Sleights of Privacy – Study 1

More Related