University Of Technology Sydney @Information Innovation series - PowerPoint PPT Presentation

Consumer Privacy Literacy In Digital Technologies Zablon Pingo PhD. Candidate University Of Technology Sydney @Information Innovation series

Privacy instincts • My father died while I was 7 years-old • While in school I avoided disclosing this to other kids!! • Why? -Wanted to be like other kids not viewed as less fortunate - I was worried about the vulnerability from bullies knowing my status - But I was comfortable to disclose to teachers (Managing information boundaries between students and teachers)

Privacy Privacy is an individual(group, or institutions) right to determine when, how and to what extent information about themselves is shared with others (Westin, 1967) Privacy can be defined as a dynamic process of social boundary management by which individuals grant or deny access to other individuals or one’s group (Westin, 1967)

Data Collection and Context collapse (Christl, 2017)

Privacy risks Online • Price discrimination • Manipulation • Financial Loss • Identity theft • Loss of Jobs/employability …....

Privacy protection approaches Information Systems Legal/Regulato (technical and ry Perspective security Perspective) Consumer Awareness Perspective?

Why consumers privacy awareness is important? • The privacy discussion has shifted from structuralistic to individualistic due to increased technological innovations and commercial interests(Fornaciari, 2014) • Increasingly privacy is a socially and economically negotiated construct which calls for consumers to make value judgment and cost-benefit analysis in the trade-off

Why Privacy Awareness is Important • The blurriness of online and offline activities - Reputation and Identity management - Preventing Harm - Limited control of personal Information about individuals online

Why privacy literacy? • Digital technologies make personal information public by default; private by effort (boyd, 2011). • Privacy Paradox- Discrepancy between people’s privacy concerns and actual behaviour (Barnes, 2006;Taddicken & Jers, 2011). • Users want privacy but they seldom know “how to specify” and “what to seek” for their own privacy’ (Shapiro, 2010) • Technological solutions are not effective in protection of privacy (Sweeney, 2013). • Self-regulation through privacy policies not open or transparent (Clarke, 2010).

Dimension to Consumers Privacy literacy/Awareness (1) Knowledge about practices of organizations, institutions and online service providers; (2) Knowledge about laws and legal aspects of online data protection (3) Knowledge about technical aspects of online privacy (4) Knowledge about users strategies for online privacy management (Trepte et al., 2015)

Contextual Integrity “Information flow Norms” • Company Vs. Individual = Confidentiality • Individual Vs. Individual = Reciprocity Sensitive and Non-sensitive? Collapse of Contextual integrity in Technologies (Nissenbaum,2004)

Research question • How do users of digital technologies protect personal Data and manage their privacy? And for what reasons? • What strategies do individuals deploy to protect information privacy?

Research method Qualitative Approach – Face-to-face semi-structured interviews with users of Fitness and Loyalty cards. – Twenty three (N=23) participants – Sydney, Australia based participants – Participants’ education levels - undergraduate students and above – Recruited through Listserves, University Facebook group, word of mouth, leaflets, Bulletins – Online walkthroughs (Google name search and reflection) – Privacy settings and reflections

Participants Digital Technologies Use Social Media Loyalty cards Fitness Trackers LinkedIn Reward Cards Apple Watch Twitter Flybys Garmin Facebook Myers TomTom Instagram Velocity card Fitbit YouTube Frequent flyer Xiaomi Flickr Pinterest

Findings

1. A negotiating attitude towards data sharing • “It dependents attitude” in readiness to share fitness and Loyalty cards data in exchange for benefits/instant gratification “ I am open to doing that, because it reduces cost, for minimal effort on my part. Reduced privacy for at least some money.” • Users of activity trackers regard privacy as a psychologically distant phenomena without any real-life impacts

2. Personal Data “Literacies” Appropriateness of information Mental calculus “ On Facebook I'm quite careful so no address no phone numbers, year of birth, gender, location. My current status is like I'm studying I’m married . So I would share that. So some very basic demographics but nothing that can link me to where I live unless they can still find it somehow. ” Personal Data Minimisation Efforts - Provision of only compulsory information “ I just provide my name email address and any other compulsory data that would have been indicated as Required.” (Kelly)

3. Information Avoidance, Privacy Policies and Privacy 18 Management • Privacy policies complexity • Lack of choices- Opt-in Vs. opt-out options “ If you actually want to use technological devices or applications then 90% of the cases you have to agree with the privacy condition as presented or you cannot use in the application. If you want the app, you have to agree it’s not an option.” (Marcello) • Vulnerability through Information Avoidance as a coping mechanism “ I am lazy with privacy policies, because it’s too long and I think that makes me very loose with my privacy.”

4. Privacy Boundary management • Interpersonal boundary management -Reputation management • Institutional boundary management

a)Personal Boundary management • Context collapse navigation using Pseudonym accounts as a means to creating a personal “space” “ I would share a lot of things, I don't really want to be that public because Twitter is a very public medium. When I'm frustrated with work or something else I don't want people to link me to that person who works or when I'm frustrated with life or because I'm a Christian. Sometimes I'll post Christian stuff. I don't want people necessarily at work to think that's how I think about life” (Julie ) • Monitoring online digital footprint and reputation management “ I do want that when people Google me I do want them to see my LinkedIn profile, that’s really the only thing I try to publish as much as possible. I do want people to see my YouTube video because it's about my research; staff profiles, that’s fine . My Facebook doesn't come up and I think and that's the way I want it ” (Elaine)

• Interpersonal boundary management in social media Facebook for social and quasi-professional LinkedIn for professional purposes Twitter for personal and quasi-professional purposes, Instagram for personal hobbies and self-promotion. “ I really don't get a lot out there in my Facebook timeline, Twitter is sort of quasi professional, I think my main motivation in maintaining that profile to appear visible; look like a somewhat active member of the field. LinkedIn is purely a sort of networking for work purposes and on Snapchat I will snap regularly with friends and Instagram is kind of much about myself - sort of a record of my photos.” (Joe)

b)Institutional boundary management • Managing personal data collection “…….I think once or twice I did sign in with Facebook because of the convenience. But now I usually get them to e-mail me a link to reset my password and then I reset everywhere else. So even though they say would you like to sign in through Facebook, I usually say no. I don't know I just prefer to have that account with just that. And Facebook with just Facebook some things I don't see the relevance of signing up because I don't want Facebook to know what I'm buying. They might soon know for some reasons but I don't want to be the one creating the direct link” (Kelly)

5.Control over personal data • Lack of control of personal Data “ Having control over what gets pushed out I suppose is really up to one to actively manage your privacy. That's what I feel like whether or not people choose to do that's a different story. And that would then I guess involve looking at the privacy statements if they just made the font bigger and the terminology clearer. I would be happy, [but] because they don't really want to tell you the truth and they want to find a way to always fake. I know I'm sounding like a conspiracy theorist but companies just want to find a way to exploit you.” (AOIC, 2016)

6.Technical Skills in use of Technologies • Use of Privacy settings - Understanding of openness of the platform- (Public by default and private by effort) - Tagging - Blocking

7. Challenges to online privacy management • Most people regard privacy as a psychological distance something that happen on virtual world not in real-life • Constraints in Privacy policies (Information Overload and lack of choices) • Complexities of navigating context collapse in Information Technologies

Implications of Privacy Literacy/Awareness Knowledge on Understanding Collection of Information Information exposure Responsibilities Knowledge of Privacy to protect personal data Awareness privacy Risk

Privacy Awareness • Personal Data = Real people • Transparency & Accountability • Enhance individuals knowledge to privacy management and rights