+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Understanding the Privacy Design Space for Personal Connected Objects


      1 , 2 , 2 , 3

      Proceedings of the 30th International BCS Human Computer Interaction Conference (HCI)


      11 - 15 July 2016

      Privacy, Internet of Things, Semi-structured interview



            Privacy is a major obstacle preventing the growth of the Internet of Things (IoT). As more connected objects become integrated in daily lives, ensuring that people feel comfortable with IoT’s impact on their privacy becomes increasingly important. To date the understanding of users’ perception regarding privacy risks in the connected object space is limited. In this paper we aim to shed lights on this issue through a qualitative study of in-depth interview with 16 people. Our results show that users are primarily concerned with the “Data Ownership” (i.e., who owns the data), when interacting with connected objects. Our findings suggest the need for an intuitive tool that can minimise the cognitive distance between users’ mental model and the functionalities offered by connected objects. As a result we provide guidelines to design this kind of tool.


            Author and article information

            July 2016
            July 2016
            : 1-13
            [0001]Computer Laboratory University of Cambridge

            William Gates Building, 15 JJ Thomson Ave Cambridge, CB3 0FD (UK)
            [0002]Bell Labs


            Clyde House

            Dublin D15 Y6NT, Ireland
            [0003]Bell Labs Nokia

            Copernicuslaan 50

            Antwerpen, Belgium
            © Montanari et al. Published by BCS Learning and Development Ltd. Proceedings British HCI 2016 - Fusion, Bournemouth, UK

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Proceedings of the 30th International BCS Human Computer Interaction Conference
            Bournemouth University, Poole, UK
            11 - 15 July 2016
            Electronic Workshops in Computing (eWiC)
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing


            1. 2013 Little brothers watching you: Raising awareness of data leaks on smartphones Proceedings of the 9th Symposium on Usable Privacy and Security. ACM

            2. 1993 Design for privacy in ubiquitous computing environments Proceedings of the Third European Conference on Computer-Supported Cooperative Work 13–17 September 1993, Milan, Italy ECSCW?93 pp. 77 92 Springer

            3. 2010 The wi-fi privacy ticker: improving awareness & control of personal information exposure on wi-fi Proceedings of the 12th ACM international conference on Ubiquitous computing. ACM

            4. 2014 Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications

            5. 2006 User interfaces for privacy agents ACM Transactions on Computer-Human Interaction (TOCHI) 13 2 135 178

            6. 2001 The culnanmilne survey on consumers & online privacy notices: Summary of responses Washington DC: FTC

            7. 2011 PiOS: Detecting Privacy Leaks in iOS Applications Proceedings of 18th Annual Network and Distributed System Security Symposium

            8. 2015 Is this thing on?: Crowdsourcing privacy indicators for ubiquitous sensing platforms Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems pp. 1669 1678 ACM

            9. 2011 Oops, i did it again: Mitigating repeated access control errors on facebook Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM

            10. 2009 Timing is everything?: the effects of timing and placement of online privacy indicators In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM

            11. Federal Trade Commission 2015 Internet of Things: Privacy & security in a connected world https://www.ftc.gov/system/files/documents/reports/\federal-trade-commission-staff-\report-november-2013-workshop-\entitled-internet-things-privacy/150127iotrpt.pdf 25/05/2016.

            12. 2012 Android permissions: User attention, comprehension, and behavior Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM

            13. 2015 Personal data: Thinking inside the box arXiv preprint arXiv:1501.04737

            14. 2004 An architecture for privacy-sensitive ubiquitous computing Proceedings of the 2nd international conference on Mobile systems, applications, and services ACM

            15. 2004 Privacy risk models for designing privacy-sensitive ubiquitous computing systems Proceedings of the 5th conference on Designing interactive systems: processes, practices, methods, and techniques pp. 91 100 ACM

            16. 2006 Prototyping and sampling experience to evaluate ubiquitous computing privacy in the real world Proceedings of the SIGCHI conference on Human Factors in computing systems pp. 1009 1018 ACM

            17. 2004 Privacy policies as decision-making tools: an evaluation of online privacy notices Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM

            18. 2010 An explorative comparison of magic lens and personal projection for interacting with smart objects Proceedings of the 12th international conference on Human computer interaction with mobile devices and services. ACM

            19. 2009 A nutrition label for privacy Proceedings of the 5th Symposium on Usable Privacy and Security. ACM

            20. 2012 A conundrum of permissions: installing applications on an android smartphone Financial Cryptography and Data Security. Springer

            21. 2015 January Online privacy: Regional differences Commun. ACM 58 2 18 20

            22. 2001 Privacy by design-principles of privacy-aware ubiquitous systems Proceedings of Ubicomp 2001: Ubiquitous Computing Springer

            23. 2004 Personal privacy through understanding and action: five pitfalls for designers Personal and Ubiquitous Computing 8 6 440 454

            24. 2012 Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing Proceedings of the 2012 ACM International Conference on Pervasive and Ubiquitous Computing UbiComp ’12 ACM

            25. 2009 Security and privacy challenges in the internet of things Electronic Communications of the EASST 17.

            26. 2008 An empirical investigation of concerns of everyday tracking and recording technologies Proceedings of the 10th international conference on Ubiquitous computing pp. 182 191 ACM

            27. 2009 Encountering sensecam: personal recording technologies in everyday life Proceedings of the 11th international conference on Ubiquitous computing pp. 165 174 ACM

            28. 1983a apr Design rules based on analyses of human error Communications of the ACM 26 4

            29. 1983b Some observations on mental models Mental models.

            30. 2013 The Design of Everyday Things. Perseus Books

            31. 2002 Directive 2002/58/ec of the european parliament and of the council of 12 july 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, off JL 201, 31.7. 2002, at 37.(Directive on Privacy and Electronic Communications)

            32. Pew Research Study (2014). Privacy In All Things Includes the Internet of Things. http://www.abine.com/blog/2014/the-internet-of-things/ 28/02/2015.

            33. 2015 Philips Hue Privacy Policy http://www2.meethue.com/en-us/privacy-and-cookies/ 24/09/2015.

            34. 2001 Privacy notices research final results Conducted by Harris Interactive.

            35. 2010 Privacy Icons: Alpha Release http://www.azarask.in/blog/post/privacy-icons/ 28/02/2015.

            36. 2015 A design space for effective privacy notices To appear in the.

            37. 2011 Visa-vis: Privacy-preserving online social networking via virtual individual servers Communication Systems and Networks (COMSNETS), 2011 Third International Conference on pp. 1 10 IEEE

            38. The Register 2015 WATCH IT: It’s watching you as you WATCH IT (Your Samsung telly is) http://www.theregister.co.u k/2015/02/09/samsung_listens_in_to_everything_you_say_to_your_smart_tellie/ 28/02/2015.

            39. 2010 May I’m Allowing What? Disclosing the authority applications demand of users as a condition of installation. Technical Report MSR-TR-2010-54 28/02/2015.

            40. The Wall Street Journal 2010 Your Apps Are Watching You http://online.wsj.com/news/articles/SB10001424052748704694004576020083\703574602 28/02/2015.

            41. TRUSTe 2014 Internet of Things Industry Brings Data Explosion but Growth Could be Impacted by Consumer Privacy Concerns http://www.truste.com/blog/2014/05/29/internet-of-things-industry-brings-\data-explosion-but-growth-could-be-\impacted-by-consumer-privacy-concerns 28/02/2015.

            42. 2013 The current state of access control for smart devices in homes Workshop on Home Usable Privacy and Security (HUPS)

            43. et al 2011 Internet of things strategic research roadmap Internet of Things-Global Technological and Societal Trends.

            44. 2014 February Surroundweb: Least privilege for immersive “web rooms”. Technical Report MSR-TR-2014-25 28/02/2015.

            45. Withings 2015 Withings Body Scale Privacy Policy http://www2.withings.com/uk/en/legal 24/09/2015.

            46. 2014 Privacy in the Internet of Things: threats and challenges Security and Communication Networks.


            Comment on this article