Acuerdos sobre trabajo y medio ambiente

Finally, our user studies yielded general insights on concerns and data collection choices in CAS. With respect to user concerns, we found that many concerns are related to privacy, i.e. who can see the data, what will happen with the data, sharing data with other parties, and the feeling of being watched. Moreover, concerns regarding the effort the system would require, highlight the impor-tance of automatic inferences and smart support, while users also wish to stay in control. Combining automatic processing with human interaction seems a good solution. Furthermore, inferences should be reliable, without any negative effects on the interactive response time of the PC. Solutions can be using CPU and memory efficient algorithms, running inference algorithms on a server or analyzing samples of data.

With respect to subjective perception of information sensitivity, we found that some sensors are in general perceived as more privacy sensitive (e.g. we-bcam, sound sensor, computer content, digital communication), others as less privacy sensitive (e.g. motion sensors, heart rate, skin conductance). However, preferences regarding data collection are diverse and depend on the goal for which users want to use the system and the trade-offs they make for them-selves regarding privacy. With respect to privacy-friendly user modeling, the user should be able to specify his goal in the system, and the system should

then provide information on which information would have to be collected and which sensors should preferably be switched on. Users may want to experiment how much functionality they can gain with disclosing certain types of data.

As a limitation, we have to note that several user studies were performed with users with a technical background. This may have led to different de-mands and concerns as compared to asking users from other backgrounds. Fur-thermore, the system is developed and evaluated with users in the Netherlands, a country with decent labor laws, which had an influence on the outcomes of our study. In other settings, employees might be less willing to use a context aware system for stress reduction.

Chapter 8

Privacy and user trust in context-aware systems

Context-aware systems (CAS) that collect personal information are a general trend. This leads to several privacy considerations, which we focus on in this chapter. We present as use-case the SWELL system and address privacy from two perspectives: 1) the de-velopment point of view, in which we describe how to apply ‘privacy by design’, and 2) a user study, in which we found that providing detailed information on data collec-tion and privacy by design had a positive effect on trust in our CAS. We also found that the attitude towards using our CAS was related to personal motivation, and not related to perceived privacy and trust in our system. This may stress the importance of implementing privacy by design to protect the privacy of the user.

This chapter is based on Koldijk, Koot, et al. (2014). “Privacy and User Trust in Context-Aware Systems”. Published in: Proceedings of User Modeling, Adaptation and Personalization (UMAP, 2014).

8.1 Introduction

In this research we want to investigate how to address privacy in CAS and whether information on privacy has a positive impact on users’ trust and atti-tude towards using the system. In Shin (2010) they found that in social networks, privacy and security had an effect on the user’s trust in a system and the attitude towards the system, which in turn influenced the intention to use the system.

An overview paper (Smith, Dinev, and Xu,2011) outlines that firms can build trust by implementing fair information practices, communicating a privacy pol-icy explicitly and/or using privacy notices and seals of approval.

We first analyze which privacy aspects are of particular interest in CAS by doing a Privacy Impact Assessment. We make use of a use-case called SWELL, in which work related behavior data is collected with sensors, to provide per-sonalized feedback and support for well-being at work. As the collected data may include rather personal information (e.g. content worked on or facial ex-pressions), interesting privacy aspects arise. This domain distinguishes our re-search from related rere-search in which privacy is often investigated in context of social networks, user profiling, e-commerce, marketing or mobile location enhanced technologies (Smith, Dinev, and Xu,2011). We then outline how Pri-vacy by Design (Cavoukian, 2012) can be applied in CAS, resulting in some simple guidelines for developing privacy-friendly CAS. There are many papers on principles for privacy by design, but empirical studies are sparse. Therefore we performed a user study to investigate the effects of privacy by design on users. Our method is similar to the one used in a study on privacy concerns in location-based mobile services (Barkhuus and Dey,2003): users were presented our envisioned system and were asked to give ratings. Our hypothesis is that when users have access to detailed information on data collection and privacy by design, the transparency of the system is higher and users have less privacy concerns and more trust in the system. As a consequence, we hypothesize, they have a more positive attitude towards using the CAS.

In the remainder of this chapter we first introduce our use-case (Section8.2).

Then we present important privacy aspects (Section 8.3). In Section 8.4, we describe how privacy by design can be applied. We then present results of our user study (Section8.5). We end with a Discussion (Section8.6) and Conclusion (Section8.7).