Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Usable Transparency via Individualisation
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
2019 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The General Data Protection Regulation grants data subjects the legal rights of transparency and intervenability. Ex post transparency provides users of data services with insight into how their personal data have been processed, and potentially clarifies what consequences will or may arise due to the processing of their data. Technological artefacts, ex post transparency-enhancing tools (TETs) convey such information to data subjects, provided the TETs are designed to suit the predisposition of their audience. Despite being a prerequisite for transparency, however, many of the TETs available to date lack usability in that their capabilities do not reflect the needs of their final users.

The objective of this thesis is therefore to systematically apply the concept of human-centred design to ascertain design principles that demonstrably lead to the implementation of a TET that facilitates ex post transparency and supports intervenability. To this end, we classify the state of the art of usable ex post TETs published in the literature and discuss the gaps therein. Contextualising our findings in the domain of fitness tracking, we investigate to what extent individualisation can help accommodate the needs of users of online mobile health services. We introduce the notion of privacy notifications as a means to inform data subjects about incidences worthy of their attention and examine how far privacy personas reflect the preferences of distinctive groups of recipients. We suggest a catalogue of design guidelines that can serve as a basis for specifying context-sensitive requirements for the implementation of a TET that leverages privacy notifications to facilitate ex post transparency, and which also serve as criteria for the evaluation of a future prototype.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2019. , p. 140
Series
Karlstad University Studies, ISSN 1403-8099 ; 2019:8
Keywords [en]
Data transparency, General Data Protection Regulation (GDPR), Human-centred design, Human-computer interaction (HCI), Information privacy, Intervenability, Mobile health (mhealth), Transparency-enhancing tool (TET), Usability
National Category
Human Computer Interaction Interaction Technologies Media and Communication Technology
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-71120ISBN: 978-91-7867-003-1 (print)ISBN: 978-91-7867-008-6 (electronic)OAI: oai:DiVA.org:kau-71120DiVA, id: diva2:1292568
Presentation
2019-05-23, 1B309, Karlstad university, Karlstad, 10:00 (English)
Opponent
Supervisors
Funder
EU, Horizon 2020, 675730
Note

Paper 2 ingick som manuskript i avhandlingen, nu publicerad.

Available from: 2019-05-02 Created: 2019-02-28 Last updated: 2019-09-18Bibliographically approved
List of papers
1. To Be, or Not to Be Notified: Eliciting Privacy Notification Preferences for Online mHealth Services
Open this publication in new window or tab >>To Be, or Not to Be Notified: Eliciting Privacy Notification Preferences for Online mHealth Services
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Millions of people are tracking and quantifying their fitness and health, and entrust online mobile health (mhealth) services with storing and processing their sensitive personal data. Ex post transparency-enhancing tools (TETs) enable users to keep track of how their personal data are processed, and represent important building blocks to understand privacy implications and control one’s online privacy. Particularly, privacy notifications provide users of TETs with the insight necessary to make informed decision about controlling their personal data that they have disclosed previously. To investigate the notification preferences of users of online mhealth services, we conducted an online study. We analysed how notification scenarios can be grouped contextually, and how user preferences with respect to being notified relate to intervenability. Moreover, we examined to what extent ex post notification preferences correlate with privacy personas established in the context of trust in and reliability of online data services. Based on our findings, we discuss the implications for the design of usable ex post TETs.

Keywords
privacy, transparency-enhancing tool, usability, personas, mhealth
National Category
Human Computer Interaction Other Computer and Information Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-71118 (URN)
Note

The manuscript is currently under submission and represent a preliminary entry created to satisfy the prerequisites for the licentiate thesis. The record will be finalised and adapted (type will change from Manuscript to Proceedings) once the publication is accepted for publishing.

Available from: 2019-02-18 Created: 2019-02-18 Last updated: 2019-06-14Bibliographically approved
2. Eliciting Design Guidelines for Privacy Notifications in mHealth Environments
Open this publication in new window or tab >>Eliciting Design Guidelines for Privacy Notifications in mHealth Environments
2019 (English)In: International Journal of Mobile Human Computer Interaction, ISSN 1942-390X, E-ISSN 1942-3918, Vol. 11, no 4, p. 66-83Article in journal (Refereed) Published
Abstract [en]

The possibilities of employing mobile health (mhealth) devices for the purpose of self-quantification and fitness tracking are increasing, yet few users of online mhealth services possess proven knowledge of how their personal data are processed once the data have been disclosed. Ex post transparency-enhancing tools (TETs) can provide such insight and guide users in making informed decisions with respect to intervening with the processing of their personal data. At present, however, there are no suitable guidelines that aid designers of TETs in implementing privacy notifications that reflect their recipients’ needs in terms of what they want to be notified about and the level of guidance required to audit their data effectively. Based on an analysis of gaps related to TETs, the findings of a study on privacy notification preferences, and the findings on notifications and privacy notices discussed in the literature, this paper proposes a set of guidelines for the human-centred design of privacy notifications that facilitate ex post transparency.

Place, publisher, year, edition, pages
IGI Global, 2019
Keywords
Data transparency, Human-Centred Design, Individualisation, Intervenability, Mobile Health (mHealth), Notification, Privacy, Transparency-Enhancing Tool (TET), Usability
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-71119 (URN)10.4018/IJMHCI.2019100106 (DOI)
Note

Artikeln ingick som manuskript i Murmanns (2019) licentiatuppsats Towards Usable Transparency via Individualisation.

Available from: 2019-02-18 Created: 2019-02-18 Last updated: 2019-09-19Bibliographically approved
3. Tools for Achieving Usable Ex Post Transparency: A Survey
Open this publication in new window or tab >>Tools for Achieving Usable Ex Post Transparency: A Survey
2017 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 5, p. 22965-22991Article in journal (Refereed) Published
Abstract [en]

Transparency of personal data processing is a basic privacy principle and a right that is well acknowledged by data protection legislation, such as the EU general data protection regulation (GDPR). The objective of ex post transparency enhancing tools (TETs) is to provide users with insight about what data have been processed about them and what possible consequences might arise after their data have been revealed, that is, ex post. This survey assesses the state of the art in scientific literature of the usability of ex post TETs enhancing privacy and discusses them in terms of their common features and unique characteristics. The article first defines the scope of usable transparency in terms of relevant privacy principles for providing transparency by taking the GDPR as a point of reference, and usability principles that are important for achieving transparency. These principles for usable transparency serve as a reference for classifying and assessing the surveyed TETs. The retrieval and screening process of the publications is then described, as is the process for deriving the subsequent classification of the characteristics of the TETs. The survey not only looks into what is made transparent by the TETs but also how transparency is actually achieved. A main contribution of this survey is a proposed classification that assesses the TETs based on their functionality, implementation and evaluation as described in the literature. It concludes by discussing the trends and limitations of the surveyed TETs in regard to the defined scope of usable TETs and shows possible directions of future research for addressing these gaps. This survey provides researchers and developers of privacy enhancing technologies an overview of the characteristics of state of the art ex post TETs, on which they can base their work.

Place, publisher, year, edition, pages
IEEE, 2017
Keywords
GDPR, HCI, privacy, transparency, usability, visualization
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65290 (URN)10.1109/ACCESS.2017.2765539 (DOI)000415170200021 ()
Projects
Privacy&Us
Funder
EU, Horizon 2020
Available from: 2017-11-29 Created: 2017-11-29 Last updated: 2019-10-21Bibliographically approved
4. Usable Transparency for Enhancing Privacy in Mobile Health Apps
Open this publication in new window or tab >>Usable Transparency for Enhancing Privacy in Mobile Health Apps
2018 (English)In: Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services Adjunct, New York, NY, USA: Association for Computing Machinery (ACM), 2018, p. 440-442Conference paper, Oral presentation with published abstract (Refereed)
Place, publisher, year, edition, pages
New York, NY, USA: Association for Computing Machinery (ACM), 2018
Keywords
privacy, transparency, notification, privacy persona, preferences
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-69468 (URN)10.1145/3236112.3236184 (DOI)978-1-4503-5941-2 (ISBN)
Conference
MobileHCI 2018
Available from: 2018-10-04 Created: 2018-10-04 Last updated: 2019-02-28

Open Access in DiVA

Kappa_Murmann(1672 kB)100 downloads
File information
File name FULLTEXT01.pdfFile size 1672 kBChecksum SHA-512
980e7a560d427ce612a023ce3846ad268f0bc26a2c485a1cd7e493a53754c61c585084b8cae3bcbf3c80e7c09e981cb1228df2047ef7f5cb71a2acf8ceaee847
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Murmann, Patrick
By organisation
Department of Mathematics and Computer Science (from 2013)
Human Computer InteractionInteraction TechnologiesMedia and Communication Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 100 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1939 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf