ACM Digital Library home
ACM home
Advanced Search
10.1145/1900546.1900560acmotherconferencesArticle/Chapter ViewAbstractPublication PagesnspwConference Proceedingsconference-collections
research-article

On-line privacy and consent: a dialogue, not a monologue

NSPW '10: Proceedings of the 2010 New Security Paradigms WorkshopSeptember 2010 Pages 95–106https://doi.org/10.1145/1900546.1900560
Online:21 September 2010Publication History
  • 13citation
  • 468
  • Downloads
Metrics
Total Citations13
Total Downloads468
Last 12 Months26
Last 6 weeks5
NSPW '10: Proceedings of the 2010 New Security Paradigms Workshop
On-line privacy and consent: a dialogue, not a monologue
Pages 95–106
PreviousChapterNextChapter

ABSTRACT

With the move to deliver services on-line, there is a reduction in opportunities for a service user to discuss and agree to the terms of the management of their personal data. As the focus is turned to on-line technologies, the design question becomes one of privacy protection not privacy negotiation and conflict resolution. However, the findings from a large privacy survey and the outputs of several follow-up focus groups reflect a need for privacy systems to also support different types of privacy and consent dialogues. These dialogues are used to support the resolution of privacy dilemmas through the selection of effective privacy protection practices. As the face to face contact between service user and service provider decreases, the potential for these types of dialogues to become increasingly important grows. The work presented in this paper forms the initial part of a study to learn more about the types of privacy dialogue and negotiation that should be deployed in on-line services. In this position paper we outline the types of privacy and consent dialogues that service providers and service users want to have. We also explore how a socio-technical approach should ideally form the basis of the design and implementation of any dialogue system.

References

  1. Probst, C.W and Hansen, R. R. 2009. Fluid Information Systems. In Proceedings of New Security Paradigms Workshop. http://www.nspw.org/proceedings/2009 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Laurie, B. and Singer, A. 2009. Choose the Red Pill and the Blue Pill. In Proceedings of New Security Paradigms Workshop. http://www.nspw.org/proceedings/2009 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Turpe, S., 2009. What is the Shape of Your Security Policy? Security as a Classification Problem. In Proceedings of New Security Paradigms Workshop. http://www.nspw.org/proceedings/2009 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Shirley, J. and Evans, D. 2009. The User is Not the Enemy: Fighting Malware by Tracking User Intentions. In Proceedings of New Security Paradigms Workshop. http://www.nspw.org/proceedings/2009 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Church, L. and Whitten, A. 2009. Generative Usability: Security and User Centered Design beyond the Appliance. In Proceedings of New Security Paradigms Workshop. http://www.nspw.org/proceedings/2009 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bogdanovic, D. Crawford, C. and Coles-Kemp, L. 2009. The need for enhanced privacy and consent dialogues. Information Security Technical Report, 14(3), p (167--172). Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Langheinrich, M. 2002. A Privacy Awareness System for Ubiquitous Computing Environments. Ubiquitous Computing, 315--320, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Coles-Kemp, L. Lai, Y. Ford, M. 2009. Privacy: Contemporary Developments in Users' Attitudes and Behaviours. http://www.vome.org.uk/index.php/publications/Google ScholarGoogle Scholar
  9. Teltzrow, M. and Kobsa, A. 2004. Impacts of User Privacy Preferences on Personalised Systems. Designing personalised user experiences in eCommerce. Springer, p (315--332). Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Fox, S., Rainie, L., Horrigan, J., Lenhart, A., Spooner, T., Carter, C. 2000. Trust and Privacy Online: Why Americans Wants to Rewrite the Rules. The Pew Internet & American Life Project. http://www.pewinternet.orgGoogle ScholarGoogle Scholar
  11. Bennett, L. 2009. Reflections on Privacy, Identity and Consent in Online Services. Information Security Technical Report, 14(3), p (119--123). Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Smith, H., Milberg, S., Bruke, S. 1996. Information Privacy: Measuring individuals' concerns about organisational practices. MIS Quart. 20(2), p (167--196). Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Malik, N.A. and Tomlinson, A. 2009. Privacy and Consent in Pervasive Networks. Information Security Technical Report, 14(3), p (138--142). Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. W3C. 2010. Platform for Privacy Preferences, Technology and Society domain. http://www.w3.org/P3PGoogle ScholarGoogle Scholar
  15. PrivacyOS Conference, 12th and 13th April 2010, Oxford, UK. https://www.privacyos.eu/Google ScholarGoogle Scholar
  16. Privacy and Identity Management for Community Services. http://www.picos-project.euGoogle ScholarGoogle Scholar
  17. Jensen, C. Potts, C. Jensen, C. Privacy practices of Internet Users: Self-reports Versus Observed Behaviour. 2005. International Journal of Human-Computer Studies. 63(1--2), p (203--227). Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Brands, S. 2010. U-Prove Technology Overview. Microsoft Corporation. https://connect.microsoft.comGoogle ScholarGoogle Scholar
  19. Clique.2010.Privacy. http://clique.primelife.eu/pg/expages/read/PrivacyGoogle ScholarGoogle Scholar
  20. IDEMIX. http://www.zurich.ibm.com/pri/projects/idemix.htmlGoogle ScholarGoogle Scholar
  21. Westin, A.F. 1967. Privacy and Freedom. New York, Atheneum, p (xvi).Google ScholarGoogle Scholar
  22. Allen, A.L. 1988. Uneasy access: Privacy for women in a free society. Totowa, NJ: Rowman & Littlefield.Google ScholarGoogle Scholar
  23. Whitley, E.A. 2009. Informational Privacy, Consent and the "Control" of Personal Data. Information Security Technical Report, 14(3), p (154--159). Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Barley, S.R. 1988. Technology, power, and the social organization of work: Towards a paradigmatic theory of skilling and deskilling. Research in the Sociology of Organizations, 6, p (33--60).Google ScholarGoogle Scholar
  25. Leuthersser, l., Kohli, A, K. 1995. Relational Behaviour in Business Markets -- Implications for Relationship Management, Journal of Business Research 34, pp. 221--233Google ScholarGoogle ScholarCross RefCross Ref
  26. Paine, C., Reips, U.-D., Stieger, S., Joinson, A., & Buchanan, T. (2007). Internet users'perceptions of 'privacy concerns' and 'privacy actions'. International Journal of Human-Computer Studies, 65(6), 526--536. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. Journal of Consumer Affairs,41(1), 100--126.Google ScholarGoogle Scholar
  28. Bruhn M., Grund M. (2000) Theory, Development and Implementation of National Customer Satisfaction Indices: the Swiss Index of Customer Satisfaction (SWICS) Total Quality Management, Volume 11, Number 7Google ScholarGoogle Scholar
  29. Horn D., Feinberg R., Salvendy, G.(2005) Determinant Elements of Customer Relationshjp Management in e-Business. Behaviour and Information Technology Volume 24, Number 2Google ScholarGoogle Scholar
  30. Buchanan, Tom, Ulf-Dietrich Reips, Carina Paine and Adam N. Joinson, (2007) "Development of measures of on-line privacy concern and protection for use on the Internet." Journal of the American Society for Information Science and Technology, Vol. 58, Issue 2, pp. 157 -- 165 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Solove, D.J., 2008. Understanding Privacy. Harvard.Google ScholarGoogle Scholar
  32. Camenisch, J. & Van Herreweghen, E., 2002, Design and implementation of the idemix anonymous credential system, Proceedings of the 9th ACM Conference on Computer and Communications Security, ACM, pp. 30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Information Commissioner's Office (2008) "Privacy by Design" available from: http://www.ico.gov.uk/upload/documents/pdb_report_html/index.html (last accessed 5th August 2010)Google ScholarGoogle Scholar

Index Terms

  1. On-line privacy and consent: a dialogue, not a monologue

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Publication

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      View Table of Contents
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!