No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
AN EMPIRICAL ANALYSIS OF PRIVACY DASHBOARD ACCEPTANCE: THE GOOGLE CASE
Abstract
Over the last decades, personal data has become a crucial asset
for digital services.
The exploit
a
tion
of this asset, however, entai
ls severe threats to privacy.
Recently, so
-
called Privacy Dashboards have
been presented, which are tools that allow users to gain insight and exercise control over data that a
digital service provider has accumulated about them. This innovation enables no
t only privacy prote
c-
tion but also new ways of collaboration of users and providers of digital services. Privacy Das
h
boards
have the potential to allow users to participate in the generation of user profiles for personalized se
r-
vices, thereby contributing
to improved services. However, w
hile a v
ariety of Privacy Dashboards has
been presented, factors leading to their actual adoption by users are largely unexplored. To fill this
research gap, this paper provides an empirical analysis of antecedents of users’
adoption of Pr
i
vacy
Dashboards, in that focusing in particular on the currently most
-
prominent Privacy Dashboard
“Google My Account”. Integrating the Technology Acceptance Model and the Privacy Calculus, our
analysis shows that trust is the crucial factor
in users’ adoption of the examined Privacy Dashboard
and that Privacy Dashboards can both support users in protec
t
ing their privacy but also induce them
to disclose personal data
and thereby contribute to more precise user profiles
... A popular research field with the goal to increase the transparency of personal data is called Transparency Enhancing Technologies (TETs) [18,22,32]. They enable users to better understand the implications of disclosing personal data, to protect their privacy and to take an active part in the value creation of services [7]. TETs can be categorized into tools that enhance privacy before personal data is disclosed (ex-ante TETs) and tools that retrospectively enhance privacy once personal data has been disclosed (ex-post TETs) [15]. ...
... Then, the participants had to fill out a questionnaire about their attitude towards privacy. This questionnaire was inspired by the works of Cabinakova et al. [7] (trust), Westin [56] and Bergmann [4] (privacy concern index). Furthermore, we asked the participants to fill out the PANAS questionnaire [54] before and after the actual interaction with the tool. ...
... In the set of participants were 9 Unconcerend, 17 Pragmatics and 11 Fundamentalists, which goes along with the distributions observed by Bergmann [4], that unconcerned users are usually underrepresented. The users' trust in services was measured with two questions from Cabinakova et al. [7]. The answers were converted from their Likert scale to a score from 0 to 100. ...
Online services are used for all kinds of activities, like news, entertainment, publishing content or connecting with others. But information technology enables new threats to privacy by means of global mass surveillance, vast databases and fast distribution networks. Current news are full of misuses and data leakages. In most cases, users are powerless in such situations and develop an attitude of neglect for their online behaviour. On the other hand, the GDPR (General Data Protection Regulation) gives users the right to request a copy of all their personal data stored by a particular service, but the received data is hard to understand or analyze by the common internet user. This paper presents TransparencyVis - a web-based interface to support the visual and interactive exploration of data exports from different online services. With this approach, we aim at increasing the awareness of personal data stored by such online services and the effects of online behaviour. This design study provides an online accessible prototype and a best practice to unify data exports from different sources.
... TRA, TPB and RAA are general theories focussing on human behaviour and not on PDT. Several papers included in our review use one of these theories or elements thereof [6,9,31]. In RAA, actual control moderates individual intention and behaviour. ...
... TAM was not specifically designed for exploring privacy, but it was adapted for evaluating acceptance of transparency-enhancing tools, e.g. in [9,31,66]. Cabinakova et al. [9] base their empirical analysis on TAM, TPB and the Privacy Calculus. They studied how information about personal data processing presented by the Google dashboard influences trust in the dashboard and in the dashboard provider, Google (a). ...
... TAM was not specifically designed for exploring privacy, but it was adapted for evaluating acceptance of transparency-enhancing tools, e.g. in [9,31,66]. Cabinakova et al. [9] base their empirical analysis on TAM, TPB and the Privacy Calculus. They studied how information about personal data processing presented by the Google dashboard influences trust in the dashboard and in the dashboard provider, Google (a). ...
A growing number of business models are based on the collection, pro-cessing and dissemination of personal data. For a free decision about the dis-closure of personal data, the individual concerned needs transparency as in-sight into which personal data is collected, processed, passed on to third par-ties, for what purposes and for what time (Personal Data Transparency, or PDT for short). The intention of this paper is to assess theories for research on PDT. We performed a literature review and explored theories used in re-search on PDT. We assessed the selected theories that may be appropriate for exploring PDT. Such research may build on several theories that open up different perspectives and enable various fields of study.
... TRA, TPB and RAA are general theories focussing on human behaviour and not on PDT. Several papers included in our review use one of these theories or elements thereof [6,9,31]. In RAA, actual control moderates individual intention and behaviour. ...
... TAM was not specifically designed for exploring privacy, but it was adapted for evaluating acceptance of transparency-enhancing tools, e.g. in [9,31,66]. Cabinakova et al. [9] base their empirical analysis on TAM, TPB and the Privacy Calculus. They studied how information about personal data processing presented by the Google dashboard influences trust in the dashboard and in the dashboard provider, Google (a). ...
... TAM was not specifically designed for exploring privacy, but it was adapted for evaluating acceptance of transparency-enhancing tools, e.g. in [9,31,66]. Cabinakova et al. [9] base their empirical analysis on TAM, TPB and the Privacy Calculus. They studied how information about personal data processing presented by the Google dashboard influences trust in the dashboard and in the dashboard provider, Google (a). ...
A growing number of business models are based on the collection, processing and dissemination of personal data. For a free decision about the disclosure of personal data, the individual concerned needs transparency as insight into which personal data is collected, processed, passed on to third parties, for what purposes and for what time (Personal Data Transparency, or PDT for short). The intention of this paper is to assess theories for research on PDT. We performed a literature review and explored theories used in research on PDT. We assessed the selected theories that may be appropriate for exploring PDT. Such research may build on several theories that open up different perspectives and enable various fields of study.
... For the sake of differentiation, companies should consider addressing further CDR dimensions once they established a sound set of activities within the data privacy and security dimension. This aligns with the activities of corporations that can be observed in the market (Cabinakova et al. 2016). For instance, some organizations (e.g., Google, German Telekom) already moved down to address the information and transparency dimension, albeit companies should incorporate the effects of being more transparent by providing additional information (e.g., business model, security breaches). ...
While digitalization offers numerous new possibilities for value creation, managers have to overcome a number of threats and obstacles that it harbors. In this context, the concept of Corporate Digital Responsibility (CDR) is of increasing interest to practitioners. Drawing on the well-established paradigm of Corporate Social Responsibility, CDR comprises a set of principles designed to encourage the ethical and conscientious development, adoption, and utilization of digital technologies. This work aims at contributing to the evolving research base by empirically assessing consumer preferences and a consumer segmentation approach with regard to companies’ concrete CDR activities, thus supporting the operationalization of CDR. Hence, this work provides concrete guidance for firms’ CDR activities in practice. To this end, a series of Best–Worst Scaling and dual response studies with a representative sample of 663 German-speaking participants assesses consumers’ perspectives on firms’ concrete (possible) activities within several CDR dimensions. Both DURE studies reveal the potential halo effect of data privacy and security activities on the perception of the CDR engagement at large, suggesting a more holistic approach to digital responsibilities. Besides, the findings reveal that in case of CDR one size does not fit all. Especially in terms of informational approaches, consumer preferences are rather heterogeneous suggesting that consumer segmentation is beneficial for companies. Additionally, the high importance of price for the consumers’ evaluation shows that it can be useful to offer a slimmed-down version in terms of CDR activities for more price-conscious consumers.
... The University of Oslo has presented an identity dashboard [22] that gives users an overview of the use of different digital identities and the data associated with them. University of Freiburg has published work on the classification of privacy dashboards [23] and an empirical analysis of their acceptance [24]. ...
Privacy dashboards provide means for increasing transparency and self-determination for end-users of different systems and domains. However, there is no generic privacy dashboard that fits all needs. Rather, privacy dashboards are domain-dependent and must consider a variety of requirements of the respective domain. Elicitation and balancing of these requirements is essential for establishing privacy dashboards, but is complex and effort-intense. In this respect, various quality characteristics need to be considered which are highly interdependent and partly conflict-ing. In this paper, we present generic requirement and quality models that build a common baseline when developing privacy dashboards for different domains. These models are based on the fact that even domain-specific privacy dashboards share a lot of common problems and characteristics. Our models provide com-panies with a comprehensive framework that supports them in the phases of requirements engineering, planning, and design. We show their applicability in the domain of workplace privacy dashboards, i.e., privacy dashboards that are used to achieve transparency and self-determination for employees.
... Additionally, Xu et al. [9] created a smartphone app which summarizes the use of sensors by different applications. The Google Dashboard was investigated [10] with the focus on user acceptance. ...
This paper investigates user acceptance and privacy concerns of social robots. Users want a transparent view about processing of personal information. Additionally, they want to be able to intervene. It needs to be possible, to modify default settings. To make users aware of potential risks and concerns it is necessary to involve users during the whole development process and a possible solution for transparency and intervenability may be a privacy dashboard for robots. This privacy enhancing technology provides insight into data processing and sensor use. Additionally, it is necessary to involve users during the development process to sharpen their awareness regarding this issues.
Thanks to digital technologies, information about customer needs and contexts is becoming accessible ever more easily and service providers are more closely connected to customers. This development enables services to act on behalf of customers and to proactively initiate the customer interactions. Such services are so-called proactive smart services (PASS) and are a subgroup of smart services. Research suggests that service providers often face the challenge to gain customers’ acceptance of innovative services. In response to this call for action and the change in customer interaction, which can have far-reaching consequences in the lives of customers, we examined the antecedents that explain customers’ acceptance of PASS using a contextualized approach. Hence, we identified PASS-specific antecedents, developed a contextualized acceptance model (UTAUT2-PASS) while drawing from general acceptance theory, and validated it empirically. A comparison of our contextualized model with UTAUT2 as an established yet uncontextualized model confirmed the outperformance of our contextualized model. Our findings advance the academic understanding of PASS and help service providers design PASS for customer acceptance.
The right of access under Art. 15 of the General Data Protection Regulation (GDPR) grants data subjects the right to obtain comprehensive information about the processing of personal data from a controller, including a copy of the data. Privacy dashboards have been discussed as possible tools for implementing this right, and are increasingly found in practice. However, investigations of real world implementations are sparse. We therefore qualitatively examined the extent to which privacy dashboards of ten online services complied with the essential requirements of Art. 15 GDPR. For this, we compared the information provided in dashboards with the information provided in privacy statements and data exports. We found that most privacy dashboards provided a decent initial overview, but lacked important information about purposes, recipients, sources, and categories of data that online users consider to be sensitive. In addition, both the privacy dashboards and the data exports lacked copies of personal data that were processed according to the online services’ own privacy statements. We discuss the strengths and weaknesses of current implementations in terms of their ability to fulfill the objective of Art. 15 GDPR, namely to create awareness about data processing. We conclude by providing an outlook on what steps would be necessary for privacy dashboards to facilitate the exercise of the right of access and to provide real added value for online users.
Zusammenfassung
Selbstbestimmtes Lernen mit Onlinekursen findet zunehmend mehr Akzeptanz in unserer Gesellschaft. Lernende können mithilfe von Onlinekursen selbst festlegen, was sie wann lernen und Kurse können durch vielfältige Adaptionen an den Lernfortschritt der Nutzer angepasst und individualisiert werden. Auf der einen Seite ist eine große Zielgruppe für diese Lernangebote vorhanden. Auf der anderen Seite sind die Erstellung von Onlinekursen, ihre Bereitstellung, Wartung und Betreuung kostenintensiv, wodurch hochwertige Angebote häufig kostenpflichtig angeboten werden müssen, um als Anbieter zumindest kostenneutral agieren zu können. In diesem Beitrag erörtern und diskutieren wir ein offenes, nachhaltiges datengetriebenes zweiseitiges Geschäftsmodell zur Verwertung geprüfter Onlinekurse und deren kostenfreie Bereitstellung für jeden Lernenden. Kern des Geschäftsmodells ist die Nutzung der dabei entstehenden Verhaltensdaten, die daraus mögliche Ableitung von Persönlichkeitsmerkmalen und Interessen und deren Nutzung im kommerziellen Kontext. Dies ist eine bei der Websuche bereits weitläufig akzeptierte Methode, welche nun auf den Lernkontext übertragen wird. Welche Möglichkeiten, Herausforderungen, aber auch Barrieren überwunden werden müssen, damit das Geschäftsmodell nachhaltig und ethisch vertretbar funktioniert, werden zwei unabhängige, jedoch synergetisch verbundene Geschäftsmodelle vorgestellt und diskutiert. Zusätzlich wurde die Akzeptanz und Erwartung der Zielgruppe für das vorgestellte Geschäftsmodell untersucht, um notwendige Kernressourcen für die Praxis abzuleiten. Die Ergebnisse der Untersuchung zeigen, dass das Geschäftsmodell von den Nutzer*innen grundlegend akzeptiert wird. 10 % der Befragten würden es bevorzugen, mit virtuellen Assistenten – anstelle mit Tutor*innen zu lernen. Zudem ist der Großteil der Nutzer*innen sich nicht darüber bewusst, dass Persönlichkeitsmerkmale anhand des Nutzerverhaltens abgeleitet werden können.
Online services are used for all kinds of activities, like news, entertainment, publishing content or connecting with others. But information technology enables new threats to privacy by means of global mass surveillance, vast databases and fast distribution networks. Current news are full of misuses and data leakages. In most cases, users are powerless in such situations and develop an attitude of neglect for their online behaviour. On the other hand, the GDPR (General Data Protection Regulation) gives users the right to request a copy of all their personal data stored by a particular service, but the received data is hard to understand or analyze by the common internet user. This paper presents TransparencyVis - a web-based interface to support the visual and interactive exploration of data exports from different online services. With this approach, we aim at increasing the awareness of personal data stored by such online services and the effects of online behaviour. This design study provides an online accessible prototype and a best practice to unify data exports from different sources.
Spätestens mit Inkrafttreten der EU-Datenschutzgrundverordnung (DSGVO) sind die Themen Datenschutz und Umgang mit personenbezogenen Daten im Berufsalltag der Usability Professionals angekommen. Neben vielen anderen Prozessen sieht die DSGVO explizit die Entwicklung von Privacy Icons vor, um die Datenverarbeitung und -nutzung für die Betroffenen überschaubarer und einfacher erfassbar zu machen. Eines der wichtigsten Anwendungsgebiete stellen Datenschutzhinweise dar, die häufig nicht gelesen werden und damit eine „informierte Einwilligung“ fraglich erscheinen lassen.
In unserem Workshop nehmen wir die TeilnehmerInnen mit auf einen Design-Exkurs: Wir stellen Ergebnisse bisheriger Forschung vor, wie NutzerInnen über Privatheitsrisiken denken, und erweitern diese um die Perspektive professioneller UXlerInnen. Vor allem wird es kreativ und praktisch: In einem Hands-on wollen wir gemeinsam Lösungen für die wahrgenommenen Risiken in prototypische Designs überführen und diskutieren.
The Privacy Calculus theory states that individuals always rationally weigh the potential benefits and potential risks of data disclosure decisions. The rational assumption, however, often turns out to be wrong. The scientific literature has identified some influencing factors. These can be, for example, emotions or the current mood. In addition, there are thinking styles such as the need for cognition or faith into intuition. Also, the framing of a message, status quo bias, anchoring effect, positivity bias, or peer pressure (herding effects and affective commitment) can lead to irrational data disclosure decisions. The trustworthiness and reputation (in particular the possibly resulting halo effect) can additionally lead to decisions with little cognitive effort.
To identify contextual adjustments of the Privacy Calculus theory, expert interviews were conducted with ten Internet users. Respondents feel well informed about the potential benefits, but not about risks. However, information is often difficult to read, too long or not clear. Rational data disclosure decisions are more likely to be made in sensitive contexts (e.g. finance or health care), and irrational decisions tend to be made in less-sensitive contexts (e.g. social networks or e-commerce), with respondents focusing primarily on emotions, peer pressure, or trust and reputation.
To investigate the impact of Privacy Calculus decisions on firm performance, a survey was conducted with 12 internet firms. Most companies explicitly consider privacy-specific characteristics when designing their products, but more likely to show the benefits than the risks of data disclosure. The Privacy Calculus theory is almost completely unknown in practice. However, if it is known, it will also be used to develop the privacy policy, business strategy and business model. However, most companies do not see an impact of Privacy Calculus decisions on firm performance.
This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU's ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.
Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.
ResearchGate has not been able to resolve any references for this publication.