Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
From Design Requirements to Effective Privacy Notifications: Empowering mHealth Users to Make Informed Decisions
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0003-2823-3837
2021 (English)In: International Journal of Human-Computer Interaction, ISSN 1044-7318, E-ISSN 1532-7590, Vol. 37, no 19, p. 1823-1848Article in journal (Refereed) Published
Abstract [en]

To date, there are no satisfactory design requirements for privacy notifications, which constitute a conceptual means of informing users of online data services about how their personal data are processed and guide the decisions they make. Contextualising privacy notifications in the field of personal health tracking, we elicit a set of design requirements from the literature, implement a prototype, and conduct a qualitative, iterative lab study to evaluate the efficacy of the requirements immanent in the prototype. Our findings show that privacy notifications have the potential to facilitate usable transparency and intervenability in the ecosystem of mobile devices. The feedback obtained about the prototype lends itself to a refined set of design requirements presented in this paper. Implementing the principles of human-centred design, these requirements reflect building blocks that can help designers create usable tools that accommodate the needs of users of mobile health services.

Place, publisher, year, edition, pages
2021. Vol. 37, no 19, p. 1823-1848
Keywords [en]
Design requirements, General Data Protection Regulation (GDPR), Human-centred design, Information privacy, Mobile computing, Mobile health (mhealth), Mobile phone, Personal health tracking, Privacy notifications, Rapid prototyping, Transparency-Enhancing Tool (TET)
National Category
Media Engineering Computer Sciences Computer and Information Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-80073DOI: 10.1080/10447318.2021.1913859ISI: 000660315800001Scopus ID: 2-s2.0-85107811795OAI: oai:DiVA.org:kau-80073DiVA, id: diva2:1464316
Funder
EU, Horizon 2020, 675730EU, Horizon 2020, 786767
Note

Article as manuscript in Murmann's doctoral thesis (2020): Information at Your Fingertips: Facilitating Usable Transparency via Privacy Notifications and in Karegar's doctoral thesis (2020): The Lord of Their Data Under the GDPR?: Empowering Users Through Usable Transparency, Intervenability, and Consent

Available from: 2020-09-04 Created: 2020-09-04 Last updated: 2022-05-16Bibliographically approved
In thesis
1. Information at Your Fingertips: Facilitating Usable Transparency via Privacy Notifications
Open this publication in new window or tab >>Information at Your Fingertips: Facilitating Usable Transparency via Privacy Notifications
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The General Data Protection Regulation stipulates legal rights of transparency and intervenability. Transparency provides data subjects with insight into how their personal data have been processed, clarifying what consequences will or may arise due to the processing of their data, whereas intervenability enables them to intervene in the process. Technological artefacts, transparency-enhancing tools (TETs) serve the purpose of conveying respective information precisely and intelligibily. However, despite being a prerequisite for transparency, many TETs available today lack usability in that they do not stringently reflect the needs of their users, which raises the question as to whether individual TETs fulfil their designated purpose.

The objective of this dissertation is to systematically apply principles pertaining to human-centred design to ascertain the qualities necessary to design TETs that facilitate transparency and advise means of intervenability with regard to the needs of their target audience. We classify the state of the art of usable TETs published in the literature and discuss the gaps therein. Contextualising our research in the domain of personal health tracking, we investigate to what extent customisation can help accommodate the needs of users of TETs. We introduce privacy notifications as a conceptual means to inform data subjects about facts worthy of their attention, and examine the immanent properties required to accomplish actual usability. We categorise the characteristics of privacy notifications in terms of what insight they convey, and how respective facts need to be presented to facilitate informed decision-making on the recipient's part. Based on findings obtained via quantitative and qualitative user studies, we elicit concomitant factors related to the parameterisation of privacy notifications. We present the prototypical implementation of TETs whose iterative evaluation provides us with a catalogue of design requirements that demonstrably reflect the needs of their users.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 55
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:28
Keywords
General Data Protection Regulation (GDPR), Human-centred design, Human-computer interaction (HCI), Information privacy, Intervenability, Mobile health (mhealth), Personal health tracking, Privacy notification, Transparency, Transparency-enhancing tool (TET), Usability
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-80075 (URN)978-91-7867-144-1 (ISBN)978-91-7867-148-9 (ISBN)
Public defence
2020-10-28, 21E415A, Sjökvistsalen, Karlstad, 09:00 (English)
Opponent
Supervisors
Note

Artikel 6 del av avhandlingen som manuskript, nu publicerad.

Available from: 2020-10-07 Created: 2020-09-04 Last updated: 2021-07-02Bibliographically approved
2. The Lord of Their Data Under the GDPR?: Empowering Users Through Usable Transparency, Intervenability, and Consent
Open this publication in new window or tab >>The Lord of Their Data Under the GDPR?: Empowering Users Through Usable Transparency, Intervenability, and Consent
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The challenges imposed by the ever-growing online data processing make it difficult for people to control their data, which inevitably imperils the privacy of their personal information and making informed decisions. Thus, there is an increasing need for different societal, technological, and legal solutions that empower users to take control of their data. The intervenability rights and the enhanced transparency and consent requirements in the General Data Protection Regulation (GDPR) aim to enable users to gain control of their data. However, these rights and requirements will not be beneficial for users in practice without considering their Human-Computer Interaction (HCI) implications.

The objective of this thesis is to propose usable tools and solutions which improve user-centred transparency, intervenability, and consent, thereby empowering users to take control of their data and make informed decisions. To this end, we employ quantitative and qualitative empirical HCI research methods and consider users through the development cycles of the proposed tools and solutions. We investigate how usable ex-post transparency can facilitate intervenability by implementing and testing Transparency-Enhancing Tools (TETs) that run on users' devices. Further, we analyse the effectiveness of engaging users with policy information through different types of interaction techniques on drawing user attention to consent form contents. We extend our investigation to the robustness of varying consent form designs to habituation. Moreover, we study how users perceive our design of adapted consent based on the demands and challenges of the technology at hand.

This thesis contributes to bridging the gap between legally compliant and usable tools and techniques that aim to enable users to maintain control of their data, resulting in several artefacts, design guidelines, and empirical contributions. The artefacts comprise prototypes and mockups of usable TETs and consent forms. The guidelines encompass a set of design requirements for ex-post TETs that run based on privacy notifications and recommendations on how to engage users with consent form contents. Finally, the empirical contributions include the analysis of the effectiveness of the proposed means and methods on enabling users to exercise their intervenability rights and provide informed consent.

Abstract [en]

The challenges imposed by the ever-growing online data processing make it difficult for people to control their data, which inevitably imperils the privacy of their personal information. Thus, there is an increasing need for different societal, technological, and legal solutions that empower users to take control of their data. The intervenability rights and the enhanced transparency and consent requirements in the General Data Protection Regulation (GDPR) aim to enable users to gain control of their data. However, they will not be beneficial for users in practice without considering their Human-Computer Interaction (HCI) implications.

The objective of this thesis is to propose usable tools and solutions which improve user-centred transparency, intervenability, and consent, thereby empowering users to take control of their data and make informed decisions. To this end, we investigate how usable ex-post transparency can facilitate intervenability by implementing and testing transparency-enhancing tools that run on users' devices. Further, we analyse the effectiveness of engaging users with policy information through different types of interaction techniques on drawing user attention to consent form contents. We extend our investigation to the robustness of varying consent form designs to habituation. Moreover, we study how users perceive our design of adapted consent based on the demands and challenges of the technology at hand. The outcome of this thesis includes several artefacts, design guidelines, and empirical analyses.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 57
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:36
Keywords
Control of personal data, Data privacy, GDPR, HCI, Informed consent, Transparency-enhancing tool, Usability, User interface design
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-81235 (URN)978-91-7867-170-0 (ISBN)978-91-7867-169-4 (ISBN)
Public defence
2020-12-09, 1B309 (Sjöströmsalen), 13:15 (English)
Opponent
Supervisors
Note

Artikel 2 del av avhandlingen som manuskript, nu publicerad.

Available from: 2020-11-20 Created: 2020-11-05 Last updated: 2021-09-01Bibliographically approved

Open Access in DiVA

fulltext(10086 kB)123 downloads
File information
File name FULLTEXT01.pdfFile size 10086 kBChecksum SHA-512
7a0ea4dd812a73b44291ea9e820809f9556d9d4c76350292363e39bfe2c8bce170ec39c7e521f9ec636d38ec038ae43f55636bfa7ec63308eb5c443e1d2e3c17
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Murmann, PatrickKaregar, Farzaneh

Search in DiVA

By author/editor
Murmann, PatrickKaregar, Farzaneh
By organisation
Department of Mathematics and Computer Science (from 2013)
In the same journal
International Journal of Human-Computer Interaction
Media EngineeringComputer SciencesComputer and Information SciencesHuman Computer Interaction

Search outside of DiVA

GoogleGoogle Scholar
Total: 123 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 435 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf