A look into user’s privacy perceptions and data practices of IoT devices

Abstract

Purpose With the rapid deployment of internet of things (IoT) technologies, it has been essential to address the security and privacy issues through maintaining transparency in data practices. The prior research focused on identifying people's privacy preferences in different contexts of IoT usage and their mental models of security threats. However, there is a dearth in existing literature to understand the mismatch between user's perceptions and the actual data practices of IoT devices. Such mismatches could lead users unknowingly sharing their private information, exposing themselves to unanticipated privacy risks. The paper aims to identify these mismatched privacy perceptions in this work. Design/methodology/approach The authors conducted a lab study with 42 participants, where they compared participants’ perceptions with the data practices stated in the privacy policy of 28 IoT devices from different categories, including health and exercise, entertainment, smart homes, toys and games and pets. Findings The authors identified the mismatched privacy perceptions of users in terms of data collection, sharing, protection and storage period. The findings revealed the mismatches between user's perceptions and the data practices of IoT devices for various types of information, including personal, contact, financial, heath, location, media, connected device, online social media and IoT device usage. Originality/value The findings from this study lead to the recommendations on designing simplified privacy notice by highlighting the unexpected data practices, which in turn, would contribute to the secure and privacy-preserving use of IoT devices.