Affiliation:
1. Karlstad University, Karlstad, Sweden
Abstract
The possibilities of employing mobile health (mhealth) devices for the purpose of self-quantification and fitness tracking are increasing; yet few users of online mhealth services possess proven knowledge of how their personal data are processed once the data have been disclosed. Ex post transparency-enhancing tools (TETs) can provide such insight and guide users in making informed decisions with respect to intervening with the processing of their personal data. At present, however, there are no suitable guidelines that aid designers of TETs in implementing privacy notifications that reflect their recipients' needs in terms of what they want to be notified about and the level of guidance required to audit their data effectively. Based on an analysis of gaps related to TETs, the findings of a study on privacy notification preferences, and the findings on notifications and privacy notices discussed in the literature, this paper proposes a set of guidelines for the human-centred design of privacy notifications that facilitate ex post transparency.
Reference41 articles.
1. Anderson, B., Vance, T., Kirwan, B., Eargle, D., and Howard, S. (2014). Users Aren’t (Necessarily) Lazy: Using NeuroIS to Explain Habituation to Security Warnings. Academic Press.
2. Towards usable privacy policy display and management
3. Anthonysamy, P., Rashid, A., & Chitchyan, R. (2017). Privacy Requirements: Present & Future. In Software Engineering: Software Engineering in Society Track (ICSE-SEIS), 2017 IEEE/ACM 39th International Conference on, (pp. 13–22). IEEE.
4. Art. 29 Working Party. (2011). Advice paper on special categories of data (“sensitive data”). Technical Report Ares(2011)444105–20/04/2011, Article 29 Data Protection Working Party.
5. Styx: Design and Evaluation of a New Privacy Risk Communication Method for Smartphones