Abstract
We present a privacy transparency tool, which helps non-expert consumers understand and compare how Internet of Things (IoT) devices handle data. The need for such tools arises with the growing number of IoT products and the privacy implications of their use. This research is further motivated by legal acts, such as the General Data Protection Regulation (GDPR), which mandates the communication of privacy practices in a clear language. Our solution summarizes key privacy facts and visualizes information flows in a way that facilitates quick assessments, even for large data sets. We followed an interdisciplinary iterative design process that combines input from legal and usability experts, as well as feedback from 15 participants of our think-aloud task analysis study. In addition to explaining the rationale behind the design and evaluation methodology, we compare our solution, implemented as a graphical user interface, with existing ones. The results show that participants consider the interface straightforward and useful. Our solution encourages them to think critically about privacy and question some of the manufacturers’ claims. Participants also reported that they would be glad if such tools were widely available, to further improve privacy awareness. Besides, our solution can be a part of an evidence-based standardization process, enabling policy-makers to further promote privacy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We chose this test because it is suitable for a sample size of 15, and because we have a normal distribution of scores, verified by means of a Shapiro-Wilk normality test.
References
Aleisa, N., et al.: Privacy of the Internet of Things: a systematic literature review. In: International Conference on System Sciences (2017)
Bangor, A., et al.: An empirical evaluation of the system usability scale. Int. J. HCI 24, 574–594 (2008)
Bos, B.: Data Privacy Vocabulary. W3C Recommendation, July 2019
Braun, V., et al.: Using thematic analysis in psychology. Qual. Res. Psychol. 3, 77–101 (2006)
Brooke, J.: SUS - a quick and dirty usability scale. In: Usability Evaluation in Industry (1986)
Christin, D.: Privacy in mobile participatory sensing: current trends and future challenges. J. Syst. Softw. 116, 57–68 (2016)
Cranor, L.F.: Necessary but not sufficient: standardized mechanisms for privacy notice and choice. JTHTL 10, 36 (2012)
Davis, A., et al.: The visual microphone: passive recovery of sound from video. ACM Trans. Graph. 33, 1–10 (2014)
De Cremer, D., et al.: The integrity challenge of the IoT. J. Mark. Manag. 33, 145–158 (2017)
Emami-Naeini, P., et al.: Exploring how privacy and security factor into IoT device purchase behavior. In: CHI (2019)
Emami-Naeini, P., et al.: The influence of friends and experts on privacy decision making in IoT scenarios. In: ACM on HCI (2018)
Engelbart, D.: Augmenting human intellect. Technical report (1962)
ETSI: Cyber Security for Consumer IoT: Baseline Requirements. European Standard 303 645 (2020)
European Parliament and Council of European Union: Regulation 2016/679 of 27 April 2016. Official Journal of the European Union (2016)
Faulkner, L.: Beyond the five-user assumption. Behav. Res. Methods Instrum. Comput. 35, 379–383 (2003)
Fischer-Hübner, S., Angulo, J., Karegar, F., Pulls, T.: Transparency, privacy and trust – technology for tracking and controlling my data disclosures: does this work? In: Habib, S.M.M., Vassileva, J., Mauw, S., Mühlhäuser, M. (eds.) IFIPTM 2016. IAICT, vol. 473, pp. 3–14. Springer, Cham (2016)
Fox, G., et al.: Communicating compliance: developing a GDPR privacy label. In: AMCIS (2018)
Greveler, U., et al.: Multimedia content identification through smart meter power usage profiles. In: IKE (2012)
Johnson, S., et al.: The impact of IoT security labelling on consumer product choice and willingness to pay. PLoS ONE 15(1), e0227800 (2019)
Kelley, P.G., et al.: A nutrition label for privacy. In: SOUPS (2009)
Kosinski, M., et al.: Private traits and attributes are predictable from digital records of human behavior. PNAS 110, 5802–5805 (2013)
Lane, N.D., et al.: On the feasibility of user de-anonymization from shared mobile sensor data. In: PhoneSense (2012)
Lau, J., et al.: Alexa, are you listening? In: ACM on HCI (2018)
Lupton, R., et al.: Hybrid sankey diagrams. In: Resources, Conservation and Recycling (2017)
Mcdonald, N., et al.: Reliability and inter-rater reliability in qualitative research. In: ACM on HCI (2019)
Miller, G.A.: The magical number \(7 \pm 2\). Psychol. Rev. 63, 81 (1956)
Narayanan, A., et al.: How to Break Anonymity of the Netflix Prize Dataset. arXiv preprint (2006)
Nielsen, J., et al.: Heuristic evaluation of user interfaces. In: CHI (1990)
Page, X., et al.: The internet of what? IMWUT 2, 1–22 (2018)
Bihr, P.: A trustmark for IoT. Technical report, ThingsCon (2017)
van Diermen, R.: A privacy label for IoT products. Ph.D. thesis (2018)
Railean, A., et al.: Let there be LITE. In: MobileHCI (2018)
Railean, A., et al.: Life-long privacy in the IoT? In: IFIP PIM (2017)
Schneier, B.: Click Here to Kill Everybody (2018)
Shen, Y., Vervier, P.-A.: IoT security and privacy labels. In: Naldi, M., Italiano, G.F., Rannenberg, K., Medina, M., Bourka, A. (eds.) APF 2019. LNCS, vol. 11498, pp. 136–147. Springer, Cham (2019)
Theofanos, M., et al.: Usability testing of ten-print fingerprint capture. Technical report, National Institute of Standards and Technology (2007)
Trends-17. Technical report, Globalwebindex (2016)
Tullis, T.S., et al.: A comparison of questionnaires for assessing website usability. In Usability Professional Association Conference (2004)
Zheng, S., et al.: User perceptions of smart home IoT privacy. In: ACM on HCI (2018)
Ziegeldorf, J.H., et al.: Privacy in the IoT. In: Security and Communication Networks (2014)
Acknowledgments
We thank the participants of our study and our colleagues at the DPA of Schleswig-Holstein and USECON GmbH, as well as the open source contributors whose software we relied on. This research has received funding from the H2020 Marie Skłodowska-Curie EU project “Privacy&Us” under the grant agreement No 675730.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Railean, A., Reinhardt, D. (2021). OnLITE: On-line Label for IoT Transparency Enhancement. In: Asplund, M., Nadjm-Tehrani, S. (eds) Secure IT Systems. NordSec 2020. Lecture Notes in Computer Science(), vol 12556. Springer, Cham. https://doi.org/10.1007/978-3-030-70852-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-70852-8_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-70851-1
Online ISBN: 978-3-030-70852-8
eBook Packages: Computer ScienceComputer Science (R0)