skip to main content
10.1145/3404983.3405588acmotherconferencesArticle/Chapter ViewAbstractPublication PagesmundcConference Proceedingsconference-collections
research-article

User-friendly formulation of data processing purposes of voice assistants: a user perspective on the principle of purpose limitation

Published: 06 September 2020 Publication History

Abstract

In 2019 it was revealed that several providers of voice assistants had systematically evaluated voice recordings of their users. Since the data protection notices stated that data would also be used to improve the service, this use was legal. For the users, however, this evaluation represented a clear break with their expectations of privacy. The purpose limitation principle of the GDPR with its component of purpose specification requires flexibility for the processor as well as transparency for the consumer. Against the background of this conflict of interest, the question arises for HCI as to how processing purposes of voice assistants should be designed to meet both requirements. To collect a user perspective, this study first analyzes the data protection information of the dominant voice assistants. Based on this, we present results of focus groups that deal with the perceived processing of data of voice assistants from the user perspective. The study shows that existing purpose statements offer hardly any transparency for consumers regarding the consequences of data processing and do not have any restrictive effect with regard to legal data use. Our results on risks perceived by users allow us to draw conclusions about the user-friendly design of processing purposes in terms of a design resource.

References

[1]
Abdi, N., Ramokapane, K.M. and Such, J.M. 2019. More than smart speakers: security and privacy perceptions of smart home personal assistants. Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019) (2019).
[2]
Acquisti, A. 2009. Nudging privacy: The behavioral economics of personal information. IEEE security & privacy. 7, 6 (2009), 82--85.
[3]
Adams, A. and Sasse, M.A. 1999. Users are not the enemy. Communications of the ACM. 42, 12 (1999), 40--46.
[4]
Adobe 2019. State of Voice Technology for Brands.
[5]
Alizadeh, F., Jakobi, T., Boldt, J. and Stevens, G. 2019. GDPR-Reality Check on the Right to Access Data: Claiming and Investigating Personally Identifiable Data from Companies. Proceedings of Mensch Und Computer 2019 (New York, NY, USA, 2019), 811--814.
[6]
Article 29 Data Protection Working Party. 2013. Opinion 03/2013 on purpose limitation. Technical Report #00569/13/EN WP 203.
[7]
Bellotti, V. and Edwards, K. 2001. Intelligibility and accountability: human considerations in context-aware systems. Human-Computer Interaction. 16, 2--4 (2001), 193--212.
[8]
Bodenhöfer, X. 2018. Digitale Sprachassistenten als intelligente Helfer im Alltag. eresult.
[9]
Brodie, C., Karat, C.-M., Karat, J. and Feng, J. 2005. Usable Security and Privacy: A Case Study of Developing Privacy Management Tools. Proceedings of the 2005 Symposium on Usable Privacy and Security (New York, NY, USA, 2005), 35--43.
[10]
Brouwer, E.R. 2011. Legality and data protection law: The forgotten purpose of purpose limitation. (2011).
[11]
Day, M., Turner, G. and Drozdiak, N. 2019. Amazon Workers Are Listening to What You Tell Alexa. Bloomberg.com.
[12]
Easwara Moorthy, A. and Vu, K.-P.L. 2014. Voice Activated Personal Assistant: Acceptability of Use in the Public Space. Human Interface and the Management of Information. Information and Knowledge in Applications and Services. S. Yamamoto, ed. Springer International Publishing. 324--334.
[13]
Forgó, N., Hänold, S. and Schütze, B. 2017. The principle of purpose limitation and big data. New Technology, Big Data and the Law. Springer. 17--42.
[14]
Gerber, N., Reinheimer, B. and Volkamer, M. 2018. Home sweet home? Investigating users' awareness of smart home privacy threats. Proceedings of An Interactive Workshop on the Human aspects of Smarthome Security and Privacy (WSSP) (2018).
[15]
Gerber, N., Reinheimer, B. and Volkamer, M. 2019. Investigating People's Privacy Risk Perception. Proceedings on Privacy Enhancing Technologies. 2019, 3 (2019), 267--288.
[16]
Gray, C.M., Kou, Y., Battles, B., Hoggatt, J. and Toombs, A.L. 2018. The dark (patterns) side of UX design. Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (2018), 534.
[17]
Hern, A. 2019. Apple contractors "regularly hear confidential details" on Siri recordings. The Guardian.
[18]
Im, I., Kim, Y. and Han, H.-J. 2008. The effects of perceived risk and technology type on users' acceptance of technologies. Information & Management. 45, 1 (Jan. 2008), 1--9.
[19]
Jakobi, T., Patil, S., Randall, D., Stevens, G. and Wulf, V. 2019. It's About What They Could Do with the Data: A User Perspective on Privacy in Smart Metering. ACM Trans. Comput.-Hum. Interact. 9, 4 (2019), 43.
[20]
Jakobi, T., Stevens, G., Castelli, N., Ogonowski, C., Schaub, F., Vindice, N., Randall, D., Tolmie, P. and Wulf, V. 2018. Evolving Needs in IoT Control and Accountability: A Longitudinal Study on Smart Home Intelligibility. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies. 2, 4 (Dec. 2018), 28.
[21]
Janic, M., Wijbenga, J.P. and Veugen, T. 2013. Transparency Enhancing Tools (TETs): An Overview. 2013 Third Workshop on Socio-Technical Aspects in Security and Trust (STAST) (Jun. 2013), 18--25.
[22]
Karwatzki, S., Trenz, M. and Veit, D. 2018. Yes, firms have my data but what does it matter? measuring privacy risks. (2018).
[23]
Kelley, P.G., Bresee, J., Cranor, L.F. and Reeder, R.W. 2009. A nutrition label for privacy. Proceedings of the 5th Symposium on Usable Privacy and Security (2009), 4.
[24]
Lau, J., Zimmerman, B. and Schaub, F. 2018. Alexa, Are You Listening?: Privacy Perceptions, Concerns and Privacy-seeking Behaviors with Smart Speakers. Proceedings of the ACM on Human-Computer Interaction. 2, CSCW (Nov. 2018), 1--31.
[25]
Liao, Y., Vitak, J., Kumar, P., Zimmer, M. and Kritikos, K. 2019. Understanding the Role of Privacy and Trust in Intelligent Personal Assistant Adoption. Information in Contemporary Society (Cham, 2019), 102--113.
[26]
Liu, B., Andersen, M.S., Schaub, F., Almuhimedi, H., Zhang, S.A., Sadeh, N., Agarwal, Y. and Acquisti, A. 2016. Follow my recommendations: A personalized privacy assistant for mobile app permissions. Symposium on Usable Privacy and Security (2016).
[27]
Mathur, A., Acar, G., Friedman, M.J., Lucherini, E., Mayer, J., Chetty, M. and Narayanan, A. 2019. Dark patterns at scale: Findings from a crawl of 11K shopping websites. Proceedings of the ACM on Human-Computer Interaction. 3, CSCW (2019), 81.
[28]
Mayring, P. 2010. Qualitative inhaltsanalyse. Handbuch qualitative Forschung in der Psychologie. Springer. 601--613.
[29]
McDonald, A.M., Reeder, R.W., Kelley, P.G. and Cranor, L.F. 2009. A comparative study of online privacy policies and formats. International Symposium on Privacy Enhancing Technologies Symposium (2009), 37--55.
[30]
Mennicken, S. and Huang, E.M. 2012. Hacking the Natural Habitat: An In-the-Wild Study of Smart Homes, Their Development, and the People Who Live in Them. Pervasive Computing. J. Kay, P. Lukowicz, H. Tokuda, P. Olivier, and A. Krüger, eds. Springer Berlin Heidelberg. 143--160.
[31]
Milne, G.R., Culnan, M.J. and Greene, H. 2006. A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing. 25, 2 (2006), 238--249.
[32]
Oulasvirta, A., Pihlajamaa, A., Perkiö, J., Ray, D., Vähäkangas, T., Hasu, T., Vainio, N. and Myllymäki, P. 2012. Long-term effects of ubiquitous surveillance in the home. Proceedings of the 2012 ACM Conference on Ubiquitous Computing - UbiComp '12 (Pittsburgh, Pennsylvania, 2012), 41.
[33]
Pfitzmann, A. 2001. Multilateral security: Enabling technologies and their evaluation. Informatics (2001), 50--62.
[34]
Pfitzmann, A., Schill, A., Westfeld, A. and Wolf, G. 2000. Mehrseitige Sicherheit in offenen Netzen. Grundlagen, praktische Umsetzung und in Java implementierte Demonstrations-Software. (2000).
[35]
Pötzsch, S. 2009. Privacy awareness: A means to solve the privacy paradox? The future of identity in the information society. Springer. 226--236.
[36]
Pradhan, A., Mehta, K. and Findlater, L. 2018. "Accessibility Came by Accident": Use of Voice-Controlled Intelligent Personal Assistants by People with Disabilities. Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems - CHI '18 (Montreal QC, Canada, 2018), 1--13.
[37]
Rannenberg, K. 2001. Multilateral security a concept and examples for balanced security. Proceedings of the 2000 workshop on New security paradigms (2001), 151--162.
[38]
Rao, A., Schaub, F. and Sadeh, N. 2015. What do they know about me? Contents and Concerns of Online Behavioral Profiles. PASSAT '14: Sixth ASE International Conference on Privacy, Security, Risk and Trust (2015).
[39]
Ravichander, A., Black, A.W., Wilson, S., Norton, T. and Sadeh, N. 2019. Question Answering for Privacy Policies: Combining Computational and Legal Perspectives. arXiv preprint arXiv:1911.00841. (2019).
[40]
Sadeh, N., Acquisti, A., Breaux, T.D., Cranor, L.F., McDonald, A.M., Reidenberg, J.R., Smith, N.A., Liu, F., Russell, N.C. and Schaub, F. 2013. The usable privacy policy project. Technical report, Technical Report, CMU-ISR-13-119. (2013).
[41]
Schaub, F., Balebako, R., Durity, A.L. and Cranor, L.F. 2015. A design space for effective privacy notices. Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (2015), 1--17.
[42]
Siegle, J. 2019. Google ermittelt wegen Illegalen Sprachaufzeichnungen. TechFieber.de.
[43]
Singh, R.I., Sumeeth, M. and Miller, J. 2011. Evaluating the readability of privacy policies in mobile environments. International Journal of Mobile Human Computer Interaction (IJMHCI). 3, 1 (2011), 55--78.
[44]
Spagnuelo, D., Ferreira, A. and Lenzini, G. 2018. Accomplishing Transparency within the General Data Protection Regulation. 5th International Conference on Information Systems Security and Privacy. To appear (2018).
[45]
Steinfeld, N. 2016. "I agree to the terms and conditions": (How) do users read privacy policies online? An eye-tracking experiment. Computers in Human Behavior. 55, (Feb. 2016), 992--1000.
[46]
Stevens, G., Bossauer, P., Jakobi, T. and Pakusch, C. 2018. Mehrseitiges Vertrauen bei IoT-basierten Reputationssystemen. Mensch und Computer 2018-Workshopband. (2018).
[47]
Stevens, G., Jakobi, T. and Detken, K.-O. 2014. Mehrseitige, barrierefreie Sicherheit intelligenter Messsysteme. Datenschutz und Datensicherheit. 38, 8/2014 (2014), 536--544.
[48]
Trojer, T., Katt, B., Breu, R., Schabetsberger, T. and Mair, R. 2012. Scenario-based Templates supporting Usable Privacy Policy Authoring. University of Amsterdam, Amsterdam Privacy Conference (2012).
[49]
Tzanou, M. 2010. The EU as an emerging surveillance society: the function creep case study and challenges to privacy and data protection. Vienna Online J. on Int'l Const. L. 4, (2010), 407.
[50]
Wilson, S., Schaub, F., Liu, F., Sathyendra, K.M., Smullen, D., Zimmeck, S., Ramanath, R., Story, P., Liu, F. and Sadeh, N. 2018. Analyzing privacy policies at scale: From crowdsourcing to automated annotations. ACM Transactions on the Web (TWEB). 13, 1 (2018), 1--29.
[51]
Yankelovich, N. 1996. How do users know what to say? interactions. 3, 6 (1996), 32--43.

Cited By

View all

Index Terms

  1. User-friendly formulation of data processing purposes of voice assistants: a user perspective on the principle of purpose limitation

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      MuC '20: Proceedings of Mensch und Computer 2020
      September 2020
      523 pages
      ISBN:9781450375405
      DOI:10.1145/3404983
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 06 September 2020

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. datenschutz
      2. datenschutzerklärungen
      3. legal design
      4. zweckbindung
      5. zweckspezifizierung

      Qualifiers

      • Research-article

      Conference

      MuC'20
      MuC'20: Mensch und Computer 2020
      September 6 - 9, 2020
      Magdeburg, Germany

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)28
      • Downloads (Last 6 weeks)3
      Reflects downloads up to 11 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Digitaler VerbraucherschutzVerbraucherinformatik10.1007/978-3-662-68706-2_4(135-201)Online publication date: 25-Mar-2024
      • (2024)Einordnung und HintergrundVerbraucherinformatik10.1007/978-3-662-68706-2_1(1-27)Online publication date: 25-Mar-2024
      • (2023)What HCI Can Do for (Data Protection) Law—Beyond DesignHuman Factors in Privacy Research10.1007/978-3-031-28643-8_6(115-136)Online publication date: 10-Mar-2023
      • (2022)Finding, getting and understanding: the user journey for the GDPR’S right to accessBehaviour & Information Technology10.1080/0144929X.2022.207489441:10(2174-2200)Online publication date: 27-May-2022
      • (2021)Alexa, We Need to Talk: A Data Literacy Approach on Voice AssistantsDesigning Interactive Systems Conference 202110.1145/3461778.3462001(495-507)Online publication date: 28-Jun-2021

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media