skip to main content
10.1145/3473856.3473891acmotherconferencesArticle/Chapter ViewAbstractPublication PagesmundcConference Proceedingsconference-collections
research-article

A Consumer Perspective on Privacy Risk Awareness of Connected Car Data Use

Published: 13 September 2021 Publication History

Abstract

New cars are increasingly "connected" by default. Since not having a car is not an option for many people, understanding the privacy implications of driving connected cars and using their data-based services is an even more pressing issue than for expendable consumer products. While risk-based approaches to privacy are well established in law, they have only begun to gain traction in HCI. These approaches are understood not only to increase acceptance but also to help consumers make choices that meet their needs. To the best of our knowledge, perceived risks in the context of connected cars have not been studied before. To address this gap, our study reports on the analysis of a survey with 18 open-ended questions distributed to 1,000 households in a medium-sized German city. Our findings provide qualitative insights into existing attitudes and use cases of connected car features and, most importantly, a list of perceived risks themselves. Taking the perspective of consumers, we argue that these can help inform consumers about data use in connected cars in a user-friendly way. Finally, we show how these risks fit into and extend existing risk taxonomies from other contexts with a stronger social perspective on risks of data use.

References

[1]
Acquisti, A. and Grossklags, J. 2005. Privacy and rationality in individual decision making. IEEE Security & Privacy. 2, (2005), 24–30.
[2]
Adams, A. and Sasse, M.A. 1999. Users are not the enemy. Communications of the ACM. 42, 12 (1999), 40–46.
[3]
Alalwan, A.A. 2016. Consumer adoption of mobile banking in Jordan: Examining the role of usefulness, ease of use, perceived risk and self-efficacy. Journal of Enterprise Information Management. (2016).
[4]
Alizadeh, F. 2019. GDPR-Reality Check on the Right to Access Data: Claiming and Investigating Personally Identifiable Data from Companies. Proceedings of Mensch Und Computer 2019 (New York, NY, USA, 2019), 811–814.
[5]
Almuhimedi, H. 2015. Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging. CHI ’15: ACM CHI Conference on Human Factors in Computing Systems (2015).
[6]
Angulo, J. 2015. Usable transparency with the data track: a tool for visualizing data disclosures. Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (2015), 1803–1808.
[7]
Article 29 Data Protection Working Party. 2013. Opinion 03/2013 on purpose limitation. Technical Report #00569/13/EN WP 203.
[8]
Asgharpour, F. 2007. Mental models of security risks. International Conference on Financial Cryptography and Data Security (2007), 367–377.
[9]
Balebako, R. 2013. Little brothers watching you: Raising awareness of data leaks on smartphones. Proceedings of the Ninth Symposium on Usable Privacy and Security (2013), 12.
[10]
Balebako, R. 2015. The Impact of Timing on the Salience of Smartphone App Privacy Notices. (2015), 63–74.
[11]
Bardram, E. 2005. The trouble with login: on usability and computer security in ubiquitous computing. Personal and Ubiquitous Computing. 9, 6 (2005), 357–367.
[12]
Bauer, J.M. 2021. Are you sure, you want a cookie? – The effects of choice architecture on users’ decisions about sharing private online data. Computers in Human Behavior. 120, (Jul. 2021), 106729.
[13]
Bosler, M. 2017. Connected-Car-Services: eine Klassifikation der Plattformen für das vernetzte Automobil. HMD Praxis der Wirtschaftsinformatik. 54, 6 (2017), 1005–1020.
[14]
Braun, V. and Clarke, V. 2006. Using thematic analysis in psychology. Qualitative research in psychology. 3, 2 (2006), 77–101.
[15]
Brodie, C. 2005. Usable Security and Privacy: A Case Study of Developing Privacy Management Tools. Proceedings of the 2005 Symposium on Usable Privacy and Security (New York, NY, USA, 2005), 35–43.
[16]
Brodie, C.A. 2006. An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. Proceedings of the second symposium on Usable privacy and security (2006), 8–19.
[17]
Bundesministerium für Verkehr und digitale Infrastruktur 2017. Ethik-Kommission — Automatisiertes und vernetztes Fahren. Bundesministerium für Verkehr und digitale Infrastruktur.
[18]
Conroy, P. 2014. Building consumer trust: Protecting personal data in the consumer product industry. Deloitte University Press.
[19]
Corrall, S. 2019. Repositioning Data Literacy as a Mission-Critical Competence. (2019).
[20]
Coyne, I.T. 1997. Sampling in qualitative research. Purposeful and theoretical sampling; merging or clear boundaries? Journal of advanced nursing. 26, 3 (1997), 623–630.
[21]
Crabtree, A. and Mortier, R. 2015. Human Data Interaction: Historical Lessons from Social Studies and CSCW. ECSCW 2015: Proceedings of the 14th European Conference on Computer Supported Cooperative Work, 19-23 September 2015, Oslo, Norway. Springer, Cham. 3–21.
[22]
Degeling, M. 2018. We Value Your Privacy... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy. arXiv preprint arXiv:1808.05096. (2018).
[23]
Dinev, T. and Hart, P. 2006. An extended privacy calculus model for e-commerce transactions. Information Systems Research. 17, 1 (2006), 61–80.
[24]
Duckham, M. and Kulik, L. 2006. Location privacy and location-aware computing. Dynamic & mobile GIS: investigating change in space and time. 3, (2006), 35–51.
[25]
Enck, W. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS). 32, 2 (2014), 5.
[26]
European Parliament and the Council 2016. REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
[27]
Felt, A.P. 2012. Android permissions: User attention, comprehension, and behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security (2012), 3.
[28]
Felt, A.P. 2012. How to Ask for Permission. HotSec (2012).
[29]
Gerber, N. 2018. Home sweet home? Investigating users’ awareness of smart home privacy threats. Proceedings of An Interactive Workshop on the Human aspects of Smarthome Security and Privacy (WSSP) (2018).
[30]
Gerber, N. 2019. Investigating People's Privacy Risk Perception. Proceedings on Privacy Enhancing Technologies. 2019, 3 (2019), 267–288.
[31]
Gerber, P. 2015. Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy. ACM SIGCAS Computers and Society. 45, 1 (2015), 16–21.
[32]
Glaser, B. and Strauss, A. 1967. The discovery of grounded theory. 1967. Aldin, New York. (1967).
[33]
Gray, C.M. 2018. The dark (patterns) side of UX design. Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (2018), 534.
[34]
Himma, K.E. and Tavani, H.T. 2008. The handbook of information and computer ethics. John Wiley & Sons.
[35]
Hoerbst, A. 2010. Attitudes and behaviors related to the introduction of electronic health records among Austrian and German citizens. International Journal of Medical Informatics. 79, 2 (Feb. 2010), 81–89.
[36]
Inländerfahrleistung - Kurzbericht im Jahr 2018: https://www.kba.de/DE/Statistik/Kraftverkehr/VerkehrKilometer/vk_inlaenderfahrleistung/vk_archiv/2018/2018_vk_uebersicht.html?nn=2379472. Accessed: 2021-04-15.
[37]
Jakobi, T. 2020. Die nutzerInnenfreundliche Formulierung von Zwecken der Datenverarbeitung von Sprachassistenten. (2020).
[38]
Jakobi, T. 2018. Evolving Needs in IoT Control and Accountability: A Longitudinal Study on Smart Home Intelligibility. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies. 2, 4 (Dec. 2018), 28.
[39]
Jakobi, T. 2019. It's About What They Could Do with the Data: A User Perspective on Privacy in Smart Metering. ACM Trans. Comput.-Hum. Interact. 9, 4 (2019), 43.
[40]
Jakobi, T. 2020. Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI. i-com. 19, 1 (2020), 31–45.
[41]
Johnson, D.G. 1985. Computer ethics. Englewood Cliffs (NJ). (1985).
[42]
Joukes, E. 2016. Eliciting end-user expectations to guide the implementation process of a new electronic health record: A case study using concept mapping. International Journal of Medical Informatics. 87, (Mar. 2016), 111–117.
[43]
Karwatzki, S. 2017. Adverse consequences of access to individuals’ information: an analysis of perceptions and the scope of organisational influence. European Journal of Information Systems. 26, 6 (2017), 688–715.
[44]
Karwatzki, S. 2018. Yes, firms have my data but what does it matter? measuring privacy risks. (2018).
[45]
Kelley, P.G. 2009. A nutrition label for privacy. Proceedings of the 5th Symposium on Usable Privacy and Security (2009), 4.
[46]
Langheinrich, M. 2001. Privacy by design—principles of privacy-aware ubiquitous systems. Ubicomp 2001: Ubiquitous Computing. (2001).
[47]
Lederer, A.L. 2000. The technology acceptance model and the World Wide Web. Decision Support Systems. 29, 3 (Oct. 2000), 269–282.
[48]
Li, J. 2019. Mobile payment with alipay: An application of extended technology acceptance model. IEEE Access. 7, (2019), 50380–50387.
[49]
Liccardi, I. 2014. No technical understanding required: Helping users make informed choices about access to their personal data. Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (2014), 140–150.
[50]
Lin, J. 2012. Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. Proceedings of the 2012 ACM Conference on Ubiquitous Computing (2012), 501–510.
[51]
Mandinach, E.B. and Gummer, E.S. 2016. Data literacy for educators: Making it count in teacher preparation and practice. Teachers College Press.
[52]
Matte, C. 2019. Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework. arXiv preprint arXiv:1911.09964. (2019).
[53]
McDonald, A.M. and Cranor, L.F. 2008. The cost of reading privacy policies. Isjlp. 4, (2008), 543.
[54]
M'manga, A. 2017. Folk risk analysis: Factors influencing security analysts’ interpretation of risk. (2017).
[55]
Norberg, P.A. 2007. The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. Journal of Consumer Affairs. 41, 1 (Jun. 2007), 100–126.
[56]
Pötzsch, S. 2009. Privacy awareness: A means to solve the privacy paradox? The future of identity in the information society. Springer. 226–236.
[57]
Rao, A. 2015. What do they know about me? Contents and Concerns of Online Behavioral Profiles. Academy of Science and Engineering,USA.
[58]
Raschke, P. 2017. Designing a GDPR-Compliant and Usable Privacy Dashboard. IFIP International Summer School on Privacy and Identity Management (2017), 221–236.
[59]
Rauhofer, J. 2015. Of Men and Mice: Should the EU Data Protection Authorities’ Reaction to Google's New Privacy Policy Raise Concern for the Future of the Purpose Limitation Principle. Eur. Data Prot. L. Rev. 1, (2015), 5.
[60]
Sadeh, N. 2013. The usable privacy policy project. Technical report, Technical Report, CMU-ISR-13-119. (2013).
[61]
Sanchez-Rola, I. 2019. Can I opt out yet?: GDPR and the global illusion of cookie control. Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (2019), 340–351.
[62]
Schaub, F. 2015. A design space for effective privacy notices. Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (2015), 1–17.
[63]
Schiek, D. 2014. The Written Interview in Qualitative Social Research. Lucius Verlag mbH.
[64]
Selbst, A.D. and Powles, J. 2017. Meaningful information and the right to explanation. International Data Privacy Law. 7, 4 (Nov. 2017), 233–242.
[65]
Slovic, P. 1982. Why study risk perception? Risk analysis. 2, 2 (1982), 83–93.
[66]
Stevens, G. 2014. Mehrseitige, barrierefreie Sicherheit intelligenter Messsysteme. Datenschutz und Datensicherheit. 38, 8/2014 (2014), 536–544.
[67]
Stevens, G. and Wulf, V. 2009. Computer-supported access control. ACM Transactions on Computer-Human Interaction (TOCHI). 16, 3 (2009), 12.
[68]
Taherdoost, H. 2009. Study of smart card technology and probe user awareness about it: A case study of Middle Eastern students. 2nd IEEE International Conference on Computer Science and Information Technology, 2009. ICCSIT 2009 (Aug. 2009), 334–338.
[69]
Takabi, H. 2010. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy. 6 (2010), 24–31.
[70]
Trudeau, S. 2009. The effects of introspection on creating privacy policy. Proceedings of the 8th ACM workshop on Privacy in the electronic society (2009), 1–10.
[71]
Van Slyke, C. 2006. Concern for information privacy and online consumer purchasing. Journal of the Association for Information Systems. 7, 6 (2006), 16.
[72]
Walter, J. and Abendroth, B. 2020. On the role of informational privacy in connected vehicles: a privacy-aware acceptance modelling approach for connected vehicular services. Telematics and Informatics. 49, (2020), 101361.
[73]
Whitten, A. and Tygar, J.D. 1999. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. Proceedings of the 8th USENIX Security Symposium (1999), 16.
[74]
Xu, H. 2011. Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems. 12, 12 (2011), 1.
[75]
Zurko, M.E. 2005. User-centered security: Stepping up to the grand challenge. Computer Security Applications Conference, 21st Annual (2005), 14-pp.

Cited By

View all
  • (2024)Beyond Dollars: Unveiling the Deeper Layers of Online Romance Scams Introducing “Body Scam”Extended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651004(1-6)Online publication date: 11-May-2024
  • (2024)Investigating Limits and Effectiveness of Privacy Conversations: the Case of Service Robots in an Office EnvironmentExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3650971(1-9)Online publication date: 11-May-2024
  • (2024)Privacy preferences in automotive data collectionTransportation Research Interdisciplinary Perspectives10.1016/j.trip.2024.10102224(101022)Online publication date: Mar-2024
  • Show More Cited By
  1. A Consumer Perspective on Privacy Risk Awareness of Connected Car Data Use

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      MuC '21: Proceedings of Mensch und Computer 2021
      September 2021
      613 pages
      ISBN:9781450386456
      DOI:10.1145/3473856
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 13 September 2021

      Permissions

      Request permissions for this article.

      Check for updates

      Qualifiers

      • Research-article
      • Research
      • Refereed limited

      Conference

      MuC '21
      MuC '21: Mensch und Computer 2021
      September 5 - 8, 2021
      Ingolstadt, Germany

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)62
      • Downloads (Last 6 weeks)3
      Reflects downloads up to 25 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Beyond Dollars: Unveiling the Deeper Layers of Online Romance Scams Introducing “Body Scam”Extended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651004(1-6)Online publication date: 11-May-2024
      • (2024)Investigating Limits and Effectiveness of Privacy Conversations: the Case of Service Robots in an Office EnvironmentExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3650971(1-9)Online publication date: 11-May-2024
      • (2024)Privacy preferences in automotive data collectionTransportation Research Interdisciplinary Perspectives10.1016/j.trip.2024.10102224(101022)Online publication date: Mar-2024
      • (2023)Understand users' privacy perception and decision of V2X communication in connected autonomous vehiclesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620404(2975-2992)Online publication date: 9-Aug-2023
      • (2023)Data Collection in Automotive: A Deep Analysis of Carmakers' Mobile App Privacy Policies2023 IEEE 26th International Conference on Intelligent Transportation Systems (ITSC)10.1109/ITSC57777.2023.10422449(425-432)Online publication date: 24-Sep-2023
      • (2023)What HCI Can Do for (Data Protection) Law—Beyond DesignHuman Factors in Privacy Research10.1007/978-3-031-28643-8_6(115-136)Online publication date: 10-Mar-2023

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format.

      HTML Format

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media