Editors: Martin Degeling, RUB, Roy Ackema, TQ.

Link to the work package (WP9): WP9 Privacy & System Integration Testing

Delivered: M12 (June 2011)

Link to the deliverable (pdf):  D9.1 User studies on privacy needs, privacy model and privacy guidelines

Executive summary:

The objective of the trust and privacy related work of WP9 in year one was to conduct empirical studies to identify concerns and possibilities regarding data protection and disclosure.

In the next project year this objective will expand into development of concepts of data manipulation and disclosure to reduce risks both at the technical and organisational level.

This deliverable describes the results of the empirical studies carried out to identify concerns regarding data protection and disclosure with respect to the applications created within the project.

To support individual, collaborative and organisational reflection it is anticipated that users share (captured) data from work processes as well as data that is created during reflection processes (e.g. annotations as articulations of reflection outcomes). This is on the one hand a question of privacy needs but on the other a question of sharing culture and trust between employees as the underlying mechanism.
For the user studies we identified four aspects related to privacy and trust to focus on:

• Sharing behaviour, which, we assume, differs from the first mentioned concerns since trust with its non-conscious components has some influences apart from the decision individuals make concerning privacy.
• trust in organisation, where the organisation is represented on the one hand by supervisors and manager who can reward or punish certain behaviours and on the other by operators of applications used within MIRROR
• trust in other users, as direct colleagues and members of the same team who are seen as reflection partners and therefore later may get deeper insights into the data captured by MIRROR apps.
• individual concerns resulting from user dependent attitudes of how sensitive they think their personal data is and how it should be handled.

 
Based on these distinctions we developed a survey to explore these aspects and their relationship.

The survey was carried out at all five test-beds of the MIRROR project. In total 133 participants completed the survey.

After analyses of the data we have derived the following conclusions:

a) Individual concerns about privacy is not directly related to real sharing behaviour
We found no direct relations between the measured privacy concerns and the way people share personal data that can be generalized. Results from one testbed indicate that there might be a correlation between sharing and one aspect of privacy concerns, unauthorized secondary use of the data, but this has to be further investigated to be verified.

b) Sharing behaviour is related to trust in colleague

We could not generally approve this relation but found a correlation at NBN between answers to the questions ?I talk to my colleagues about personal things? and ?I fully trust my colleagues *...+which could not be confirmed by data from the other testbeds. This indicates a relation which has to be taken into account.

c) Sharing behaviour is related to trust in the organisation

We found no correlation in support of this in our dataset. This may be related to our questionnaire which asked about sharing with colleagues, and not explicitly sharing with the organisation. An interpretative explanation is that in working environments staff thinks about sharing with colleagues where effects are more direct visible and not about the organisation perhaps of system complexity.

d) Trust in colleagues is related to willingness to share data with them

As described above there is a relation between trust in colleagues and the willingness to share personal data, at least for the testbeds where the full-length questionnaire was conducted. The implication for MIRROR is that we have to take trust relationships into account.

e) Trust in organisation is related to willingness to share data with the organisation

This relation is indicated by the data of all but RNHA. Together with the strong refusal of secondary use of data for other purposes and dependent on the trust in the organisation, this implies a greater need for security mechanisms to prevent misuse by the organisations.

The following conclusions are derived as recommendations for the MIRROR project:

• Since there is a strong refusal of secondary usage of data although participants trust their organisation we see a need to enforce data security mechanisms especially confidentiality to ensure MIRROR app users are in control of who has access to their data.
• The very individual view on privacy and concerns about it can be seen as a need for transparency with respect to which data is available as well as what happens with it. This would not only be to support users in their rights to be in control and therefore gain trust, but would also foster awareness about when the data they share helps others and keep track about how reflection outcomes are implemented in their work practice. Transparency mechanisms can also support building of trust relations especially towards the organisation since it is comprehensible for users how their personal information is used.
• Since some users have higher personal standards and privacy concerns than others independent of the testbed they are working in we recommend mechanisms of adjustability to allow individual settings according to user needs. Also trust is a flexible and changes over time. Therefore models for Access Control Policies (ACP) have to be developed that on the one hand fit users‘ needs and on the other are easy to use.

 
To support the development of the first version of the MIRROR architecture and MIRROR apps this deliverable also describes possible technical and procedural solutions to safeguard the privacy of users of these apps.