How aware are you of the privacy decisions you make online? In the thesis “Homo Varius: Investigating Intrinsic and Extrinsic Determinants to Explain Online Privacy Decisions”, Agnieszka Kitkowska has looked into how we can become more aware of our decisions and the importance of interface.
In computer science, heuristics are a way of making smart assumptions that in turn help to find solutions to a problem. Agnieszka Kitkowska’s research focus on examining whether these privacy decisions are rational or based on heuristics and how to help people make more informed choices.
- I have studied interactions between internal factors (people’s personality) and external factors (user interface design) in relation to online privacy decisions. I wanted to identify whether changes in the visual design of privacy user interfaces can affect people’s choices. For example, could interfaces adapted to people’s preferences improve their understanding of privacy information?
Could they?
- Yes, according to my results it is possible to change the information through various visual clues. For example, patterns that evoke positive emotions can reduce the willingness to share information. However, it is important to mention that my results showed that these effects are very dependent on context. The effectiveness of them also differs between individuals. Personality traits such as conscience and predefined beliefs as well as big privacy issues can disrupt the impact of visual clues on privacy decisions.
How did you conduct the study?
- I used results from Human-Computer Interaction (HCI) – that is, psychology and behavioural science – and combined methods that are often used in these research domains. For example, we looked at different ways of displaying the privacy notice during the registration process of the application. We found that small changes in the visual design affect the understanding of the presented information and may affect the information.
Could your research be placed in any current context?
- According to many reports, there is an increase in online privacy issues. Legal requirements, such as the General Data Protection Regulation in the European Union and the California Consumers Privacy Act in the United States, aim to protect people’s privacy by requiring online services to provide users with transparent information about their data collection and processing. The idea is that this will give people greater control over their personal information. Unfortunately, many interfaces often display privacy information in inappropriate ways by hiding it in the secondary layer of the privacy notice.
Are users aware of these risks?
- We interact daily through various digital services that require us to approve privacy notices. In other words, we know that our information will be collected and processed. Nevertheless, we are often not fully aware of the potential risks that could arise when we click ‘approve’. I have tried to identify possible ways to change the status quo of how information on private data processing is presented.
How could this be prevented so that users understand the consequences of their privacy decisions?
- My results show that the presentation of information gives users a form of control that can reduce potential risks. In addition, personalised user interfaces tailored to personality traits or preferences can help facilitate more privacy-conscious and informed decisions. However, depending on the situation and the individual in question, there are times when people will still disclose information. In other words, there is no effective universal solution.
How do you think your research will be of use?
- I think that my research can contribute to knowledge of privacy decisions and be used by both privacy researchers and practitioners (e.g. graphical user interface designers) to develop personal solutions for displaying privacy information. Practitioners can also use our results to design systems that provide users with transparent information and control over their personal data. This in turn can affect the statutory compliance of the services.
Is there an area that you would like to continue studying?
- In the future, I hope to be able to continue conducting research related to privacy. But I would like to use different methods and gather more information about the physiological reactions evoked during privacy interactions, especially different affective states measured through EEG, heart rate changes, etc. I would also like to focus on the social consequences of privacy design, such as the effects of patterns for non-disclosure.
