Towards an Integrative Understanding of Privacy Nudging – Systematic Review and Research Agenda

When using digital technologies, various data traces are left behind for collection, storage and analysis. Innovative solutions for information systems are needed that mitigate privacy risks and foster information privacy. One mechanism to achieve this are privacy nudges. Nudges are a concept from behavioural economics to influence individual’s decisions. This paper focusses on building an integrative understanding of privacy nudging. Specifically, we conceptualize the constituting characteristics of privacy nudges by conducting a systematic literature review to cover the current state of knowledge in the interdisciplinary privacy nudge literature stream. We structure the intrapersonal factors that determine effectiveness for each privacy nudge in a morphological box and conceptualize on this basis current research coverage as well as demand for future research. Finally, we develop theoretical propositions contributing to the discussion of how to study and design effective privacy nudges that can pave the way for more privacy sensitive IT systems

THE DINU-MODEL – A PROCESS MODEL FOR THE DESIGN OF NUDGES

The sociotechnical paradigm legitimates our discipline and serves as core identity of IS. In this study, we want to focus on IS-induced human behavior by introducing a process model for nudging in IS. In behavioral economics, the concept of nudging has been proposed, which makes use of human cognitive processes and can direct people to an intended behavior. In computer science, the concept of persuasion has evolved with similar goals. Both concepts, nudging and persuasion, can contribute to IS research and may help to explain and steer user behavior in information systems. We aim for an integration of both concepts into one digital nudging process model, making it usable and accessible. We analyzed literature on nudging and persuasion and derived different steps, requirements, and nudging elements. The developed process model aims at enabling researchers and practitioners to design nudges in e.g. software systems but may also contribute to other areas like IT governance. Though the evaluation part of our study has not yet been completed, we present the current state of the process model enabling more research in this area

Digital Sludging in the Privacy Context: Evidence of a Multigroup Analysis

Organizations apply aggressive tactics to harvest and exhaust data from individuals. These tactics exploit human psychology to manipulate individuals’ behavior through user interface design characteristics. Because governmental regulations for data collection were introduced recently, organizations make use of digital sludging to prevent individuals from refusing the consent for the data collection – most commonly within the cookie consent. Digital sludging is characterized as excessive and unjustified frictions that increase the effort and decrease the attention of a specific choice. Hence, we conducted a vignette study to investigate digital sludging in the privacy context further. Overall, we contribute to existing research by demonstrating how privacy concerns affect the perception and interaction with the cookie consent. In addition, we outline how manipulative practices such as digital sludging influence individuals’ decision-making

The Dark Side of Privacy Nudging – An Experimental Study in the Context of a Digital Work Environment

In digital environments, individuals tend to share disproportionally more information than in face-to-face communication. Critically, disclosing personal information can yield risks such as unwanted monitoring or discrimination. Privacy nudging is a promising approach to get users to disclose less personal information. In this work, we tested two nudges corresponding to the issue of personal privacy. A framing nudge conveys an intensive message and a social nudge provides social cues. To empirically test these nudges, we evaluated an experiment with 223 participants. The results indicate that privacy nudges negatively influence information disclosure behavior. The social nudge was perceived as a threat. The framing nudge directly affected negative emotions and the social nudge indirectly. Perceived threat and negative emotions have a significant negative effect on information disclosure intention. With this research, we contribute to the discussion of what drives privacy nudge effectiveness and influences information disclosure behavior in digital work environments

Understanding User Preferences of Digital Privacy Nudges – A Best-Worst Scaling Approach

Digital nudging in privacy has become more important to protect users of information systems while working with privacy-related data. Nudging is about altering a user’s behavior without forbidding any options. Several approaches exist to “nudge” users to change their behavior. Regarding the usage of digital privacy nudges, research still has to understand the meaning and relevance of individual nudges better. Therefore, this paper compares the preferences of users for different digital nudges. To achieve this goal, it presents the results of a so-called best-worst scaling. This study contributes to theory by providing a better understanding of user preferences regarding design variations of digital nudges. We support practitioners by giving implications on how to design digital nudges in terms of user preferences

Are my Apps Peeking? Comparing Nudging Mechanisms to Raise Awareness of Access to Mobile Front-facing Camera

Mobile applications that are granted permission to access the device’s camera can access it at any time without necessarily showing the camera feed to the user or communicating that it is being used. This lack of transparency raises privacy concerns, which are exacerbated by the increased adoption of applications that leverage front-facing cameras. Through a focus group we identified three promising approaches for nudging the user that the camera is being accessed, namely: notification bar, frame, and camera preview. We experimented with accompanying each nudging method with vibrotactile and audio feedback. Results from a user study (N=15) show that while using frame nudges is the least annoying and interrupting, but was less understandable than the camera feed and notifications. On the other hand, participants found that indicating camera usage by showing its feed or by using notifications is easy to understand. We discuss how these nudges raise user awareness and the effects on app usage and perception

Can We Fight Social Engineering Attacks By Social Means? Assessing Social Salience as a Means to Improve Phish Detection

Phishing continues to be a problem for both individuals and organisations, with billions of dollars lost every year. We propose the use of nudges – more specifically social saliency nudges that aim to highlight important information to the user when evaluating emails. We used a signal detection analysis to assess the effects of both sender saliency (highlighting important fields from the sender) and receiver saliency (showing numbers of other users in receipt of the same email). Sender saliency improved phish detection but did not introduce any unwanted response bias. Users were asked to rate their confidence in their own judgements and these confidence scores were poorly calibrated with actual performance, particularly for phishing (as opposed to genuine) emails. We also examined the role of impulsive behaviour on phish detection, concluding that those who score highly on dysfunctional impulsivity are less likely to detect the presence of phishing emails