What’s It To You? A Survey of Online Privacy Concerns and Risks

Finding information about privacy practices can be difficult: privacy policies often do not present this information in an accessible way. People typically do not know how or for what purpose their personal information, gathered online, will be used. When asked, people frequently express concerns about their privacy, but their behavior often does not reflect their concerns. We conducted an online survey to examine participants' online privacy concerns, focusing especially on the online shopping context. We asked participants about several scenarios related to the privacy of personal information. We found that Privacy Finder, a P3Penhanced search engine, provides information that addresses the scenarios that participants believe are most likely to occur. We also asked participants about a wide range of items for purchase online to evaluate which types of items are more likely to raise privacy concerns

Peer-produced Privacy Protection A Common-pool Approach

Abstract-Privacy risks have been addressed through technical solutions such as privacy-enhancing technologies (PETs) as well as regulatory measures including Do Not Track. These approaches are inherently limited as they are grounded in the paradigm of a rational end user who can determine, articulate, and manage consistent privacy preferences. This implies that self-serving efforts to implement individual privacy preferences lead to socially optimal outcomes with regard to information sharing. Consequently, solutions to specific risks are developed, and even mandated, without effective reduction in the overall harm of privacy breaches. We present a systematic framework to examine the limitations of current technical and policy solutions. To address the shortcomings of existing privacy solutions, we argue for considering information sharing to be transactions within a community. Outcomes of privacy management can be improved at a lower overall cost if peers, as a community, are empowered by appropriate technical and policy mechanisms. Designing for a community requires encouraging dialogue, enabling transparency, and supporting enforcement of community norms. In this paper we show how peer production of privacy is possible through PETs that are grounded in the notion of information as a common-pool resource and community governance

Peer-produced Privacy Protection A Common-pool Approach

Abstract-Privacy risks have been addressed through technical solutions such as privacy-enhancing technologies (PETs) as well as regulatory measures including Do Not Track. These approaches are inherently limited as they are grounded in the paradigm of a rational end user who can determine, articulate, and manage consistent privacy preferences. This implies that self-serving efforts to implement individual privacy preferences lead to socially optimal outcomes with regard to information sharing. Consequently, solutions to specific risks are developed, and even mandated, without effective reduction in the overall harm of privacy breaches. We present a systematic framework to examine the limitations of current technical and policy solutions. To address the shortcomings of existing privacy solutions, we argue for considering information sharing to be transactions within a community. Outcomes of privacy management can be improved at a lower overall cost if peers, as a community, are empowered by appropriate technical and policy mechanisms. Designing for a community requires encouraging dialogue, enabling transparency, and supporting enforcement of community norms. In this paper we show how peer production of privacy is possible through PETs that are grounded in the notion of information as a common-pool resource and community governance

A Healthy Amount of Privacy: Quantifying Privacy Concerns in Medicine

With recent developments in e-health, concerns have been raised regarding the privacy of patients who are monitored with such treatments. I propose a simple method to incorporate these concerns into a standard health impact evaluation, based on quality-adjusted life years and the incremental cost-effectiveness ratio. This method provides a way to objectively value privacy concerns and balance them with health benefits. Hence, it can guide doctors and policymakers into incorporating privacy considerations and making better choices regarding e-health programs. This method can also be tested on existing economic evaluations to compare outcomes and gauge the extent to which privacy issues in medical treatments should be taken seriously

A Healthy Amount of Privacy: Quantifying Privacy Concerns in Medicine

With recent developments in e-health, concerns have been raised regarding the privacy of patients who are monitored with such treatments. I propose a simple method to incorporate these concerns into a standard health impact evaluation, based on quality-adjusted life years and the incremental cost-effectiveness ratio. This method provides a way to objectively value privacy concerns and balance them with health benefits. Hence, it can guide doctors and policymakers into incorporating privacy considerations and making better choices regarding e-health programs. This method can also be tested on existing economic evaluations to compare outcomes and gauge the extent to which privacy issues in medical treatments should be taken seriously

Website Design as Contract

Few website users actually read or rely upon terms of use or privacy policies. Yet users regularly take advantage of and rely upon website design features like privacy settings. To reconcile the disparity between boilerplate legalese and website design, this article develops a theory of website design as contract. The ability to choose privacy settings, un-tag photos, and delete information is part of the negotiation between websites and users regarding their privacy. Yet courts invariably recognize only the boilerplate terms when analyzing online agreements. In this article, I propose that if significant website features are incorporated into the terms of use, or if these features induce reliance, they should be considered enforceable promises. For example, the ability to increase privacy settings could be legitimized as an offer by the website to protect information. A website design could also render an agreement unconscionable if it manipulated, exploited, or confused a user. Finally, website design could serve as evidence of a subsequent agreement, or “operational reality,” between the parties. By providing a theory of website design as contract, this article shifts the focus of online agreements away from unread standard-form legalese to an approach that more accurately reflects the agreement between websites and users

An experimental method for the elicitation of implicit attitudes to privacy risk

We test an experimental method for the elicitation of implicit attitudes to privacy risk. We ask individuals to decide whether to incur the risk of revealing private information to other participants. This type of risk that involves a social component corresponds to privacy threats that individuals may face in the field. We derive a measure of individual attitudes to privacy risk with our method. We empirically test the validity of this measure by running a laboratory experiment with 148 participants. Our results confirm that the willingness to incur a privacy risk is driven by a complex array of factors including risk attitudes, self-reported value for private information, and general attitudes to privacy (derived from survey methods in our study). We also observe that attitudes to privacy risk depend on the order in which measures of risk attitude are elicited, but do not depend on whether there is a preexisting threat to privacy, over which participants have no control. We explain how our method can be simplified and extended for use in eliciting attitudes to a wide range of privacy risks and various types of private information