Advancing information privacy concerns evaluation in personal data intensive services

Abstract When personal data are collected and utilised to produce personal data intensive services, users of these services are exposed to the possibility of privacy losses. Users’ information privacy concerns may lead to non-adoption of new services and technologies, affecting the quality and the completeness of the collected data. These issues make it challenging to fully reap the benefits brought by the services. The evaluation of information privacy concerns makes it possible to address these concerns in the design and the development of personal data intensive services. This research investigated how privacy concerns evaluations should be developed to make them valid in the evolving data collection contexts. The research was conducted in two phases: employing a mixed-method research design and using a literature review methodology. In Phase 1, two empirical studies were conducted, following a mixed-method exploratory sequential design. In both studies, the data subjects’ privacy behaviour and privacy concerns that were associated with mobility data collection were first explored qualitatively, and quantitative instruments were then developed based on the qualitative results to generalise the findings. Phase 2 was planned to provide an extensive view on privacy behaviour and some possibilities to develop privacy concerns evaluation in new data collection contexts. Phase 2 consisted of two review studies: a systematic literature review of privacy behaviour models and a review of the EU data privacy legislation changes. The results show that in evolving data collection contexts, privacy behaviour and concerns have characteristics that differ from earlier ones. Privacy concerns have aspects specific to these contexts, and their multifaceted nature appears emphasised. Because privacy concerns are related to other privacy behaviour antecedents, it may be reasonable to incorporate some of these antecedents into evaluations. The existing privacy concerns evaluation instruments serve as valid starting points for evaluations in evolving personal data collection contexts. However, these instruments need to be revised and adapted to the new contexts. The development of privacy concerns evaluation may be challenging due to the incoherence of the existing privacy behaviour research. More overarching research is called for to facilitate the application of the existing knowledge.Tiivistelmä Kun henkilötietoja kerätään ja hyödynnetään dataintensiivisten palveluiden tuottamiseen, palveluiden käyttäjien tietosuoja saattaa heikentyä. Käyttäjien tietosuojahuolet voivat hidastaa uusien palveluiden ja teknologioiden käyttöönottoa sekä vaikuttaa kerättävän tiedon laatuun ja kattavuuteen. Tämä hankaloittaa palveluiden täysimittaista hyödyntämistä. Tietosuojahuolten arviointi mahdollistaa niiden huomioimisen henkilötietoperusteisten palveluiden suunnittelussa ja kehittämisessä. Tässä tutkimuksessa selvitettiin, kuinka tietosuojahuolten arviointia tulisi kehittää muuttuvissa tiedonkeruuympäristöissä. Kaksivaiheisessa tutkimuksessa toteutettiin aluksi empiirinen monimenetelmällinen tutkimus ja tämän jälkeen systemaattinen kirjallisuustutkimus. Ensimmäisessä vaiheessa tehtiin kaksi empiiristä tutkimusta monimenetelmällisen tutkimuksen tutkivan peräkkäisen asetelman mukaisesti. Näissä tutkimuksissa selvitettiin ensin laadullisin menetelmin tietosuojakäyttäytymistä ja tietosuojahuolia liikkumisen dataa kerättäessä. Laadullisten tulosten pohjalta kehitettiin kvantitatiiviset instrumentit tulosten yleistettävyyden tutkimiseksi. Tutkimuksen toisessa vaiheessa toteutettiin kaksi katsaustyyppistä tutkimusta, jotta saataisiin kattava käsitys tietosuojakäyttäytymisestä sekä mahdollisuuksista kehittää tietosuojahuolten arviointia uusissa tiedonkeruuympäristöissä. Nämä tutkimukset olivat systemaattinen kirjallisuuskatsaus tietosuojakäyttäytymisen malleista sekä katsaus EU:n tietosuojalainsäädännön muutoksista. Tutkimuksen tulokset osoittavat, että kehittyvissä tiedonkeruuympäristöissä tietosuojakäyttäytyminen ja tietosuojahuolet poikkeavat aikaisemmista ympäristöistä. Näissä ympäristöissä esiintyy niille ominaisia tietosuojahuolia ja huolten monitahoisuus korostuu. Koska tietosuojahuolet ovat kytköksissä muihin tietosuojakäyttäytymistä ennustaviin muuttujiin, arviointeihin voi olla aiheellista sisällyttää myös näitä muuttujia. Olemassa olevia tietosuojahuolten arviointi-instrumentteja on perusteltua käyttää arvioinnin lähtökohtana myös kehittyvissä tiedonkeruuympäristöissä, mutta niitä on mukautettava uusiin ympäristöihin soveltuviksi. Arvioinnin kehittäminen voi olla haasteellista, sillä aikaisempi tietosuojatutkimus on epäyhtenäistä. Jotta sitä voidaan soveltaa asianmukaisesti arviointien kehittämisessä, tutkimusta on vietävä kokonaisvaltaisempaan suuntaan

Development of personal information privacy concerns evaluation

Abstract Personal data is increasingly collected with the support of rapidly advancing information and communication technology, which raises privacy concerns among data subjects. In order to address these concerns and offer the full benefits of personal data intensive services to the public, service providers need to understand how to evaluate privacy concerns in evolving service contexts. By analyzing the earlier used privacy concerns evaluation instruments, we can learn how to adapt them to new contexts. In this article, the historical development of the most widely used privacy concerns evaluation instruments is presented and analyzed regarding privacy concerns’ dimensions. Privacy concerns’ core dimensions, and the types of context dependent dimensions, to be incorporated into evaluation instruments are identified. Following this, recommendations on how to utilize the existing evaluation instruments are given, as well as suggestions for future research dealing with validation and standardization of the instruments

Teaching AI ethics to engineering students:reflections on syllabus design and teaching methods

Abstract The importance of ethics in artificial intelligence is increasing, and this must be reflected in the contents of computer engineering curricula, since the researchers and engineers who develop artificial intelligence technologies and applications play a key part in anticipating and mitigating their harmful effects. However, there are still many open questions concerning what should be taught and how. In this paper we suggest an approach to building a syllabus for a course in ethics of artificial intelligence, make some observations concerning effective teaching methods and discuss some particular challenges that we have encountered. These are based on the pilot implementation of a new course that aimed to give engineering students a comprehensive overview of the ethical and legislative aspects of artificial intelligence, covering both knowledge of issues that the students should be aware of and skills that they will need in order to competently deal with those issues in their work. The course was well received by the students, but also criticized for its high workload. Substantial difficulties were experienced in trying to inspire the students to engage in discussions and debates among themselves, which may limit the effectiveness of the course in building the students’ ethical argumentation skills unless a satisfactory solution is found. Several promising ideas for future development of our teaching practices can be found in the literature

On the road:listening to data subjects’ personal mobility data privacy concerns

Abstract Efficient utilisation of new mobility data-based services and promotion of acceptance of data collection from vehicles and people demand an understanding of mobility data privacy concerns, associated with increasing use of tracking technologies, diverse data usages and complex data collection environments. Understanding privacy concerns enables improved service and system development and identification of appropriate data management solutions that contribute to data subjects’ privacy protection, as well as efficient utilisation of the collected data. This study aimed to explore earlier research findings on privacy concerns evaluation and investigate their validity in mobility data collection. Explorative multimethod research was conducted in a mobility service pilot through data controller interviews, user interviews and a user survey. The study’s results indicated the need to revise and complement existing privacy concerns evaluation in mobility data collection contexts. The primary findings were as follows: (1) Privacy concerns specific to the mobility data collection context exist. (2) Privacy concerns may change during the service use. (3) Users are not necessarily personally worried about their privacy although they ponder on privacy issues. (4) In contrast to traditional ’privacy calculus’ thinking, users’ expected benefits from data disclosure may also be driven by altruistic motives

EU general data protection regulation:changes and implications for personal data collecting companies

Abstract The General Data Protection Regulation (GDPR) will come into force in the European Union (EU) in May 2018 to meet current challenges related to personal data protection and to harmonise data protection across the EU. Although the GDPR is anticipated to benefit companies by offering consistency in data protection activities and liabilities across the EU countries and by enabling more integrated EU-wide data protection policies, it poses new challenges to companies. They are not necessarily prepared for the changes and may lack awareness of the upcoming requirements and the GDPR’s coercive measures. The implementation of the GDPR requirements demands substantial financial and human resources, as well as training of employees; hence, companies need guidance to support them in this transition. The purposes of this study were to compare the current Data Protection Directive 95/46/EC with the GDPR by systematically analysing their differences and to identify the GDPR’s practical implications, specifically for companies that provide services based on personal data. This study aimed to identify and discuss the changes introduced by the GDPR that would have the most practical relevance to these companies and possibly affect their data management and usage practices. Therefore, a review and a thematic analysis and synthesis of the article-level changes were carried out. Through the analysis, the key practical implications of the changes were identified and classified. As a synthesis of the results, a framework was developed, presenting 12 aspects of these implications and the corresponding guidance on how to prepare for the new requirements. These aspects cover business strategies and practices, as well as organisational and technical measures

Antecedents to achieve Kanban optimum benefits in software companies

Abstract In 2004, Kanban successfully entered into the Agile and Lean realm. Since then software companies have been increasingly using it in software development teams. The goal of this study is to perform an empirical investigation on antecedents considered as important for achieving optimum benefits of Kanban use and to discuss the practical implications of the findings. We conducted an online survey with software professionals from the Lean Software Development LinkedIn community to investigate the importance of antecedents of using Kanban for achieving optimum benefits. Our study reveals that subjective norm, organizational support, ease of use, Kanban use experience and training are the antecedents for achieving expected benefits of Kanban. The potential benefits of Kanban use can only be realized when the key antecedents are not only identified, but also infused across an organization. When managing the transition to or using Kanban, practitioners need to adapt their strategies on the extent of various antecedents, a few identified in this study

Explaining diversity and conflicts in privacy behavior models

Abstract Technological development and increasing personal data collection and utilization raise the importance of understanding individuals’ privacy behavior. Privacy behavior denotes the willingness to disclose personal data for services utilizing these data. The literature presents various privacy behavior models (PBMs). However, the research is incoherent, with inconsistencies among models. Therefore, the application and subsequent development of PBMs are challenging. Different background theories are used for model construction, and studies have been conducted in distinct application domains. We studied whether the models’ inconsistencies could be explained by these differences. Our in-depth analysis of PBMs was based on a systematic literature review of the most often cited key studies. Our findings indicate that the choice of theories and the application domains do not explain inconsistencies; instead, the models are often of an ad hoc type and constructed in an eclectic way. These results imply the need for more consistent research on privacy behavior

Investigating open government data barriers : A literature review and conceptualization

When focusing on open government data (OGD) publishing and related barriers, there are several complexities present. Largely, current research is focused on publishing and usage of OGD; and we argue that there are a need to investigate and to systematise OGD barrier research in order to understand and outline an expanded scope of the phenomenon. We expand by clarifying barriers linked to the release decision and the data’s organisational context. To investigate the OGD barriers, we conduct a systematic literature review, identifying 34 articles as a point of departure for our analysis. From these articles we create, present and discuss illustrations on historical development, barrier types, and different research focuses on OGD. When analysing the articles, we identify a focus on technical, organisational, and legal barrier types, while studies on open data usage and systems are less frequent. Our analysis also identifies some possible open data research barriers. In the article we also relate barriers to an expanded OGD process (Suitability, Release, Publish, Use, and Evaluation), identifying 46 barriers with possible linkages. The results is an expanded scope and a conceptual illustration of OGD barriers. © IFIP International Federation for Information Processing 2018