"Am I Private and If So, how Many?" - Communicating Privacy Guarantees of Differential Privacy with Risk Communication Formats

Decisions about sharing personal information are not trivial, since there are many legitimate and important purposes for such data collection, but often the collected data can reveal sensitive information about individuals. Privacy-preserving technologies, such as differential privacy (DP), can be employed to protect the privacy of individuals and, furthermore, provide mathematically sound guarantees on the maximum privacy risk. However, they can only support informed privacy decisions, if individuals understand the provided privacy guarantees. This article proposes a novel approach for communicating privacy guarantees to support individuals in their privacy decisions when sharing data. For this, we adopt risk communication formats from the medical domain in conjunction with a model for privacy guarantees of DP to create quantitative privacy risk notifications. We conducted a crowd-sourced study with 343 participants to evaluate how well our notifications conveyed the privacy risk information and how confident participants were about their own understanding of the privacy risk. Our findings suggest that these new notifications can communicate the objective information similarly well to currently used qualitative notifications, but left individuals less confident in their understanding. We also discovered that several of our notifications and the currently used qualitative notification disadvantage individuals with low numeracy: these individuals appear overconfident compared to their actual understanding of the associated privacy risks and are, therefore, less likely to seek the needed additional information before an informed decision. The promising results allow for multiple directions in future research, for example, adding visual aids or tailoring privacy risk communication to characteristics of the individuals.Comment: Accepted to ACM CCS 2022. arXiv admin note: substantial text overlap with arXiv:2204.0406

"Am I Private and If So, how Many?" -- Using Risk Communication Formats for Making Differential Privacy Understandable

Mobility data is essential for cities and communities to identify areas for necessary improvement. Data collected by mobility providers already contains all the information necessary, but privacy of the individuals needs to be preserved. Differential privacy (DP) defines a mathematical property which guarantees that certain limits of privacy are preserved while sharing such data, but its functionality and privacy protection are difficult to explain to laypeople. In this paper, we adapt risk communication formats in conjunction with a model for the privacy risks of DP. The result are privacy notifications which explain the risk to an individual's privacy when using DP, rather than DP's functionality. We evaluate these novel privacy communication formats in a crowdsourced study. We find that they perform similarly to the best performing DP communications used currently in terms of objective understanding, but did not make our participants as confident in their understanding. We also discovered an influence, similar to the Dunning-Kruger effect, of the statistical numeracy on the effectiveness of some of our privacy communication formats and the DP communication format used currently. These results generate hypotheses in multiple directions, for example, toward the use of risk visualization to improve the understandability of our formats or toward adaptive user interfaces which tailor the risk communication to the characteristics of the reader

Barbarians at the British Museum: Anglo-Saxon Art, Race and Religion

A critical historiographical overview of art historical approaches to early medieval material culture, with a focus on the British Museum collections and their connections to religion

Collaborative Speculations on Future Themes for Participatory Design in Germany

Participatory Design means recognizing that those who will be affected by a future technology should have an active say in its creation. Yet, despite continuous interest in involving people as future users and consumers into designing novel and innovative future technology, participatory approaches in technology design remain relatively underdeveloped in the German HCI community. This article brings together the diversity of voices, domains, perspectives, approaches, and methods that collectively shape Participatory Design in Germany. In the following, we (1) outline our understanding of participatory practice and how it is different from mere user involvement; (2) reflect current issues of participatory and fair technology design within the German Participatory Design community; and (3) discuss tensions relevant to the field, that we expect to arise in the future, and which we derived from our 2021 workshop through a speculative method. We contribute an introduction and an overview of current themes and a speculative outlook on future issues of Participatory Design in Germany. It is meant to inform, provoke, inspire and, ultimately, invite participation within the wider Computer Science community