Sören Preibusch

Empowering users with effective and relevant privacy controls

There is a consensus amongst privacy advocates and regulators that Web users should be empowered to make the data protection decisions they want. A series of W3C workshops and has re-iterated the need for simple and effective privacy controls, assisted by a technical infrastructure of data portability and privacy negotiations, and embedded in an ecosystem of truly informed consent.

Computer science research now provides technical means for enforcing privacy constraints that users themselves can define for their data.⁵ On the Web server, information flow control prevents the proliferation of personal data unless users' preferences regarding retention time, recipients, and purpose binding are adhered to. In combination, dynamic and static analysis could realise the sticky policy paradigm while the code is produced and then deployed.⁵ This technology goes beyond pictorial privacy seals, and enables Website operators to credibly advertise superior data protection practices to their customers.

Companies can shape privacy as a competitive advantage, in designing their products and services in a privacy-friendly way. They so differentiate themselves from their competitors, which—as economic theory tells us—enables them to charge higher prices. Admittedly, a privacy-friendly design may not always find a demand, because the prospect of a discount at a more privacy-invasive competitor is highly attractive to consumers.² Nonetheless, for instance in online retailing, a privacy-friendly Web shop may be able to find a profitable niche of privacy-concerned (and affluent) buyers.²

Empirical evidence suggests that online social networking platforms are much more differentiated in terms of data collection practices than other online services offered for free, such as Web search.⁶ Previous investigations had already established fierce competition amongst social networks and diagnosed a surprising variety in privacy regimes, security practices, and functionality.³

A first conclusion is, therefore: online social networking sites compete with one another and their privacy regimes are one differentiating factor. Further, exist now in early stages enforcement mechanisms for data protection that carry users' privacy preferences through the data processes.

It remains unclear, nonetheless, which privacy controls are crucial to help consumers express their privacy preferences. For existing social networking sites, the number of configuration options varies greatly.³ Clearly, more options does not necessarily mean better privacy control. Users may be overwhelmed by the abundance of settings and have a hard time choosing the intended settings beyond the (typically privacy-unfriendly and operator-imposed) defaults. Which is the minimum set of privacy controls that should be offered? Which aspects of data protection are likely to matter to users? In the absence of reliable data, regulators, standardisation bodies and benevolent companies are in a difficult position to improve the privacy experience online.

From our controlled laboratory experiments with human subjects, we know that one's intuition can be misleading. For instance, Web users feel about as comfortable with revealing their date of birth as the operating system of their computer. The preferred holiday destination and their city of residence are revealed with similar ease.² Field studies show that a user's reported willingness to share her location with the public or friends has little to no predictive value for actual sharing behaviour. The propensity to reveal one's location on Facebook was not significantly different between groups of users reporting to do so and another group claiming to never share their location.¹

An open question is, therefore: which privacy controls are relevant?

Only field observations can eventually answer this question. Users' privacy-related decision-making within social networking platforms has not been studied extensively.⁴ I would like to take the opportunity of the Workshop to share some early insights into how consumers react towards privacy trade-offs online, which privacy-related actions are taken by users of a social networking platform, when these actions are taken, and how common it is amongst users to take protective action.

1. Fehmi Ben Abdesslem and Tristan Henderson Understanding Mobile Social Behaviour Using Smartphones 2010 (OMUE 2010, Observing the Mobile User Experience)
2. Alastair R. Beresford, Dorothea Kübler and Sören Preibusch Unwillingness to Pay for Privacy: A Field Experiment 2010 urn:nbn:de:101:1-20100630493
3. Joseph Bonneau and Sören Preibusch The Privacy Jungle: On the Market for Data Protection in Social Networks 2009 (WEIS 2009, Eighth Workshop on the Economics of Information Security)
4. Kevin Lewis, Jason Kaufman and Nicholas Christakis The taste for privacy: An analysis of college student privacy settings in an online social network 2008 (Journal of Computer-Mediated Communication, 14(1):79–100)
5. Sören Preibusch Information flow control for static enforcement of user-defined privacy policies 2010 http://preibusch.de/publications/privacy_calculus/
6. Sören Preibusch and Joseph Bonneau The privacy landscape: product differentiation on data collection 2011 (to appear in WEIS 2011, Tenth Workshop on the Economics of Information Security)