The Privacy and Usability (Privacy&Us) innovative training network addresses the problem of protecting citizens\' privacy, while enabling them to make informed decisions regarding their actions with privacy implications. With the rapid accumulation and processing of personal...
The Privacy and Usability (Privacy&Us) innovative training network addresses the problem of protecting citizens\' privacy, while enabling them to make informed decisions regarding their actions with privacy implications. With the rapid accumulation and processing of personal data by numerous organisations, it is of paramount importance to protect people from adverse uses of their data, while allowing them to enjoy the benefits the use of these data can possibly provide. To achieve that it is key to tackle the problem of usability, including aspects related to models of behavior, interaction design, technology design, and risk analysis and law.
The overall objective of Privacy&Us is to instruct thirteen creative, entrepreneurial and innovative early stage researchers (ESRs) to be able to reason, design and develop innovative solutions to questions related to the protection of citizens’ privacy, considering the multidisciplinary and intersectoral aspects of the issue. The ESRs are trained to face both current and future challenges in the area of privacy and usability by offering a combination of research-related and transferable competence skills. These skills will enhance the career perspectives of the ESRs in both the academic and non-academic sectors.
The ESRs receive comprehensive training and engage in intersectoral collaboration. Through this collaborative effort, Privacy&Us aims at making a significant contribution and impact to the ESRs future careers. Moreover, it aims at contributing to shaping future privacy policies and practices in Europe and significantly advancing the state of the art in privacy and usability research.
From the start of the project in December 2015 (M1) until November 2017 (M24), the period covered by the First Periodic Report, the work carried out can be summarized as following:
In terms of project management: the Privacy&Us ITN was launched (M1), the position were announced using different channels (starting on M-2, individual announcements were kept until all positions were filled), the supervisory and management boards were elected (M1), all 13 ESRs were hired (10 ESRs on M8, two ESRs on M9, and one ESR on M15). Concerning deliverables: all the 26 deliverables planned were submitted. Both the management board and the supervisory board met regularly.
In terms of training: three Privacy&Us training events were organized (M8 Karlstad, M18 Vienna and M24 Tel Aviv), the first in cooperation with the IFIP Summer School 2016. In the second training event, the ESRs presented their PhD research proposals to an evaluation committee, which were revisited in the third training event. In the training events, the ESRs took part in 12 interdisciplinary and professional training modules. In addition, two online training modules were offered to them. All ESRs had completed their first round of secondments (out of three rounds). The second round of secondments started in M21.
In terms of scientific results: ESRs authored peer-reviewed and accepted international publications in proceedings of well-acknowledged conferences and an article for an IEEE journal. Four additional papers were accepted for publication. The publications include literature reviews (2), and results from surveys (3), interviews (1), and focus groups (1). Ongoing research activities include interviews, focus groups, legal analyses, the design and prototyping of tools, and additional literature reviews.
In terms of dissemination: the project website (https://privacyus.eu) and a Twitter account were set up (M1), and press releases were disseminated. The ESRs engaged in the participation in, and publication of technical reports and scientific papers at, workshops, internationally established conferences, and articles in well-established journals. Concerning general audience publications, Privacy&Us appeared in newspaper articles and news websites and ESRs published blog posts about their research. A public Git repository (https://github.com/PrivacyUs) was set up (M12) for the distribution of open source code.
Advances of the state of the art produced by the ESRs aim at answering the research problem on how to protect citizens’ privacy. The ESRs look at this research problem with different perspectives. Their results, so far, range from socio-psychological and legal perspectives to technical data protection aspects. We highlight:
- a structured literature review for classifying and assessing ex-post transparency enhancing tools according to to the General Data Protection Regulation (GDPR) and human-computer interaction design principles.
- a quantitative study (online survey, 382 participants) of privacy harms concerns, demonstrating that people consider privacy harms as simplified, generic models, rather than recognizing them individually.
- a quantitative (online survey, 268 participants) and qualitative studies (16 interviews) on Near Field Communication (NFC) payment, available in credit cards. It conclude that the users\' mental models are not aligned with the NFC payment protocol.
- an analysis that shows that mobile applications (apps) do not necessarily follow whatever privacy policy they claim before installation.
- a quantitative (online survey, 110 participants) and qualitative (four focus groups) studies of users\' perception about privacy and IoT devices.
- a structured literature review on self-presentation behaviour theories regarding disclosing one\'s HIV status, and how it helps to shape an external projected identity.
The expected result until the end of the project is to successfully train all the thirteen ESRs to reason, design and develop innovative solutions to questions related to the protection of citizens\' privacy and convert their knowledge and ideas into products and services for economic and social benefit.
Concerning measurable results, Privacy&Us expects that its ESRs will publish 20 peer-reviewed and 30 general audience publications by M36. The project also aims to reach out to educate schoolchildren, teenagers and their teachers about privacy, especially in the context of social networks and smartphones.
More info: https://privacyus.eu.