Problem Summary

It is unrealistic to expect users to specify their privacy preferences without considering the specific context in which these decisions are made. Users need contextual information to make informed and appropriate privacy choices. Without this context, they may struggle to understand the implications of their decisions. Systems should analyse these contexts to provide relevant privacy settings that align with users' current situations and preferences.

Rationale

By implementing contextual privacy controls, users can have more relevant privacy settings based on their specific circumstances and activities, i.e., the context in which privacy decisions are made. Contextual controls can dynamically adjust privacy settings, reducing the burden on users to manually manage their preferences continually. By considering context, the system can better align privacy settings with user expectations and behaviours, leading to higher user satisfaction and trust.

Solution

To develop systems that provide dynamic, personalised privacy recommendations based on contextual factors. These systems utilise various machine learning and data analysis techniques to consider the user's social context, location, time, activities, and relationships to make precise and relevant privacy decisions. The goal is to enhance user data protection by ensuring that privacy settings are continuously aligned with the user's current context and preferences.

Misra and Such [1] highlight the importance of social context in forming access control policies, ensuring privacy settings align with the user’s social interactions and relationships. Their solution proposal is PACMAN, a personal assistant agent that recommends personalised access control decisions based on the social context of information disclosure. It incorporates communities generated from the user's network structure and utilises profile information, along with the specific content to be shared.

Lee and Kobsa [2] developed a machine-learning model to predict user privacy preferences in IoT environments by considering various contextual factors for training. The model incorporates parameters such as location, time, monitoring entity, and purpose to capture the context of data collection and usage. It also includes data on individual users' privacy preferences gathered through surveys, experiments, or historical data. Users with similar privacy preferences are grouped into clusters, which aids in understanding and predicting the privacy needs of different user groups.

Sanchez et al. [3] propose a model that uses contextual factors and user traits to dynamically and personally recommend privacy settings in the fitness domain. The proposed system incorporates user traits and feedback to refine and personalise privacy recommendations continuously. This dynamic adjustment ensures that privacy settings remain relevant to the user's current context, aligning with the guideline’s goal of enhancing user data protection through contextual privacy controls.

Bernsmed et al. [4] propose a Privacy Advisor system based on Case-Based Reasoning (CBR) to assist users in making informed privacy decisions. The system leverages past cases to provide personalised privacy recommendations, adapting solutions from similar previous instances to fit the current context. The Privacy Advisor continuously learns from user feedback to improve its recommendations over time, ensuring they align with individual user preferences and situational factors. The authors validated their model through a prototype implementation and a focus group study, demonstrating its effectiveness in helping users navigate complex privacy settings.

Bilogrevic et al [5] propose the Smart Privacy-aware Information Sharing Mechanism (SPISM), which uses machine-learning techniques to make semi-automatic decisions about whether to share information and at what level of detail. SPISM considers a wide range of contextual features, such as the time of day, current location, and identity of the requester, to make informed decisions about information sharing. The decision-making process is based on personal and contextual features and past user behaviour. If SPISM can confidently make a decision based on the user's past choices, the request is processed automatically. Otherwise, the user is notified and asked to decide, with the option to postpone. The user's decision is then stored for future reference. SPISM uses active learning to adapt and reduce user input over time continuously.

Platforms:

Related guidelines: Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Example

The SPISM mobile application interfaces allow users to register and log in, check other users’ current locations, view nearby devices and their availability, and access features such as past activity records and contacts lists [5]. (See enlarged)

• Combining relationship-based attributes, communities, and profile attributes to represent both the "who" and the "what," effectively capturing the social context of information disclosure [1].
• The simplicity of the privacy profiles is an advantage, as they are easy to understand, unlikely to overfit the data, and likely to generalise to other scenarios, providing a convenient shortcut to help users with their privacy decisions while still allowing for manual adjustments [3].
• The Privacy Advisor provides intelligent privacy support by identifying and comparing privacy policies with similar practices, as demonstrated by a focus group study indicating commonalities in user perceptions of privacy practices [4].
• The study demonstrates that the type of information requested and the requester's social ties are influential factors in users' sharing decisions, highlighting the importance of these features in the decision-making process [5].
• The decision tree models built using contextual information and cluster membership achieved 77% accuracy in predicting users' binary privacy decisions for IoT scenarios. This indicates the effectiveness of the model in understanding and forecasting privacy preferences based on identified contextual factors [2].

• The tool's usability, the alignment of its recommendations with users' own understandings, and the ease with which users can provide feedback on their privacy decisions all need further evaluation [4].
• The study participants were predominantly students aged 18-25, introducing a sampling bias that may limit the generalisability of the results. Additionally, previous cluster analysis on a different demographic (Amazon MTurk workers) yielded slightly different outcomes, indicating the need to consider demographic information when building machine learning models for predicting privacy preferences [2].
• The manual selection of a privacy profile might be difficult for users, which also requires further evaluation [3].
• The system has a slight bias toward over-sharing information, which can be mitigated by introducing error penalties for this type of error [5].

Privacy choices give people control over certain aspects of data practices. Considering the design space for privacy choices [5], this guideline can be applied in the following dimensions:

The guideline focuses on dynamically adjusting privacy controls based on contextual factors such as location, time, social interactions, and specific activities. This aligns with the Control [6] attribute as it emphasises empowering users to manage and influence their privacy settings actively, ensuring that their preferences are respected in varying contexts. Other related privacy attributes: