Support the Visualisation and Comprehension of Disclosed Data
Problem Summary
Users often struggle to comprehend the scope and implications of their disclosed personal data. Despite having access to privacy policies and settings, many users find it challenging to understand how their data is being used, shared, and stored by service providers. This lack of comprehension can lead to unintentional data exposure and a sense of powerlessness in managing personal privacy.
Rationale
The aim is to raise user awareness and provide clear visualisations of disclosed data, helping users make informed decisions about their privacy. By understanding how their data is handled and being able to see it clearly, users can better manage their privacy settings and exercise their data rights effectively.
Solution
To implement tools to enhance users' understanding of their disclosed personal data. This includes the creation of clear and intuitive visualisations that show how personal data is collected, used, and shared.
Collectively, the papers presented below address the problem by providing solutions that enhance transparency, improve awareness, and empower users with control over their disclosed personal data. Through effective visualisation and user-friendly interfaces, these contributions help users overcome the challenges of understanding and managing their personal data, thus mitigating the risks of unintentional data exposure and enhancing their ability to protect their privacy.
Netter et al. [1] introduced the Access Policy Grid (APG), a visualisation tool designed to enhance privacy awareness on social networking sites (SNSs). The APG provides a bird’s-eye view of a user’s privacy settings by visualising the visibility of shared items to different contacts. This matrix-based representation helps users identify their social roles and detect inconsistencies in their privacy settings. The APG lets users see which items are visible to which contacts and vice versa, facilitating a better understanding of their online self-presentation.
Raschke et al. [2] proposed a privacy dashboard designed to help users exercise their data privacy rights under the GDPR. The dashboard is specifically designed to meet the requirements of the GDPR, ensuring users can access, rectify, erase, and manage their personal data. It provides comprehensive personal data visualisations, including data flows between controllers and processors. This helps users understand how their data is being used and shared. Users can review consent given, withdraw consent, and request rectification or data erasure. The tool also supports viewing the purposes of data processing. The Privacy Dashboard prototype is available at http://philip-raschke.github.io/GDPR-privacy-dashboard.
Vitale et al. [3] introduced the Data Dashboard, a prototype system designed to address challenges in personal data management and curation posed by the increasing use of cloud platforms and mobile devices. The Data Dashboard provides a centralised view of personal data from multiple devices and cloud platforms, allowing users to manage their data in one place. Users can apply and customise filters to sort through various data types, enhancing their ability to manage and organise personal information. The study introduces the idea of data boundaries, which are conceptual separations that users create to manage their personal data. Centralisation can blur these boundaries, while customisation helps uphold them. The Data Dashboard prototype is available at https://datadashboard.github.io.
Murmann and Karegar [4] focus on designing effective privacy notifications that help users of online services understand how their personal data is processed. By providing detailed and understandable information, the notifications help users make sense of the data already shared with service providers. The study emphasises creating notifications that are not only informative but also visually clear. The privacy notifications serve an educational purpose by informing users about their data rights and how their data is used.
Platforms: personal computers, mobile devices
Related guidelines: Enable Exploration of Data Exports
Example
Access Policy Grid (APG) - visualisation of fundamental entities and permission relations between entities [1]. (See enlarged)
The Privacy Dashboard - General functionalities and filter options are displayed on the left-hand side. The queried data is in the centre, sorted chronologically, starting with the oldest entry. General information about the controller is provided on the right-hand side [2]. (See enlarged)
The Data Dashboard - Explore Your Data shows an overview of all data from different devices and cloud platforms that users can use filter [3]. (See enlarged)
Privacy notification prototype [4]. (See enlarged)
Use cases
- Enhancing user understanding, control, and management of their disclosed personal data.
- Implementing dashboards that provide clear visual representations of data flows and storage, helping users see what data has been disclosed.
- Providing interfaces where users can visualise what consents have been given, for which data, and to which service providers, along with easy options to modify these consents.
- Helping organisations that must comply with data protection regulations like the GDPR, which require transparency about data usage.
Pros
- The laboratory experiment results, comparing the APG to the native Facebook interface, indicated that the APG significantly outperformed the Facebook interface regarding accuracy, confidence, and time-to-task completion, demonstrating its effectiveness in improving privacy awareness [1].
- A prototype was developed and evaluated with usability experts. The evaluation indicated the prototype's effectiveness in helping users manage their data but highlighted improvement areas, such as refining the data categories [2].
- The prototype was evaluated with participants to gather insights on user reactions to centralisation and customisation [3].
- The prototype was evaluated in a lab setting with participants over three iterations. Feedback from the participants helped refine the design requirements, ensuring the final set of requirements was both practical and effective [4].
Cons
- The APG evaluation was constrained by a small, demographically narrow sample and the use of scenarios instead of real profiles, affecting the generalisability and statistical significance of the findings [1].
- The limited sample size and demographic homogeneity of the user study restrict the generalisability of its results, leading to potential biases and the inability to report quantitative data accurately [3].
- The centralised nature of the Data Dashboard can blur boundaries between different facets of personal data, undermining the distinction between unremarkable and valuable content. Customisation options can mitigate this issue by helping users maintain clear demarcations between various types of data [3].
Privacy Notices
This guideline is closely related to privacy notices. Privacy notices typically inform users about the collection, use, and sharing of their personal data [5].
- On demand
The proposed guideline can present a privacy notice to users when they actively seek privacy information, for example, in privacy dashboards or privacy settings interfaces.
- Periodic
Regular reminders and visual updates on data usage and disclosures inform users of ongoing data practices.
- Context-dependent
Providing visualisations based on changes in context (e.g., location, additional users) can help users grasp the relevance and sensitivity of their disclosed data in different scenarios.
- Decoupled
This guideline can be applied to privacy notices decoupled from privacy choices by implementing privacy dashboards or managers that give users comprehensive control over their data settings, supported by visual summaries of data disclosures and usage.
- Non-blocking
This guideline can be coupled with non-blocking controls (privacy choices), providing control options without forcing user interaction by offering visual control options integrated within the user interface, allowing users to adjust their privacy settings without interrupting their workflow.
- Visual
This guideline is for a visual notice, using visual resources such as colours, text, icons, graphs, and other visual elements to convey privacy information and data disclosures. This includes personalised and easily understandable visual summaries of how data is collected, used, and shared, for instance.
- Primary
Directly integrating visualisations within the user interface of the system or application ensures that users can access privacy information within their current context.
- Secondary
Using companion devices or out-of-band communication channels (e.g., emails, text messages) to provide detailed visualisations when the primary channel is limited.
Transparency
The guideline aims to provide tools and notifications that enhance users' understanding of their disclosed personal data. By visualising how data is handled, the guideline directly supports making data handling practices clear and accessible to users, thus promoting transparency [6]. Other related privacy attributes:
Visual tools can display data retention periods, helping users understand how long their data will be kept and supporting requests for data deletion or retention adjustments.
By enhancing transparency, the guideline helps hold service providers accountable. Clear visualisations of data handling practices make it easier for users and regulators to monitor compliance with privacy policies and regulations.
The guideline's focus on data visualisation helps users identify inaccuracies in their disclosed data. This awareness facilitates users' ability to request corrections, ensuring the accuracy of their personal information.
By visualising disclosed data and providing tools to manage it, the guideline enhances users' ability to control their data. Users can better understand what data has been collected and take appropriate actions, such as withdrawing consent or modifying privacy settings.
References
[1] Michael Netter, Michael Weber, Michael Diener, and Günther Pernul (2014). Visualizing social roles - Design and evaluation of a bird's-eye view of social network privacy settings. In Proceedings of the Twenty Second European Conference on Information Systems (ECIS2014), Tel Aviv 2014. https://aisel.aisnet.org/ecis2014/proceedings/track14/13/
[2] Philip Raschke, Axel Küpper, Olha Drozd, and Sabrina Kirrane (2018). Designing a GDPR-Compliant and Usable Privacy Dashboard. In: Hansen, M., Kosta, E., Nai-Fovino, I., Fischer-Hübner, S. (eds) Privacy and Identity Management. The Smart Revolution. Privacy and Identity 2017. IFIP Advances in Information and Communication Technology(), vol 526. Springer, Cham. https://doi.org/0.1007/978-3-319-92925-5_14
[3] Francesco Vitale, Janet Chen, William Odom, and Joanna McGrenere (2020). Data Dashboard: Exploring Centralization and Customization in Personal Data Curation. In Proceedings of the 2020 ACM Designing Interactive Systems Conference (DIS '20). Association for Computing Machinery, New York, NY, USA, 311–326. https://doi.org/10.1145/3357236.3395457
[4] Patrick Murmann and Farzaneh Karegar (2021). From Design Requirements to Effective Privacy Notifications: Empowering Users of Online Services to Make Informed Decisions. International Journal of Human–Computer Interaction, 37(19), 1823–1848. https://doi.org/10.1080/10447318.2021.1913859
[5] Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor (2015). A Design Space for Effective Privacy Notices. In: Symposium on Usable Privacy and Security (SOUPS 2015). [S.l.: s.n.], p. 1–17. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf
[6] Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288