Problem Summary

Users face significant challenges in managing their privacy settings across various smart devices and applications. Traditional privacy management models are often cumbersome, leading to user fatigue, reduced awareness, and inadequate privacy protection. This is particularly problematic for vulnerable populations such as the elderly, who may struggle with complex decision-making processes and cognitive overload.

Rationale

Employing diverse techniques can make privacy management more intuitive and less burdensome for users. By visualising data collection through Augmented Reality (AR), users can gain better awareness of their privacy risks. Tangible interfaces allow for more natural and less intrusive interactions with privacy settings. Meanwhile, human-centred artificial intelligence (HCAI) reduces the cognitive demands on users by learning and applying expert preferences, ensuring that privacy management is both effective and user-friendly. Integrating these methods can lead to more robust privacy protection and greater user satisfaction.

Solution

To address these challenges, employing diverse techniques such as augmented reality (AR), tangible user interfaces, and human-centred artificial intelligence (HCAI) can significantly enhance privacy control. AR can provide intuitive visual representations of privacy settings, making it easier for users to understand and manage their data. Tangible interfaces offer a more engaging and accessible way to interact with privacy settings, reducing the cognitive load. HCAI leverages expert user preferences and adaptive algorithms to automate and simplify privacy management, ensuring that even vulnerable users can maintain control over their privacy.

Elahi et al. [1] proposed a Human-Centered Artificial Intelligence (HCAI) approach to enhance the privacy protection of elderly app users in smart cities. The authors address the limitations of the privacy self-management model, which increases the cognitive load on elderly users. They introduce two participatory privacy protection algorithms (PPPA-I and PPPA-II) to determine optimal privacy settings for Ambient Assisted Living (AAL) apps and manage runtime permission requests. These algorithms leverage expert user preferences and soft set theory to handle multi-criteria decision-making under uncertainty, ultimately reducing the cognitive burden on elderly users while ensuring robust privacy protection.

Mehta et al. [2] introduced the Privacy Care framework, a tangible interaction system for managing privacy in ubiquitous computing (UbiComp) environments. Traditional GUI-based privacy management tools are often considered intrusive, socially disruptive, and cumbersome. To address these issues, the Privacy Care framework integrates tangible and embodied interactions to offer a more seamless and natural user experience in everyday settings. The framework focuses on two core elements: Awareness and Control. These are supported by three interrelated interaction principles: Direct, Ready-to-Hand, and Contextual. "Direct" refers to intuitive interactions through familiar metaphors. "Ready-to-Hand" emphasises the importance of non-intrusive, ad hoc management that transitions smoothly between the periphery and centre of the user's attention. "Contextual" involves customisation and configurability to suit individual user needs.

Fernandez et al. [3] introduced PARA, an augmented reality (AR) privacy management system for smart devices in IoT ecosystems. The PARA system addresses the challenge of user privacy in environments populated with smart devices by providing an intuitive way to manage privacy preferences through AR visualisation. The authors argue that traditional privacy management solutions are insufficient as they fail to inform users about privacy risks adequately and lack interactive support for managing them. The PARA system uses AR to contextualise data disclosure and improve user awareness of privacy threats. When users point their smartphones at a smart device, PARA displays the collected data types and allows users to control data collection in real time. This interface enables users to explore and adjust privacy settings dynamically.

Kandappu, Subbaraju and Xu [4] explored the balance between reminiscability and privacy in visual life-logging systems for older adults. Using wearable cameras, life-logging systems capture continuous images to help elderly individuals recall their past experiences, enhancing their quality of life. However, these systems pose significant privacy risks by inadvertently capturing sensitive information and social ties. The authors propose obfuscation strategies that selectively obscure parts of images to protect privacy while maintaining reminiscability. The PrivacyPrimer framework leverages a web-based agent to assess privacy risks and apply appropriate obfuscation, reducing the likelihood of privacy breaches while preserving the utility of the images for memory recall. This approach demonstrates a significant privacy-utility trade-off, with a modest reduction in reminiscability scores but substantial improvements in privacy protection.

Platforms: mobile devices, smart devices

Example

AR privacy management interface (PARA) interface - filter for the face [3]. (See enlarged)

From right to left and top to bottom: PrivacyPrimer example of blurring (medium and high) and masking (medium and high) [4]. (See enlarged)

• The approach aims to make privacy management more accessible and less demanding for users who may struggle with traditional models, integrating seamlessly into their daily routines [1][2]. Results indicate that when an appropriate privacy control channel is available, users are more likely to move beyond default settings, enabling fine-grained privacy management and filters for smart devices. This leads to increased privacy perceptions and a greater desire to control privacy [3]. Additionally, the PrivacyPrimer platform allows users to obfuscate parts of life-log images without significantly compromising reminiscability, demonstrating a robust privacy-utility tradeoff with only a modest reduction in reminiscability scores but a significant enhancement in privacy [4].

• Privacy management in ubiquitous computing environments is inherently complex due to the multidimensionality of "access" and the dynamic context. Users often need detailed information to assess potential privacy imbalances, requiring a privacy management system that offers focused, contextual, and engaging interactions. Such a system must be direct and readily available throughout the user's daily routine [2]. The proposed model in [4] primarily addresses privacy threats to life-loggers from implicit inferences made by service providers using visual cues but falls short in tackling explicit threats like bystander privacy and potentially malicious actions by service providers. While assisted privacy management can reduce the perceived control of Ambient Assisted Living (AAL) users over their privacy, it balances this by providing manual adjustment options for those with adequate privacy awareness and skills [1]. Lastly, current AR metaphors may produce overly visual alerts, though designing comforting visuals was beyond the study's scope [3].

Considering the design space for privacy choices [5], this guideline can be applied in the following dimensions:

The guideline empowers users with various innovative techniques to manage their privacy settings. This aligns with the definition of Control, which includes the ability for the data subject to provide consent for data collection and processing, opt-out of data collection, make self-determined decisions on data sharing, and actively influence how their data is handled [6]. Other related privacy attributes: