A value-centered approach to data privacy decisions
View/ Open
Date
2024-02-06Author
Carter, Sarah E.
Metadata
Show full item recordUsage
This item's downloads: 146 (view details)
Abstract
There are a host of data privacy decisions we must make every day – and it is exceedingly
difficult, if not impossible, for us to make meaningful decisions about all of them. In this
thesis, I define, conceptualize, interrogate, and design for value-centered privacy decision making – that is, decisions that are focused on who we are and what we value – as a means
of respecting and promoting user autonomy. To achieve this, this work utilizes
philosophical theory to understand value-centered privacy decisions and translates this
theory into a system that promotes such decisions. In summary, this work has two major
contributions.
Firstly, I conceptualize and define value-centered privacy decision-making
using a value-centered theory of autonomy. I explore how we can create the space for
value-centered privacy decisions by applying the Four-Dimensional Theory of Self Governance (4DT). I first conceptualize privacy decisions in terms of these four
dimensions – self-definition, self-realization, self-unification, and self-constitution – and
explore existing data privacy challenges through this lens. In particular, I conceptualize
notice fatigue in terms self-realization, self-unification, and self-constitution; a lack of
relevant privacy controls in terms of self-realization and self-unification; and nudges in
terms of self-realization and self-unification. I then present and discuss results from a
mixed-methods investigation into how values are involved in privacy decisions – in
particular, app choice. We found that they were related in a highly individualized, context specific manner, observing different values that were more relevant based on the app in
question. This suggests that the value-privacy relationship is largely informed by
individual preferences and understandings of values. However, the values of Use, Control,
and Community were quite prevalent, with Use and Control in particular spanning contexts
and individual participants. They were also frequently perceived as in conflict with each
other. This suggests that these three values are the most relevant to consider when
designing for value-centered privacy decisions. The participants’ experiences can also be
explained using 4DT, providing empirical support for our conceptualization of value centered privacy. However, the study results also provide insights into how existing
systems – such as surveillance capitalism and the attention economy – frustrate value centered privacy decisions.
Secondly, I use the 4DT-based understanding of value-centered privacy decisions
to establish the usability and effectiveness of the value-centered approach, designing a
privacy assistant to help users make app choices that are in more accordance with their
personal values. To inform the design of a smartphone assistant that creates this space for
users, I examine an existing technology – personalized privacy assistants (PPAs) – using
the 4DT lens. Using insights from this examination, I propose a value-centered,
smartphone privacy assistant (VcPA) to help users make more value-centered decisions at
one privacy decision point: smartphone app choices. This VcPA consists of three features:
selective notices, exploratory notices, and a “suggest alternative apps” feature. I then
present the results from testing a prototype VcPA system with users, serving as a proof-of concept that a value-centered privacy assistant, designed using privacy preferences and
values, could help users when making privacy decisions such as choosing apps. In
particular, we found that the VcPA prototype helped users download value-consistent apps,
with the “suggest alternatives” feature especially well-received. We also identified places
where the VcPA could be improved – for example, profiles could be improved by being
made more customizable; VcPA notices could be made easier to understand; and the
“suggest alternatives” feature could be more streamlined.
This thesis lays the groundwork for future researchers to design systems that
promote value-centered privacy decisions. To guide this future work, I lastly present
prospective research avenues to advance the value-centered approach to data privacy
decision-making. In particular, I discuss limitations of the studies in this work, including
engagement with a wider range of demographic groups; touch upon how the identified
VcPA improvements, such as improved VcPA profiles, might be accomplished; briefly
explore the possibility of applying the value-centered understanding to other privacy
contexts; and consider how both system-wide regulation and individual autonomy enhancing interventions, such as the VcPA, can empower us to shape a technological
future based on our values.