Carnegie Mellon University

A animated woman looking at a mobile phone in her hand. A text overlay, featuring the IoT Assistant logo of a stylized chameleon, reads Internet of Things Assistant.

May 17, 2021

Researchers develop new guidance for designing privacy choices

People can have greater control over their personal data today than they have for a while, at least in theory. Privacy regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have created a path towards empowering people to control their privacy.

In reality, however, the privacy picture is a bit less rosy.

“In many real-world systems today, privacy choices are difficult to find, overly simplified, and even manipulative,” says Yuanyuan Feng, a postdoctoral researcher in the Institute for Software Research (ISR). “Part of the reason for this is that regulations offer very little guidance on how to actually implement privacy requirements.”

In a new study presented at this week’s Association for Computing Machinery (ACM) Computer-Human Interaction (CHI) conference, Feng and her colleagues outlined a set of standards and taxonomy to help alleviate the void in guidance that still leaves privacy choices muddied for users.

In their study, they introduce the notion of “meaningful privacy control.” In order for privacy choices to be meaningful—to be desirable to users and in compliance with regulations—they need five attributes: they should not only be (1) effective and (2) efficient by traditional usability standards, but also should (3) support user awareness, (4) accommodate a comprehensive set of privacy rights, and (5) be presented to users in a neutral, non-manipulative manner.

Because little concrete guidance for designing privacy controls exists, the team developed a privacy control “design space”—a map of all dimensions one should consider when designing privacy controls—based on a comprehensive review of Internet, mobile, and Internet of Things (IoT) technologies, the privacy choices they offer, and how users interact with these choices.

“We hope this framework and taxonomy will help guide practitioners to design and implement more meaningful privacy controls, empowering consumers to actually take advantage of those choices mandated by privacy regulations,” says CyLab’s Norman Sadeh, a computer science professor in the Institute for Software Research and the principal investigator of the Personalized Privacy Assistant Project.

The team presented a use case on how they leveraged their guidelines in the design of the IoT Assistant, a mobile app and digital infrastructure to help people discover nearby Internet of Things (IoT) systems collecting data about them. The IoT Assistant is part of a privacy infrastructure for the IoT developed by the Personalized Privacy Assistant project, and is now available in 30 different countries for people to publicize the presence of their IoT systems and give passersby access to controls to limit the collection and use of their data.

Using their IoT Assistant mobile app, which is available on both iOS and Android phones, users are alerted about the presence of nearby IoT systems collecting their data, subject to preferences they can specify. Owners and operators of these IoT systems can use the infrastructure and the IoT assistant app to publicize privacy controls such as “opt-ins,” “opt-outs,” or requests to have one’s data deleted.

The researchers’ newly developed design space served as a guide for every design decision in creating the platform. For example, the IoT Assistant offers multiple types of privacy choices, including choices to support the right to access or delete one’s data. The IoT Assistant supports consumer awareness by supporting multiple channels to publicize the presence of IoT systems—location-based alerts as well as QR codes. The IoT Assistant also supports multiple notification modalities, which individual users can select from, ranging from visual notifications to sounds and even a haptic interface where users are alerted about nearby IoT collection through vibration of their smartwatch.

“The design space we mapped out enabled us to more systematically evaluate options as we designed our IoT Assistant app and ultimately ensure that privacy choices are made available to users in a manner that maximizes the chance they can effectively take advantage of them,” says Sadeh. “We hope other practitioners will find our framework useful and will take advantage of it when designing their own privacy controls. Ultimately, it is about enabling consumers to take full advantage of the choices mandated by new privacy regulations and any additional privacy choices organizations want to make available to them”

Owners of IoT systems can use the IoT Privacy Infrastructure to publicize the presence of their IoT resources and make privacy controls accessible to passersby.