informed consent to address trust, control, and privacy concerns in user profiling thea van der...
TRANSCRIPT
Informed Consent to Address
Trust, Control, and Privacy Concerns
in User Profiling
Thea van der Geest, Willem Pieterson, Peter de Vries
Administrative burden
Background: Governments as form factories• Jobseekers allowances• Tax repayment• National insurance• Child care benefits• Incapacity benefits• Reduced earnings allowance• Study loans• etc, etc, etc
PEP05 Edinburgh July 25 2005
Objectives of e-government
UK Inland revenue, for example:
“a target of 100% all government services to be available on-line by 2005 and to achieve 50 % take up of those services”
“ Delivering public services that are high quality and efficient, […] exploiting to the full technological opportunities and seeking to operate simpler processes”
PEP05 Edinburgh July 25 2005
E-strategy
PEP05 Edinburgh July 25 2005
Customer focus
[…] personalised services […] focused on needs of different customer segments
Effective contact
[…] effective handling of customer contact […] automatic calculation […]
Range of channels
[…] provide customers with relevant and tailored information services
Simplification […] selfserve […] infrastructure for automatic exchange of data […]
Consistency Providing accurate, up to date information to customers […]
From: http://www.hmrc.gov.uk/
The Alter Ego projecton user profiling
PEP05 Edinburgh July 25 2005
Organisation ICT application User
User profile system
A thought experiment
PEP05 Edinburgh July 25 2005
Defining the user profileA user profile is a (structured) data record, containing user-related information, such as ….
– Identifiers– Characteristics– (Dis-)abilities– Needs and interests– Preferences– Personality traits– Previous behaviour in contexts relevant for
predicting and influencing future behaviour
…. supporting communication, interaction and transaction between organisations and their clients.
PEP05 Edinburgh July 25 2005
Literature review
What are the conditions for acceptance and intention to use by users?
- Acceptance of the technology- Acceptance of the collection of data for
creating and maintaining a user profile- Acceptance of the use/application of the
user profile
PEP05 Edinburgh July 25 2005
Major factors determining acceptance
• Trust
• Control
• Privacy concerns
• Access
PEP05 Edinburgh July 25 2005
Trust
Multilayered, e.g.• Propensity to trust
– “Stable” personality trait• Trust in the organisation
– Perceived shared values, commitment– Quality of communication, experience– Perceived benefits, perceived risks
• Trust in the technology– Consistency, perceived ease of use– Perceived benefit of technology
PEP05 Edinburgh July 25 2005
Control
Sense of being in charge of:- Technology used (self-efficacy)- Transaction with organisation
But also in charge of: - (The quality of the) personal information- To whom information is provided- Application of the information in new situations
PEP05 Edinburgh July 25 2005
Privacy concerns = data protection?
What they say ≠ what they do
What they say ≠ what they are
PEP05 Edinburgh July 25 2005
•Improper acquisition of information
•Improper use of information
•Privacy invasion
•Improper and insecure storage and delivery
Informed consent- Required by EU law: 1995 and 2002 Data Protection
Directives - ??? Consent can be dealt with by ticking off checkbox
on web site???
PEP05 Edinburgh July 25 2005
Informed consentis a continuous process
• Disclosure– Nature of the personal data collected– Organisation’s objectives and its effects for users, including
sharing data with other organisations and their objectives– Alternatives when no or just some information is collected – Relevant risks, benefits and uncertainties
• Comprehension• Voluntariness• Competence• Agreement
PEP05 Edinburgh July 25 2005