Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems

  • Eran TochEmail author
  • Yang Wang
  • Lorrie Faith Cranor
Original Paper


Personalization technologies offer powerful tools for enhancing the user experience in a wide variety of systems, but at the same time raise new privacy concerns. For example, systems that personalize advertisements according to the physical location of the user or according to the user’s friends’ search history, introduce new privacy risks that may discourage wide adoption of personalization technologies. This article analyzes the privacy risks associated with several current and prominent personalization trends, namely social-based personalization, behavioral profiling, and location-based personalization. We survey user attitudes towards privacy and personalization, as well as technologies that can help reduce privacy risks. We conclude with a discussion that frames risks and technical solutions in the intersection between personalization and privacy, as well as areas for further investigation. This frameworks can help designers and researchers to contextualize privacy challenges of solutions when designing personalization systems.


Privacy Personalization Human–computer interaction Social networks E-commerce Location-based services 


  1. Acquisti A., Gross R.: Imagined communities: Awareness, information sharing, and privacy on the facebook. In: Danezis, G., Golle, P. (eds) Privacy enhancing technologies, Lecture notes in computer science, vol 4258, pp. 36–58. Springer, Berlin (2006). doi: 10.1007/119574543 Google Scholar
  2. Anton A.I., Earp J.B., Young J.D.: How internet users’ privacy concerns have evolved since 2002. IEEE. Secur. Priv. 8(1), 21–27 (2010)CrossRefGoogle Scholar
  3. Arlein R.M., Jai B., Jakobsson M., Monrose F., Reiter M.K.: Privacy-preserving global customization. In: 2nd ACM conference on electronic commerce, pp. 176–184. ACM Press, Minneapolis (2000)Google Scholar
  4. Awad N.F., Krishnan M.S.: The personalization privacy paradox: an empirical evaluation of information transparency and the willingeness to be profiled online for personalization. MIS Quarterly 30(1), 13–28 (2006)Google Scholar
  5. Barkhuus L., Brown B., Bell M., Sherwood S., Hall M., Chalmers M.: From awareness to repartee: sharing location within social groups. In: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, pp. 497–506. ACM Press, New York (2008)Google Scholar
  6. Benisch M., Kelley P., Sadeh N., Cranor L.: Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs. Pers. Ubiquitous Comput. 15(7), 679–694 (2011)CrossRefGoogle Scholar
  7. Beresford A.R., Stajano F.: Location privacy in pervasive computing. IEEE. Pervasive Comput. 2(1), 46–55 (2003)CrossRefGoogle Scholar
  8. Berkovsky S., Eytani Y., Kuflik T., Ricci F.: Privacy-enhanced collaborative filtering. In: Kobsa A., Cranor L. (eds.) PEP05, UM05 workshop on privacy-enhanced personalization, pp. 75–84. Edinburgh (2005)Google Scholar
  9. Bonneau J., Preibusch S.: The privacy jungle: On the market for data protection in social networks. In: Moore, T., Pym, D., Ioannidis, C. (eds) Economics of information security and privacy, pp. 121–167. Springer, New York (2009)Google Scholar
  10. Canny, J.: Collaborative filtering with privacy via factor analysis. In: Proceedings of the 25th annual international ACM SIGIR conference on research and development in information retrieval, pp. 238–245. ACM Press, Tampere (2002)Google Scholar
  11. Cassel, L., Cassel, L., Wolz, U.: Client side personalization. In: Proceedings of the joint DELOS-NSF workshop on personalization and recommender systems in digital libraries, Dublin City University, Dublin (2001)Google Scholar
  12. Ceri, S., Dolog, P., Matera, M., Nejdl, W.: Model-driven design of web applications with client-side adaptation. In: International conference on web engineering, ICWE’04, vol. 3140, pp. 201–214. Springer, Munich (2004)Google Scholar
  13. Coroama V., Langheinrich M.: Personalized vehicle insurance rates—a case for client-side personalization in ubiquitous computing. Ubiquitous Comput. Workshop Priv. Enhanced Personal. CHI’ 06(22), 56–59 (2006)Google Scholar
  14. Cranor, L.F.: I didn’t buy it for myself: privacy and ecommerce personalization. In: 2003 ACM workshop on privacy in the electronic society, pp. 111–117 ACM Press, Washington, DC (2003)Google Scholar
  15. Culnan, M.J., Milne, G.R.: The culnan milne survey on consumers and online privacy notices: summary of responses. Accessed Dec 2001
  16. Dalal, M.: Personalized social & real-time collaborative search. In: Proceedings of the 16th international conference on World Wide Web, WWW ’07, pp. 1285–1286. ACM Press, New York (2007)Google Scholar
  17. Davis, W.: Report: Marketers limit behavioral targeting due to privacy worries. Tech. rep., Media Post Report (2010)Google Scholar
  18. Dwyer, C., Hiltz, S.R., Passerini, K. Trust and privacy concern within social networking sites: a comparison of facebook and myspace. In: Proceedings of the thirteenth americas conference on information systems (AMCIS 2007), Keystone (2007)Google Scholar
  19. Egelman, S., Tsai, J., Cranor, L., Acquisti, A.: Timing is everything? The effects of timing and placement of online privacy indicators. In: Proceedings of the 27th international conference on Human factors in computing systems, pp. 319–328. ACM Press, New York (2009)Google Scholar
  20. Facebook (2010) Facebook instant personalization. Accessed 26 April 2010
  21. Federal Trade Commission: self-regulatory principles for online behavioral advertising. Tech. rep., Federal Trade Commission (2009)Google Scholar
  22. Forrester Consulting: Outbound email and dataloss prevention in today’s enterprise. (2008). Accessed March 2008
  23. Gedik B., Liu L.: Protecting location privacy with personalized k-anonymity: architecture and algorithms. IEEE Trans. Mobile Comput. 7(1), 1–18 (2008)CrossRefGoogle Scholar
  24. Gerber, S., Fry, M., Kay, J., Kummerfeld, B., Pink, G., Wasinger, R. PersonisJ: mobile, Client-Side user modelling. In: International conference on user modeling, adaptation, and personalization, lecture notes in computer science, vol. 6075, pp. 111–122. Springer, Berlin (2010)Google Scholar
  25. Google (2008) Social graph API. Accessed 01 Feb 2008
  26. Google (2011) Google +1 button - social search. Accessed 01 June 2011
  27. Gruteser M., Liu X.: Protecting privacy, in continuous location-tracking applications. Secur. Priv. IEEE. 2(2), 28–34 (2004)CrossRefGoogle Scholar
  28. Helft M., Wortham J.: Facebook bows to pressure over privacy. New York Times, New York (2010)Google Scholar
  29. Heymann, P., Koutrika, G., Garcia-Molina: Can social bookmarking improve web search? In: Proceedings of the international conference on web search and web data mining, WSDM ’08, pp. 195–206. New York (2008)Google Scholar
  30. Hitchens, M., Kay, J., Kummerfeld, B., Brar, A. Secure identity management for pseudo-anonymous service access. In: Hutter, D., Ullmann, M. (eds.) Security in pervasive computing: second international conference, pp. 48–55, Boppard (2005)Google Scholar
  31. Hoh, B., Gruteser, M.: Protecting location privacy through path confusion. In: Security and privacy for emerging areas in communications networks, 2005. SecureComm 2005. First international conference on security and privacy for emerging areas in communications networks, pp. 194–205. IEEE Computer Society, Washington (2005)Google Scholar
  32. Iachello, G., Smith, I., Consolovo, S., Abowd, G., Hughes, J., Howard, J., Potter, F., Scott, J., Sohn, T., Hightower, J., LaMarca, A.: Control, deception, and communication: Evaluating the deployment of a location-enhanced messaging service. In: Ubicomp ’05, pp. 213–231. Springer-Verlag, Berlin (2005)Google Scholar
  33. Kay, J.: Scrutable adaptation: because we can and must. In: Adaptive hypermedia and adaptive web-based systems, pp. 11–19. Springer, Berlin (2006)Google Scholar
  34. Kay, J., Kummerfeld, B., Lauder, P. Managing private user models and shared personas. In: Workshop on user modelling for ubiquitous computing, 9th international conference on user modeling, pp. 1–11. Johnstown (2003)Google Scholar
  35. Kelley, P.G., Drielsma, P.H., Sadeh, N., Cranor, L.F.: User-controllable learning of security and privacy policies. In: Proceedings of the 1st ACM workshop on AISec, pp. 11–18. ACM Press, Alexandria (2008)Google Scholar
  36. Knijnenburg, B.P., Willemsen, M.C., Gantner, Z., Soncu, H., Newell, C.: Explaining the user experience of recommender systems. User Model. User Adapt. Interact. 22 (2012). doi: 10.1007/s11257-011-9118-4
  37. Kobsa A.: Generic user modeling systems. User Model. User Adapt. Interact. 11(1–2), 49–63 (2001)zbMATHCrossRefGoogle Scholar
  38. Kobsa A.: Generic user modeling systems. In: Brusilovsky, P., Kobsa, A., Nejdl, W. (eds) The adaptive web: methods and strategies of web personalization, pp. 136–154. Springer Verlag, Heidelberg (2007a)Google Scholar
  39. Kobsa A.: Privacy-enhanced web personalization. In: Brusilovsky, P., Kobsa, A., Nejdl, W. (eds) The Adaptive Web, pp. 628–670. Springer-Verlag, Berlin (2007b)CrossRefGoogle Scholar
  40. Kobsa A., Schreck J.: Privacy through pseudonymity in User-Adaptive systems. ACM. Trans. Internet Technol. 3(2), 149–183 (2003)CrossRefGoogle Scholar
  41. Kobsa A., Koenemann J., Pohl W.: Personalized hypermedia presentation techniques for improving online customer relationships. Knowl. Eng. Rev. 16, 111–155 (2001)zbMATHCrossRefGoogle Scholar
  42. Lampinen, A., Tamminen, S., Oulasvirta, A.: All my people right here, right now: management of group co-presence on a social networking site. In: GROUP ’09: Proceedings of the ACM 2009 international conference on supporting group work, pp. 281–290. ACM Press, New York (2009)Google Scholar
  43. Lewis K., Kaufman J., Christakis N.: The taste for privacy: an analysis of college student privacy settings in an online social network. J. Comput. Mediat. Commun. 14(1), 79–100 (2008)CrossRefGoogle Scholar
  44. Lu, Y., Peng, F., Wei, X., Dumoulin, B.: Personalize web search results with user’s location. In: Proceeding of the 33rd international acm sigir conference on research and development in information retrieval, SIGIR 2010, pp. 763–764, Geneva (2010)Google Scholar
  45. Malin, B., Sweeney, L., Newton, E.: Trail re-identification: learning who you are from where you have been. Technical Report LIDAP-WP12, Carnegie Mellon University, Laboratory for international data privacy (2003)Google Scholar
  46. Mayer, J.R., Narayanan, A.: Do not track iab/w3c/ietf position paper. Tech. rep., W3C (2011)Google Scholar
  47. McDonald A.M., Cranor L.F.: Beliefs and behaviors: Internet users’ understanding of behavioral advertising. Tech. rep. Carnegie Mellon University, Pittsburgh (2010)Google Scholar
  48. Mehta, B.: Cross system personalization by learning manifold alignments. In: Proceedings of the 21st national conference on artificial intelligence, Vol. 2, pp. 1920–1921. AAAI Press, Menlo Park (2006)Google Scholar
  49. Mehta, B.: Learning from what others know: privacy preserving cross system personalization. In: Proceedings of the 11th international conference on user modeling, UM ’07, pp. 57–66. Springer-Verlag, Berlin (2007)Google Scholar
  50. Mehta B., Niederee C., Stewart A, Degemmis M., Lops P., Semeraro G.: Ontologically-enriched unified user modeling for cross-system personalization. In: Ardissono, L., Brna, P., Mitrovic, A. (eds) User Modeling 2005, Lecture notes in computer science, vol. 3538, pp. 119–123. Springer, Berlin (2005)Google Scholar
  51. Microsoft Internet explorer tracking protection lists. (2010). Accessed Sept 2010
  52. Miller B.N., Konstan J.A., Riedl J.: PocketLens: toward a personal recommender system. ACM. Trans. Inf. Syst. 22(3), 437–476 (2004)CrossRefGoogle Scholar
  53. Mulligan, D., Schwartz, A.: Your place or mine?: privacy concerns and solutions for server and client-side storage of personal information. In: Proceedings of the tenth conference on computers, Freedom and privacy: challenging the assumptions, pp. 81–84. ACM Press, Toronto (2000)Google Scholar
  54. Mullins, R.: VentureBeat report: privacy group argues buzz breaks wiretap laws. (2010). Accessed 17 Feb 2010
  55. Nakashima, E.: AOL search queries open window onto users’ worlds. Washington Post (2006)Google Scholar
  56. Nissenbaum H.: Privacy as contextual integrity. Wash. Law Rev. Assoc. 79, 119–158 (2004)Google Scholar
  57. Palen, L., Dourish, P.: Unpacking “privacy” for a networked world. In: Proceedings of the SIGCHI conference on human factors in computing systems (CHI ’03), pp. 129–136. ACM Press, New York (2003)Google Scholar
  58. Paliouras, G.: Discovery of web user communities and their role in personalization. User Model. User Adapt. Interact. 22(1–2), 151–175 (2012)Google Scholar
  59. Polat, H., Du, W.: Privacy-preserving collaborative filtering using randomized perturbation techniques. In: IEEE international conference on data mining (ICDM’03). IEEE Computer Society, Los Alamitos (2003)Google Scholar
  60. Polat, H., Du, W.: SVD-based collaborative filtering with privacy. In: 20th ACM symposium on applied computing, pp. 791–795. Santa Fe (2005)Google Scholar
  61. Riedl J.: Personalization and privacy. Internet Comput. IEEE. 5(6), 29–31 (2001)CrossRefGoogle Scholar
  62. Ristenpart, T., Maganis, G., Krishnamurthy, A., Kohno, T.: Privacy-preserving location tracking of lost or stolen devices: cryptographic techniques and replacing trusted third parties with DHTs. In: Proceedings of the 17th conference on security symposium, pp. 275–290. USENIX Association, San Jose (2008)Google Scholar
  63. Schafer J., Frankowski D., Herlocker J., Sen S.: Collaborative filtering recommender systems. In: Brusilovsky, P., Kobsa, A., Nejdl, W. (eds) The Adaptive Web, pp. 291–324. Springer-Verlag, Berlin (2007)CrossRefGoogle Scholar
  64. Spiekermann S., Cranor L.F.: Engineering privacy. IEEE. Trans. Softw. Eng. 35(1), 67–82 (2009)CrossRefGoogle Scholar
  65. Story L., Stone B.: Facebook retreats on online tracking. New York Times, New York (2007)Google Scholar
  66. Stutzman F., Kramer-Duffield J.: Friends only: examining a privacy-enhancing behavior in facebook. In: Mynatt, ED, Schoner, D, Fitzpatrick, G, Hudson, SE, Edwards, K, Rodden, T (eds) CHI, pp. 1553–1562. ACM, New York (2010)Google Scholar
  67. Sweeney L.: K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl Based Syst. 10(5), 557–570 (2002)MathSciNetzbMATHCrossRefGoogle Scholar
  68. Tang, K.P., Keyani, P., Fogarty, J., Hong, J.I.: Putting people in their place: an anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In: Proceedings of the SIGCHI conference on human factors in computing systems, pp. 93–102. ACM Press, Montréal (2006)Google Scholar
  69. Toch, E., Cranshaw, J., Drielsma, P.H., Tsai, J.Y., Kelley, P.G., Springfield, J., Cranor, L., Hong, J., Sadeh, N.: Empirical models of privacy in location sharing. In: Proceedings of the 12th ACM international conference on Ubiquitous computing, Ubicomp ’10, pp. 129–138. ACM Press, New York (2010)Google Scholar
  70. TRUSTe, TNS: 2009 study: consumer attitudes about behavioral targeting. Tech. rep., TRUSTe (2009)Google Scholar
  71. Tsai J., Kelley P.G., Cranor L.F., Sadeh N.: Location-sharing technologies: Privacy risks and controls. J. Law Policy Inf. Soc. 6(2), 119–151 (2010)Google Scholar
  72. Tsai J.Y., Egelman S., Cranor L., Acquisti A.: The effect of online privacy information on purchasing behavior: an experimental study. Inf. Syst. Res. 22, 254–268 (2011)CrossRefGoogle Scholar
  73. Turow, J., King, J., Hoofnagle, C.J., Bleakley, A., Hennessy, M.: Americans reject tailored advertising and three activities that enable it. (2009). Accessed 29 Sept 2009
  74. Volokh E.: Personalization and privacy. Commun ACM 43, 84–88 (2000)CrossRefGoogle Scholar
  75. Wang, Y.: A framework for Privacy-Enhanced personalization. Ph.D. Dissertation, University of California, Irvine (2010)Google Scholar
  76. Wang, Y., Kobsa, A.: Impacts of privacy laws and regulations on personalized systems. In: Kobsa, A., Chellappa, R.K., Spiekermann, S. (eds.) PEP06 CHI06 workshop on privacy-enhanced personalization, pp. 44–46. Montréal (2006)Google Scholar
  77. Wang, Y., Kobsa, A.: Respecting users’ individual privacy constraints in web personalization. In: Conati, C., McCoy, K., Paliouras, G. (eds.) UM07, 11th international conference on user modeling, Berlin–Heidelberg–New York, pp. 157–166. Springer-Verlag, Corfu (2007)Google Scholar
  78. Wang, Y., Norcie, G., Cranor, L.F.: Who is concerned about what? a study of american, chinese and indian users’ privacy concerns on social networking sites. In: 4th international conference on trust and trustworthy computing (TRUST2011), Springer, Pittsburgh 2011Google Scholar
  79. Yi, X., Raghavan, H., Leggetter, C.: Discovering users’ specific geo intention in web search. In: WWW ’09: Proceedings of the 18th international conference on World wide web, pp. 481–490. ACM Press, New York 2009Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2012

Authors and Affiliations

  1. 1.Department of Industrial EngineeringTel Aviv UniversityTel AvivIsrael
  2. 2.School of Computer ScienceCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations