From Data Disclosure to Privacy Nudges: A Privacy-Aware and User-Centric Personal Data Management Framework

  • Yang Lu
  • Shujun LiEmail author
  • Athina Ioannou
  • Iis Tussyadiah
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1123)


Although there are many privacy-enhancing tools designed to protect users’ online privacy, it is surprising to see a lack of user-centric solutions allowing privacy control based on the joint assessment of privacy risks and benefits, due to data disclosure to multiple platforms. In this paper, we propose a conceptual framework to fill the gap: aiming at user-centric privacy protection, we show that the framework can assess not only privacy risks in using online services but also the added values earned from data disclosure. Through following a human-in-the-loop approach, it is expected that the framework can provide a personalized solution via preference learning, continuous privacy assessment, behavioral monitoring and nudging. Finally, we describe a case study about “leisure travelers” and some areas for further research.


Privacy Transparency Data disclosure User-centricity Profiling Behavioral nudging Human-in-the-loop Ontology 



The authors’ work was supported by the research project, PRIvacy-aware personal data management and Value Enhancement for Leisure Travellers (PriVELT), funded by the EPSRC in the UK, under grant number EP/R033749/1.


  1. 1.
    Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users & choices online. ACM Comput. Surv. 50(3), 44:1–44:41 (2017)Google Scholar
  2. 2.
    Almuhimedi, H., et al.: Your location has been shared 5,398 times!: a field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)Google Scholar
  3. 3.
    Alnemr, R., et al.: A data protection impact assessment methodology for cloud. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 60–92. Springer, Cham (2016). Scholar
  4. 4.
    Ali-Eldin, A., Zuiderwijk, A., Janssen, M.: A privacy risk assessment model for open data. In: Shishkov, B. (ed.) BMSD 2017. LNBIP, vol. 309, pp. 186–201. Springer, Cham (2018). Scholar
  5. 5.
    Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). Scholar
  6. 6.
    Cavoukian, A.: Privacy by design - the 7 foundational principles. Tech. rep. (2011).
  7. 7.
    Das, A., Degeling, M., Smullen, D., Sadeh, N.: Personalized privacy assistants for the internet of things: providing users with notice and choice. IEEE Pervasive Comput. 17(3), 35–46 (2018)CrossRefGoogle Scholar
  8. 8.
    Elueze, I., Quan-Haase, A.: Privacy attitudes and concerns in the digital lives of older adults: Westin’s privacy attitude typology revisited. Am. Behav. Sci. 62(10), 1372–1391 (2018)CrossRefGoogle Scholar
  9. 9.
    Gómez-Barroso, J.L.: Experiments on personal information disclosure: past and future avenues. Telematics Inform. 35(5), 1473–1490 (2018)CrossRefGoogle Scholar
  10. 10.
    Hansen, M.: Marrying transparency tools with user-controlled identity management. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds.) Privacy and Identity 2007. ITIFIP, vol. 262, pp. 199–220. Springer, Boston, MA (2008). Scholar
  11. 11.
    Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) Privacy and Identity 2008. IAICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009). Scholar
  12. 12.
    Kaur, K., Gupta, I., Singh, A.K.: A comparative study of the approach provided for preventing the data leakage. Int. J. Netw. Secur. Appl. 9(5), 21–33 (2017)Google Scholar
  13. 13.
    King, J.: Taken out of context: an empirical analysis of Westin’s privacy scale. In: Workshop on Privacy Personas and Segmentation, p. 2014 (2014)Google Scholar
  14. 14.
    Kumaraguru, P., Cranor, L.F.: Privacy indexes: a survey of Westin’s studies. Tech. rep. (2005).
  15. 15.
    Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In: Proceedings of 10th Symposium On Usable Privacy and Security, pp. 199–212 (2014)Google Scholar
  16. 16.
    Lu, Y., Li, S.: From data flows to privacy issues: a user-centric semantic model for representing and discovering privacy issues. In: Proceedings of 53rd Hawaii International Conference on System Sciences (2020)Google Scholar
  17. 17.
    Lu, Y., Ou, C., Angelopoulos, S.: Exploring the effect of monetary incentives on user behavior in online sharing platforms. In: Proceedings of the 51st Hawaii International Conference on System Sciences (2018)Google Scholar
  18. 18.
    Miniwatts Marketing Group: World Internet usage and population statistics - Updated in March, 2019. Internet World Stats (2019).
  19. 19.
    Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in Android: a user-centric approach. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, M.-F. (eds.) RISK 2013. LNCS, vol. 8418, pp. 21–37. Springer, Cham (2014). Scholar
  20. 20.
    Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: Proceedings of 13th Symposium on Usable Privacy and Security, pp. 399–412. USENIX Association (2017)Google Scholar
  21. 21.
    Park, Y.J.: Digital literacy and privacy behavior online. Commun. Res. 40(2), 215–236 (2013)CrossRefGoogle Scholar
  22. 22.
    Peddinti, S.T., Collins, A., Sedley, A., Taft, N., Turner, A., Woodruff, A.: Perceived frequency of advertising practices (2015).
  23. 23.
    Qiu, M., Gai, K., Thuraisingham, B., Tao, L., Zhao, H.: Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Gener. Comput. Sys. 80, 421–429 (2018)CrossRefGoogle Scholar
  24. 24.
    Rastogi, V., Qu, Z., McClurg, J., Cao, Y., Chen, Y.: Uranine: real-time privacy leakage monitoring without system modification for Android. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICST, vol. 164, pp. 256–276. Springer, Cham (2015). Scholar
  25. 25.
    Schneider, C., Weinmann, M., vom Brocke, J.: Digital nudging: guiding online user choices through interface design. Commun. ACM 61(7), 67–73 (2018)CrossRefGoogle Scholar
  26. 26.
    Seto, Y.: Application of privacy impact assessment in the smart city. Electron. Commun. Jpn 98(2), 52–61 (2015)CrossRefGoogle Scholar
  27. 27.
    Sheehan, K.B.: Toward a typology of internet users and online privacy concerns. Inf. Soc. 18(1), 21–32 (2002)CrossRefGoogle Scholar
  28. 28.
    Tian, Y., et al.: SmartAuth: user-centered authorization for the Internet of Things. In: Proceedings of 26th USENIX Security Symposium, pp. 361–378. USENIX (2017)Google Scholar
  29. 29.
    Wagner, I., Boiten, E.: Privacy risk assessment: from art to science, by metrics. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds.) DPM/CBT -2018. LNCS, vol. 11025, pp. 225–241. Springer, Cham (2018). Scholar
  30. 30.
    Warren, A., Bayley, R., Bennett, C., Charlesworth, A., Clarke, R., Oppenheim, C.: Privacy impact assessments: International experience as a basis for UK guidance. Comput. Law Secur. Rev. 24(3), 233–242 (2008)CrossRefGoogle Scholar
  31. 31.
    Weinmann, M., Schneider, C., vom Brocke, J.: Digital nudging. Bus. Inf. Sys. Eng. 58(6), 433–436 (2016)CrossRefGoogle Scholar
  32. 32.
    Westin, A.F.: Harris-Equifax consumer privacy survey 1991. Equifax Inc. (1991)Google Scholar
  33. 33.
    Wisniewski, P.J., Knijnenburg, B.P., Lipford, H.R.: Making privacy personal: profiling social network users to inform privacy education and nudging. Int. J. Hum. Comput. Stud. 98, 95–108 (2017)CrossRefGoogle Scholar
  34. 34.
    Woodruff, A., Pihur, V., Consolvo, S., Brandimarte, L., Acquisti, A.: Would a privacy fundamentalist sell their DNA for \$1000... if nothing bad happened as a result? the Westin categories, behavioral intentions, and consequences. In: Proceedings of 10th Symposium On Usable Privacy and Security, pp. 1–18. USENIX Association (2014)Google Scholar
  35. 35.
    Xu, K., Guo, Y., Guo, L., Fang, Y., Li, X.: My privacy my decision: control of photo sharing on online social networks. IEEE Trans. Dependable Secure Comput. 14(2), 199–210 (2017)CrossRefGoogle Scholar
  36. 36.
    Zhu, H., Chen, E., Xiong, H., Yu, K., Cao, H., Tian, J.: Mining mobile user preferences for personalized context-aware recommendation. ACM Trans. Intell. Syst. Technol. 5(4), 58:1–58:27 (2015)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of Computing & Kent Interdisciplinary Research Centre in Cyber Security (KirCCS)University of KentCanterburyUK
  2. 2.School of Hospitality and Tourism ManagementUniversity of SurreyGuildfordUK

Personalised recommendations