Information Privacy Concern in Context-Aware Personalized Services: Results of a Delphi Study

  • Published : 2010.06.30

Abstract

Personalized services directly and indirectly acquire personal data, in part, to provide customers with higher-value services that are specifically context-relevant (such as place and time). Information technologies continue to mature and develop, providing greatly improved performance. Sensory networks and intelligent software can now obtain context data, and that is the cornerstone for providing personalized, context-specific services. Yet, the danger of overflowing personal information is increasing because the data retrieved by the sensors usually contains privacy information. Various technical characteristics of context-aware applications have more troubling implications for information privacy. In parallel with increasing use of context for service personalization, information privacy concerns have also increased such as an unrestricted availability of context information. Those privacy concerns are consistently regarded as a critical issue facing context-aware personalized service success. The entire field of information privacy is growing as an important area of research, with many new definitions and terminologies, because of a need for a better understanding of information privacy concepts. Especially, it requires that the factors of information privacy should be revised according to the characteristics of new technologies. However, previous information privacy factors of context-aware applications have at least two shortcomings. First, there has been little overview of the technology characteristics of context-aware computing. Existing studies have only focused on a small subset of the technical characteristics of context-aware computing. Therefore, there has not been a mutually exclusive set of factors that uniquely and completely describe information privacy on context-aware applications. Second, user survey has been widely used to identify factors of information privacy in most studies despite the limitation of users' knowledge and experiences about context-aware computing technology. To date, since context-aware services have not been widely deployed on a commercial scale yet, only very few people have prior experiences with context-aware personalized services. It is difficult to build users' knowledge about context-aware technology even by increasing their understanding in various ways: scenarios, pictures, flash animation, etc. Nevertheless, conducting a survey, assuming that the participants have sufficient experience or understanding about the technologies shown in the survey, may not be absolutely valid. Moreover, some surveys are based solely on simplifying and hence unrealistic assumptions (e.g., they only consider location information as a context data). A better understanding of information privacy concern in context-aware personalized services is highly needed. Hence, the purpose of this paper is to identify a generic set of factors for elemental information privacy concern in context-aware personalized services and to develop a rank-order list of information privacy concern factors. We consider overall technology characteristics to establish a mutually exclusive set of factors. A Delphi survey, a rigorous data collection method, was deployed to obtain a reliable opinion from the experts and to produce a rank-order list. It, therefore, lends itself well to obtaining a set of universal factors of information privacy concern and its priority. An international panel of researchers and practitioners who have the expertise in privacy and context-aware system fields were involved in our research. Delphi rounds formatting will faithfully follow the procedure for the Delphi study proposed by Okoli and Pawlowski. This will involve three general rounds: (1) brainstorming for important factors; (2) narrowing down the original list to the most important ones; and (3) ranking the list of important factors. For this round only, experts were treated as individuals, not panels. Adapted from Okoli and Pawlowski, we outlined the process of administrating the study. We performed three rounds. In the first and second rounds of the Delphi questionnaire, we gathered a set of exclusive factors for information privacy concern in context-aware personalized services. The respondents were asked to provide at least five main factors for the most appropriate understanding of the information privacy concern in the first round. To do so, some of the main factors found in the literature were presented to the participants. The second round of the questionnaire discussed the main factor provided in the first round, fleshed out with relevant sub-factors. Respondents were then requested to evaluate each sub factor's suitability against the corresponding main factors to determine the final sub-factors from the candidate factors. The sub-factors were found from the literature survey. Final factors selected by over 50% of experts. In the third round, a list of factors with corresponding questions was provided, and the respondents were requested to assess the importance of each main factor and its corresponding sub factors. Finally, we calculated the mean rank of each item to make a final result. While analyzing the data, we focused on group consensus rather than individual insistence. To do so, a concordance analysis, which measures the consistency of the experts' responses over successive rounds of the Delphi, was adopted during the survey process. As a result, experts reported that context data collection and high identifiable level of identical data are the most important factor in the main factors and sub factors, respectively. Additional important sub-factors included diverse types of context data collected, tracking and recording functionalities, and embedded and disappeared sensor devices. The average score of each factor is very useful for future context-aware personalized service development in the view of the information privacy. The final factors have the following differences comparing to those proposed in other studies. First, the concern factors differ from existing studies, which are based on privacy issues that may occur during the lifecycle of acquired user information. However, our study helped to clarify these sometimes vague issues by determining which privacy concern issues are viable based on specific technical characteristics in context-aware personalized services. Since a context-aware service differs in its technical characteristics compared to other services, we selected specific characteristics that had a higher potential to increase user's privacy concerns. Secondly, this study considered privacy issues in terms of service delivery and display that were almost overlooked in existing studies by introducing IPOS as the factor division. Lastly, in each factor, it correlated the level of importance with professionals' opinions as to what extent users have privacy concerns. The reason that it did not select the traditional method questionnaire at that time is that context-aware personalized service considered the absolute lack in understanding and experience of users with new technology. For understanding users' privacy concerns, professionals in the Delphi questionnaire process selected context data collection, tracking and recording, and sensory network as the most important factors among technological characteristics of context-aware personalized services. In the creation of a context-aware personalized services, this study demonstrates the importance and relevance of determining an optimal methodology, and which technologies and in what sequence are needed, to acquire what types of users' context information. Most studies focus on which services and systems should be provided and developed by utilizing context information on the supposition, along with the development of context-aware technology. However, the results in this study show that, in terms of users' privacy, it is necessary to pay greater attention to the activities that acquire context information. To inspect the results in the evaluation of sub factor, additional studies would be necessary for approaches on reducing users' privacy concerns toward technological characteristics such as highly identifiable level of identical data, diverse types of context data collected, tracking and recording functionality, embedded and disappearing sensor devices. The factor ranked the next highest level of importance after input is a context-aware service delivery that is related to output. The results show that delivery and display showing services to users in a context-aware personalized services toward the anywhere-anytime-any device concept have been regarded as even more important than in previous computing environment. Considering the concern factors to develop context aware personalized services will help to increase service success rate and hopefully user acceptance for those services. Our future work will be to adopt these factors for qualifying context aware service development projects such as u-city development projects in terms of service quality and hence user acceptance.

Keywords

References

  1. Ackerman, M., Darrel, T., and Weitzner, OJ, "Privacy in Context," Human-Computer Interaction, Vol. 16, No. 2/4, 2001, pp. 167-176. https://doi.org/10.1207/S15327051HCI16234_03
  2. Adams, A., "Multimedia Information Changes the Whole Privacy Ballgame," Proceedings of Computers, Freedom, and Privacy, 2000.
  3. Beer, T., Rasinger, J., and Hopken, W., "Exploiting E-C-A Rules for Defining and Processing Context-Aware Push Messages," Lecture Notes in Computer Science, Vol. 4824, 2007, pp. 199-206.
  4. Beresford, A.R and Stajano, F., "Location Privacy in Pervasive Computing," IEEE Pervasive Computing, Vol. 2, No.1, 2003, pp. 46-55. https://doi.org/10.1109/MPRV.2003.1186725
  5. Bookbinder, J.H., Imada, S.J., and Lynch, M., "The Future of Logistics in Canada: A Delphi-Based Forecast," Logistics and Transportation Review, Vol. 30, No. 1, 2004, pp.95-112.
  6. Brancheau, J.c., Janz, B.D., and Wetherbe, J.c., "Key Issues in Information Systems Management: 1994-1995 SIM Delphi Results," MIS Quarterly, Vol. 20, No.2, 1996, pp. 225-242. https://doi.org/10.2307/249479
  7. Cas, J., "Privacy in Pervasive Computing Environments-a Contradiction in Terms?," IEEE Technology and Society Magazine, 2005, pp. 24-33.
  8. Chellappa, R.K. and Sin, R.G., "Personalization versus Privacy: An Empirical Examination of the Online Consumer's Dilemma," Information Technology and Management, Vol. 6, No. 2/3, 2005, pp. 181-202. https://doi.org/10.1007/s10799-005-5879-y
  9. Cheverst, K, Mitchell, K, and Davies, N., "Exploring Context-aware Information Push," Personal and Ubiquitous Computing, Vol. 6, No.4, 2002, pp. 276-281. https://doi.org/10.1007/s007790200028
  10. Clarke, R, "Internet Privacy Concerns Confirm the Case for Intervention," Communications of the ACM, Vol. 42, No.2, 1999, pp. 60-67. https://doi.org/10.1145/293411.293475
  11. Czinkota, M.R and Ronkainen, I.A, "International Business and Trade in the Next Decade: Report From a Delphi Study," Journal of International Business Studies, Vol. 28, No.4, 1997, pp. 827-844. https://doi.org/10.1057/palgrave.jibs.8490121
  12. Delbecq, A.L., Gustafsson, D.H., and Van de Van, A.H., Group Techniques for Program Planning: A Guide to Nominal Group and Delphi Processed, Scott-Foresman and Co. Glenview, IL, 1975.
  13. Dritsas, S., Gritzalis, D., and Lambrinoudakis, C, "Protecting Privacy and Anonymity in Pervasive Computing: Trends and Perspectives," Telematics and informatics, Vol. 23, No.3, 2006, pp. 196-210. https://doi.org/10.1016/j.tele.2005.07.005
  14. Edmunds, H, The Focus Group Research Handbook, NTC Business Books, 1999.
  15. Eymann, T. and Morito, H, "Privacy Issues of Combining Ubiquitous Computing and Software Agent Technology in a LifeCritical Environment," Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, Den Haag, IEEE Press, 2004.
  16. Floridi, L., "Four Challenges for a Theory of Informational Privacy," Ethics and Information Technology, Vol. 3, No.8, 2006, pp. 109-119.
  17. Friedman, B., Kahn Jr., P.H, Hagman, J., and Severson, R.L., "The Watcher and the Watched: Social Judgments about Privacy in a Public Place," Human-Computer Interaction, Vol. 21, No.2, 2006, pp. 235-272. https://doi.org/10.1207/s15327051hci2102_3
  18. Gandon, F.L. and Sadeh, N.M., "Semantic Web Technologies to Reconcile Privacy and Context Awareness," Web Semantics: Science, Services and Agents on the World Wide Web, Vol. 1, No.3, 2004, pp. 241-260. https://doi.org/10.1016/j.websem.2003.07.008
  19. Hasson, F., Keeney,S., and McKenna, H, "Research Guidelines for the Delphi Survey Technique," Journal of Advanced Nursing, Vol. 32, No.4, 2000, pp. 1008-1015.
  20. Hayne, S. and Pollard, C, "A Comparative Analysis of Critical Issues Facing Canadian Information Systems Personnel: A National and Global Perspective," Information and Management, Vol. 38, No.2, 2000, pp. 73-86. https://doi.org/10.1016/S0378-7206(00)00056-2
  21. Helle, M.R, Reijnown, M., and Mannermaa, J.P., "Using a Delphi Survey to Access the Value of Pharmaceutical Process Validation. Part 1: Survey Methodology," Pharmaceutical Technology Europe, Vol. 15, No.4, 2003, p. 43.
  22. Herlocker, J. and Konstan, J., "ContentIndependent, Task-Focused Recommendations," IEEE Internet Computing, Vol. 5, 2001, pp. 40-47.
  23. Hoffman, D.L., Novak, T.P., and Peralta, M.A, "Information Privacy in the Marketspace: Implications for the Commercial Uses of Anonymity on the Web," The Information Society, Vol. 15, No.2, 1999, pp. 129-140. https://doi.org/10.1080/019722499128583
  24. Holsapple, P. and Joshi, K., "Knowledge Manipulation Activities: Results of a Delphi study," Information and Management, Vol. 39, No.6, 2002, pp. 477-490. https://doi.org/10.1016/S0378-7206(01)00109-4
  25. Hui, K.L., Tan, B.C.Y., and Goh, C.Y., "Online Information Disclosure: Motivators and Measurements," ACM Transactions on Internet Technology, Vol. 6, No.4, 2006, pp. 415-441. https://doi.org/10.1145/1183463.1183467
  26. Jiang, X. and Landay, JA, "Modeling Privacy Control in Context-Aware Systems," IEEE Pervasive Computing, Vol. 1, No.3, 2002, pp. 59-63. https://doi.org/10.1109/MPRV.2002.1037723
  27. Jiang, X., Hong, J.I., and Landay, J.A., "Approximate Information Flows: Sodally- Based Modeling of Privacy in Ubiquitous Computing," UbiComp 2002, 2002, pp. 176-193.
  28. Junglas, I.A and Spitzmuller, C, "A Research Model for Studying Privacy Concerns Pertaining to Location-Based Services," Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences, (HICSS'OS), 2005, pp. 180-182.
  29. Kang, J.M. and Bang, K.C, "A Study on Protection Technology and Scope about Information Privacy in Ubiquitous Sensing Network Environment," Journal of Digital Society, Vol. 7, No.4, 2006, pp. 301- 308.
  30. Kendall, J.E., Kendall, K.E., Smithson, S., and Angell, I.O., "SEER: A Divergent Methodology Applied to Forecasting the Future Roles of the Systems Analyst," Human Systems Management, Vol. 11, No.3, 1992, pp. 123-135.
  31. Kuhn, M.G., "Electromagnetic Eavesdropping Risks of Flat-Panel Displays," Lecture Notes in Computer Science, Vol. 3424, 2005, pp. 88-107.
  32. Kuo, F.Y., Lin, C.S., and Hsu, M.H., "Assessing Gender Differences in Computer Professionals' Self-Regulatory Efficacy Concerning Information Privacy Practices," Journal of Business Ethics, Vol. 73, No.2, 2007, pp. 145-160. https://doi.org/10.1007/s10551-006-9179-1
  33. Lai, V. and Chung, W., "Managing International Data Communications," Information and Management, Vol. 45, No.3, 2002, pp. 89-93.
  34. Langheinrich, M., "Privacy Invasions in Ubiquitous Computing, Workshop on Socially- informed Design of Privacy-enhancing Solutions in Ubiquitous Computing," UbiComp 2002, 2002, Goteborg, Sweden.
  35. Lapkin, A, "Context-Aware Computing: Four Questions CIOs Should be Asking," Gartner Special Report (http://www.gart ner.com/DisplayDocument?ref = g_search &id = 1144612&Subref = simplesearch), 2009.
  36. Linstone, H. and Turoff, M., The Delphi Method: Techniques and Applications. Addison Wesley, Reading, MA, 1975, pp. 3-12.
  37. Malhotra, N.K., Kim, S.S. and Agarwal, J., "Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale and a Causal Model," Information Systems Research, Vol. 15, 2004, pp. 336-355. https://doi.org/10.1287/isre.1040.0032
  38. Mobasher, B., Cooley, R., and Srivastava, J., "Automatic Personalization Based on Web Usage Mining," Communications of the ACM, Vol. 43, No.8, 2000, pp. 142-151. https://doi.org/10.1145/345124.345169
  39. Morgan, D.L., The Focus Group Guidebook, Focus Group Kit 1, Sage, Beverly Hills, CA, 1998.
  40. Mulligan, P., "Specification of a Capability-Based IT Classification Framework," Information and Management, Vol. 39, No, 8, 2002, pp, 647-658. https://doi.org/10.1016/S0378-7206(01)00117-3
  41. Myles, G., Friday, A, and Davies, N., "Preserving Privacy in Environments with Location-Based Applications," IEEE Pervasive Computing, Vol. 2, No.1, 2003, pp. 56- 64. https://doi.org/10.1109/MPRV.2003.1186726
  42. Nambisan, S., Agarwal, R. and Tanniru, M., "Organizational Mechanisms for Enhancing User Innovation in Information Technology," MIS Quarterly, Vol. 23, No. 3, 1999, pp. 365-395. https://doi.org/10.2307/249468
  43. Neustaedter, C. and Greenberg, S., "The Design of a Context-Aware Home Media Space for Balancing Privacy and Awareness," UbiComp 2003, 2003, pp. 297-314.
  44. Nguyen, D.H., Kobsa, A, and Hayes, G. R., "An Empirical Investigation of Concerns of Everyday Tracking and Recording Technologies," Proceedings of the 10th International Conference on Ubiquitous Computing, 2008, pp. 182-191.
  45. Nissenbaum, H, "Protecting Privacy in an Information Age: The Problem of Privacy in Public," Law and Philosophy, Vol. 17, No. 5/6, 1998, pp. 559-596.
  46. Nowak, G.J. and Phelps, J., "Direct Marketing and the Use of Individual-Level Consumer Information: Determining How and When Privacy Matters," Journal of Direct Marketing, Vol. 11, No.4, 1997, pp. 94-109. https://doi.org/10.1002/(SICI)1522-7138(199723)11:4<94::AID-DIR11>3.0.CO;2-F
  47. Okoli, C and Pawloski,S., "The Delphi Method as a Research Tool: An Example, Design, Considerations and Applications," Information and Management, Vol. 42, No.1, 2004, pp. 15-29. https://doi.org/10.1016/j.im.2003.11.002
  48. Palen, L. and Dourish, P., "Unpacking "Privacy" for a Networked World," Human Factors in Computing Systems: CHI 2003, Vol. 5, No.1, 2003, pp. 129-136.
  49. Robinson, J.B.L., "Delphi Methodology for Economic Impact Assessment," Journal of Transportation Engineering, Vol. 117, No.3, 1991, pp. 335-349. https://doi.org/10.1061/(ASCE)0733-947X(1991)117:3(335)
  50. Sacramento, V., Endler, M., and Nascimento, F.N., "A Privacy Service for Context- aware Mobile Computing," First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005, pp. 182-193.
  51. Sakagami, H, Kamba, T., Sugiura, A, and Koseki, Y., "Effective Personalization of Push-Type Systems-Visualizing Information Freshness," Computer Networks and ISDN Systems, Vol. 30, No. 1/7, 1998, pp. 53-63. https://doi.org/10.1016/S0169-7552(98)00060-9
  52. Scheffler, T. and Schnor, B., "Privacy Requirements for Embedded Sensor Devices," IEEE 16th International Symposium on Personal, Indoor and Mobile Radio Communications, Vol. 2, 2005, pp. 790-794.
  53. Schmidt, R.C, "Managing Delphi Surveys Using Nonparametric Statistical Techniques," Decision Sciences, Vol. 28, No.3, 1997, pp. 763-774. https://doi.org/10.1111/j.1540-5915.1997.tb01330.x
  54. Schmidt, R.C, Lyytinen, K., Keil, M., and Cule, P., "Identifying Software Project Risks: An International Delphi Study," Journal of Management Information Systems, Vol. 17, No.4, 2001, pp. 5-36. https://doi.org/10.1080/07421222.2001.11045662
  55. Shoji, T. and Nakajima, T., "Privacy-Concern for Context-Aware Environments," Proceedings of IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems, 2004, pp. 85-89.
  56. Smith, H.J. and Milberg, S.J., "Information Privacy: Measuring Individuals' Concerns about Organizational Practices," MIS quarterly, Vol. 20, No.2, 1996, pp. 167-196. https://doi.org/10.2307/249477
  57. Soppera, A and Burbridge, T., "Maintaining Privacy in Pervasive Computing-Enabling Acceptance of Sensor-Based Services," BT Technology Journal, Vol. 22, No.3, 2004, pp. 106-118. https://doi.org/10.1023/B:BTTJ.0000047125.97546.4a
  58. Spiekermann, S., "Perceived Control: Scales for Privacy in Ubiquitous Computing Environments," Proceedings of 10th International Conference on User Modeling, 2005.
  59. Stone, E.F., Gardner, D.G., Geugal, H.G., and McClure,S., "A Field Experiment Comparing Information-Privacy Values, Beliefs and Attitudes Across Several Types of Organizations," Journal of Applied Psychology, Vol. 68, No.3, 1983, pp. 459-468. https://doi.org/10.1037/0021-9010.68.3.459
  60. Viehland, D. and Hughes, J., "The Future of the Wireless Application Protocol," Proceedings of the Eighth Americas Conference on Information Systems, Dallas, 2002, pp. 1883- 1891.
  61. Wang, H., Lee, M.K.O., and Wang, C., "Consumer Privacy Concerns about Internet Marketing," Communications of the ACM, Vol. 41, No.3, 1998, pp. 63-70. https://doi.org/10.1145/272287.272299
  62. Westin, A, Privacy and freedom. New York: Athaneum, 1967.