Work in Progress

Understanding Fitness Tracker Users’ and Non-Users’ Requirements for Interactive and Transparent Privacy Information

Authors:

Carolin Stellmacher,

Sebastian Pütz,

Matthias G. Arend,

Verena NitschAuthors Info & Claims

CHI EA '23: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems

Article No.: 299, Pages 1 - 7

https://doi.org/10.1145/3544549.3585698

Published: 19 April 2023 Publication History

Abstract

While fitness tracker users consent to the processing of their sensitive data based on privacy policies, previous research has demonstrated that legal texts often remain unread or incomprehensible. This questions whether the given consent is indeed informed. While past research concentrated on improving privacy comprehension, our research aims to better understand user requirements for interactive and transparent privacy information and control systems. We mainly focus on users’ assessment of contextual and functional aspects. Findings from an online survey with fitness tracker users and non-users (N = 204) reveal that such systems need to support users and potential users throughout the usage life cycle, illustrating a dynamic change in requirements and their prioritization of information transparency and privacy control. Design recommendations derived from our results support the development of interactive and comprehensible privacy systems that enable more knowledgeable decisions on sharing and processing fitness tracker data.

Supplementary Material

Supplemental Materials (3544549.3585698-supplemental-materials.zip)

Download
42.26 KB

MP4 File (3544549.3585698-talk-video.mp4)

Pre-recorded Video Presentation

Download
39.97 MB

MP4 File (3544549.3585698-video-preview.mp4)

Video Preview

Download
901.21 KB

References

[1]

Abdulmalik Alwarafy, Khaled A Al-Thelaya, Mohamed Abdallah, Jens Schneider, and Mounir Hamdi. 2020. A survey on security and privacy issues in edge-computing-assisted internet of things. IEEE Internet of Things Journal 8, 6 (2020), 4004–4022. https://doi.org/10.1109/JIOT.2020.3015432

[2]

Vinayshekhar Bannihatti Kumar, Roger Iyengar, Namita Nisal, Yuanyuan Feng, Hana Habib, Peter Story, Sushain Cherivirala, Margaret Hagan, Lorrie Cranor, Shomir Wilson, Florian Schaub, and Norman Sadeh. 2020. Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text. In Proceedings of The Web Conference 2020(WWW ’20). Association for Computing Machinery, New York, NY, USA, 1943–1954. https://doi.org/10.1145/3366423.3380262

Digital Library

[3]

Jorge Bernal Bernabe, Jose Luis Canovas, Jose L Hernandez-Ramos, Rafael Torres Moreno, and Antonio Skarmeta. 2019. Privacy-preserving solutions for blockchain: Review and challenges. IEEE Access 7 (2019), 164908–164940. https://doi.org/10.1109/ACCESS.2019.2950872

[4]

Alex Bowyer, Jack Holt, Josephine Go Jefferies, Rob Wilson, David Kirk, and Jan David Smeddinck. 2022. Human-GDPR Interaction: Practical Experiences of Accessing Personal Data. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (New Orleans, LA, USA) (CHI ’22). Association for Computing Machinery, New York, NY, USA, Article 106, 19 pages. https://doi.org/10.1145/3491102.3501947

Digital Library

[5]

Simon Byers, Lorrie Faith Cranor, Dave Kormann, and Patrick McDaniel. 2004. Searching for privacy: Design and implementation of a P3P-enabled search engine. In International Workshop on Privacy Enhancing Technologies. Springer, Berlin, Heidelberg, 314–328. https://doi.org/10.1007/11423409_20

Digital Library

[6]

John T. Cacioppo and Richard E. Petty. 1982. The need for cognition. Journal of Personality and Social Psychology 42, 1 (1982), 116–131. https://doi.org/10.1037/0022-3514.42.1.116

[7]

Jiska Classen, Daniel Wegemer, Paul Patras, Tom Spink, and Matthias Hollick. 2018. Anatomy of a Vulnerable Fitness Tracking System: Dissecting the Fitbit Cloud, App, and Firmware. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2, 1, Article 5 (mar 2018), 24 pages. https://doi.org/10.1145/3191737

Digital Library

[8]

Niël H Conradie, Sabine Theis, Jutta Croll, Clemens Gruber, and Saskia K Nagel. 2022. The impact of smart wearables on the decisional autonomy of vulnerable persons. In Künstliche Intelligenz, Demokratie und Privatheit. Nomos Verlagsgesellschaft mbH & Co. KG, Baden-Baden, 377–402. https://www.nomos-elibrary.de/10.5771/9783748913344-377.pdf

[9]

Lorrie Faith Cranor, Manjula Arjula, and Praveen Guduru. 2002. Use of a P3P user agent by early adopters. In Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society. Association for Computing Machinery, Washington, DC, USA, 1–10. https://doi.org/10.1145/644527.644528

Digital Library

[10]

Nico Ebert, Kurt Alexander Ackermann, and Björn Scheppler. 2021. Bolder is Better: Raising User Awareness through Salient and Concise Privacy Notices. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 67, 12 pages. https://doi.org/10.1145/3411764.3445516

Digital Library

[11]

Yuanyuan Feng, Yaxing Yao, and Norman Sadeh. 2021. A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 64, 16 pages. https://doi.org/10.1145/3411764.3445148

Digital Library

[12]

Thomas Franke, Christiane Attig, and Daniel Wessel. 2019. A Personal Resource for Technology Interaction: Development and Validation of the Affinity for Technology Interaction (ATI) Scale. International Journal of Human–Computer Interaction 35, 6 (2019), 456–467. https://doi.org/10.1080/10447318.2018.1456150

[13]

Sandra Gabriele and Sonia Chiasson. 2020. Understanding Fitness Tracker Users’ Security and Privacy Knowledge, Attitudes and Behaviours. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems(CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–12. https://doi.org/10.1145/3313831.3376651

Digital Library

[14]

Joshua Gluck, Florian Schaub, Amy Friedman, Hana Habib, Norman Sadeh, Lorrie Faith Cranor, Yuvraj Agarwal, Joshua Gluck, Florian Schaub, Amy Friedman, Hana Habib, Norman Sadeh, Lorrie Faith Cranor, and Yuvraj Agarwal. 2016. How Short is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices. In Symposium On Usable Privacy and Security (SOUPS)(SOUPS ’16, Soups). USENIX Association, Denver, Colorado, 321–340. https://www.usenix.org/system/files/conference/soups2016/soups2016-paper-gluck.pdf

[15]

Rohit Goyal, Nicola Dragoni, and Angelo Spognardi. 2016. Mind the Tracker You Wear: A Security Analysis of Wearable Health Trackers. In Proceedings of the 31st Annual ACM Symposium on Applied Computing (Pisa, Italy) (SAC ’16). Association for Computing Machinery, New York, NY, USA, 131–136. https://doi.org/10.1145/2851613.2851685

Digital Library

[16]

Colin M. Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs. 2018. The Dark (Patterns) Side of UX Design. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3173574.3174108

Digital Library

[17]

Einar Gudmundsson. 2009. Guidelines for translating and adapting psychological instruments. Nordic Psychology 61, 2 (2009), 29–45. https://doi.org/10.1027/1901-2276.61.2.29

[18]

Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2020. "It’s a Scavenger Hunt": Usability of Websites’ Opt-Out and Data Deletion Choices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–12. https://doi.org/10.1145/3313831.3376511

Digital Library

[19]

Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Cranor, Joel Reidenberg, Norman Sadeh, and Florian Schaub. 2021. Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 63, 25 pages. https://doi.org/10.1145/3411764.3445387

Digital Library

[20]

Carlos Jensen and Colin Potts. 2004. Privacy Policies as Decision-Making Tools: An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vienna, Austria) (CHI ’04). Association for Computing Machinery, New York, NY, USA, 471–478. https://doi.org/10.1145/985692.985752

Digital Library

[21]

Flavius Kehr, Tobias Kowatsch, Daniel Wentzel, and Elgar Fleisch. 2015. Blissfully ignorant: the effects of general privacy concerns, general institutional trust, and affect in the privacy calculus. Information Systems Journal 25, 6 (2015), 607–635. https://doi.org/10.1111/isj.12062

Digital Library

[22]

Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A "Nutrition Label" for Privacy. In SOUPS 2009 - Proceedings of the 5th Symposium On Usable Privacy and Security(SOUPS ’09). Association for Computing Machinery, New York, New York, USA, 1. https://doi.org/10.1145/1572532.1572538

Digital Library

[23]

Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(CHI’10). Association for Computing Machinery, New York, NY, USA, 1573. https://doi.org/10.1145/1753326.1753561

Digital Library

[24]

Patrick Gage Kelley, Sunny Consolvo, Lorrie Faith Cranor, Jaeyeon Jung, Norman Sadeh, and David Wetherall. 2012. A conundrum of permissions: installing applications on an android smartphone. In International conference on financial cryptography and data security. Springer, Berlin, Heidelberg, 68–79. https://doi.org/10.1007/978-3-642-34638-5_6

Digital Library

[25]

Agnieszka Kitkowska, Mark Warner, Yefim Shulman, Erik Wästlund, and Leonardo A. Martucci. 2020. Enhancing Privacy through the Visual Design of Privacy Notices: Exploring the Interplay of Curiosity, Control and Affect. In Proceedings of the Sixteenth USENIX Conference on Usable Privacy and Security(SOUPS’20). USENIX Association, USA, Article 23, 20 pages. https://www.usenix.org/system/files/soups2020-kitkowska.pdf

[26]

Ewa Luger, Stuart Moran, and Tom Rodden. 2013. Consent for All: Revealing the Hidden Complexity of Terms and Conditions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13). Association for Computing Machinery, New York, NY, USA, 2687–2696. https://doi.org/10.1145/2470654.2481371

Digital Library

[27]

Naresh K. Malhotra, Sung S. Kim, and James Agarwal. 2004. Internet Users’ Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model. Information Systems Research 15, 4 (2004), 336–355. https://doi.org/10.1287/isre.1040.0032

Digital Library

[28]

Tamara Munzner. 2009. A nested model for visualization design and validation. IEEE transactions on visualization and computer graphics 15, 6 (2009), 921–928. https://doi.org/10.1109/TVCG.2009.111

Digital Library

[29]

Boubakr Nour, Kashif Sharif, Fan Li, and Yu Wang. 2019. Security and privacy challenges in information-centric wireless internet of things networks. IEEE Security & Privacy 18, 2 (2019), 35–45. https://doi.org/10.1109/MSEC.2019.2925337

[30]

Anna-Marie Ortloff, Maximiliane Windl, Valentin Schwind, and Niels Henze. 2020. Implementation and In Situ Assessment of Contextual Privacy Policies. In Proceedings of the 2020 ACM Designing Interactive Systems Conference(DIS ’20). Association for Computing Machinery, New York, NY, USA, 1765–1778. https://doi.org/10.1145/3357236.3395549

Digital Library

[31]

Data Protection Working Party. 2004. Opinion 10/2004 on More Harmonised Information Provisions. Technical Report. EU Commission.

[32]

Paola Pierleoni, Roberto Concetti, Alberto Belli, and Lorenzo Palma. 2019. Amazon, Google and Microsoft solutions for IoT: Architectures and a performance comparison. IEEE access 8 (2019), 5455–5470.

[33]

Robert W Reeder, Clare-Marie Karat, John Karat, and Carolyn Brodie. 2007. Usability challenges in security and privacy policy-authoring interfaces. In IFIP Conference on Human-Computer Interaction. Springer, Berlin, Heidelberg, 141–155.

[34]

Daniel Reinhardt, Johannes Borchard, and Jörn Hurtienne. 2021. Visual Interactive Privacy Policy: The Better Choice?. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 66, 12 pages. https://doi.org/10.1145/3411764.3445465

Digital Library

[35]

Manuel Rudolph, Denis Feth, and Svenja Polst. 2018. Why users ignore privacy policies–a survey and intention model for explaining user privacy behavior. In International Conference on Human-Computer Interaction. Springer, Berlin, Heidelberg, 587–598.

Digital Library

[36]

H. Jeff Smith, Sandra J. Milberg, and Sandra J. Burke. 1996. Information Privacy: Measuring Individuals’ Concerns about Organizational Practices. MIS Quarterly 20, 2 (1996), 167–196. http://www.jstor.org/stable/249477

Digital Library

[37]

Nili Steinfeld. 2016. “I agree to the terms and conditions”:(How) do users read privacy policies online? An eye-tracking experiment. Computers in human behavior 55 (2016), 992–1000. https://doi.org/10.1016/j.chb.2015.09.038

Digital Library

[38]

Carolin Stellmacher, Jette Ternieten, Daria Soroko, and Johannes Schöning. 2022. Escaping the Privacy Paradox: Evaluating the Learning Effects of Privacy Policies With Serious Games. Proc. ACM Hum.-Comput. Interact. 6, CHI PLAY, Article 232 (oct 2022), 20 pages. https://doi.org/10.1145/3549495

Digital Library

[39]

Shengjing Sun, Xiaochen Zheng, Javier Villalba-Díez, and Joaquín Ordieres-Meré. 2020. Data handling in industry 4.0: Interoperability based on distributed ledger technology. Sensors 20, 11 (2020), 3046.

[40]

Ali Sunyaev, Tobias Dehling, Patrick L Taylor, and Kenneth D Mandl. 2015. Availability and quality of mobile health app privacy policies. Journal of the American Medical Informatics Association 22, e1 (2015), e28–e33. https://doi.org/10.1136/amiajnl-2013-002605

[41]

Madiha Tabassum, Abdulmajeed Alqhatani, Marran Aldossari, and Heather Richter Lipford. 2018. Increasing User Attention With a Comic-based Policy. In Conference on Human Factors in Computing Systems - Proceedings(CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–6. https://doi.org/10.1145/3173574.3173774

Digital Library

[42]

Janice Y Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Information systems research 22, 2 (2011), 254–268.

[43]

Lev Velykoivanenko, Kavous Salehzadeh Niksirat, Noé Zufferey, Mathias Humbert, Kévin Huguenin, and Mauro Cherubini. 2022. Are Those Steps Worth Your Privacy? Fitness-Tracker Users’ Perceptions of Privacy and Utility. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 4, Article 181 (dec 2022), 41 pages. https://doi.org/10.1145/3494960

Digital Library

[44]

Kim-Phuong L Vu, Vanessa Chambers, Fredrick P Garcia, Beth Creekmur, John Sulaitis, Deborah Nelson, Russell Pierce, and Robert W Proctor. 2007. How users read and comprehend privacy policies. In Symposium on Human Interface and the Management of Information. Springer, Berlin, Heidelberg, 802–811. https://doi.org/10.1007/978-3-540-73354-6_88

[45]

Johannes Wild. 2019. Das Regensburger Analysetool für Texte: RATTE. In Sprachschätze. Materialsammlung. o.V. (LISA, Bildungsserver Sachsen-Anhalt), Halle (Saale), 1–8. https://epub.uni-regensburg.de/45121/

[46]

Maximiliane Windl, Niels Henze, Albrecht Schmidt, and Sebastian S. Feger. 2022. Automating Contextual Privacy Policies: Design and Evaluation of a Production Tool for Digital Consumer Privacy Awareness. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (New Orleans, LA, USA) (CHI ’22). Association for Computing Machinery, New York, NY, USA, Article 34, 18 pages. https://doi.org/10.1145/3491102.3517688

Digital Library

[47]

Heng Xu, Sumeet Gupta, Mary Beth Rosson, and John Millar Carroll. 2012. Measuring Mobile Users’ Concerns for Information Privacy. In ICIS 2012 Proceedings. Association for Information Systems (AIS), Atlanta, Georgia, USA, 2278–2293. https://aisel.aisnet.org/icis2012/proceedings/ISSecurity/10

[48]

Noé Zufferey, Kavous Salehzadeh Niksirat, Mathias Humbert, and Kévin Huguenin. 2023. “Revoked just now!” Users’ Behaviors toward Fitness-Data Sharing with Third-Party Applications. Proceedings on Privacy Enhancing Technologies 1 (2023), 1–21.

Cited By

Farag NNoë APatrinos DZawati M(2024)Mapping the Apps: Ethical and Legal Issues with Crowdsourced Smartphone Data using mHealth ApplicationsAsian Bioethics Review10.1007/s41649-024-00296-316:3(437-470)Online publication date: 18-Jun-2024
https://doi.org/10.1007/s41649-024-00296-3

Index Terms

Understanding Fitness Tracker Users’ and Non-Users’ Requirements for Interactive and Transparent Privacy Information
1. Human-centered computing
  1. Visualization
    1. Visualization application domains
2. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Understanding Fitness Tracker Users' Security and Privacy Knowledge, Attitudes and Behaviours
CHI '20: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems

Personal data collected by fitness trackers can leave users open to security and privacy threats, often without their knowledge. Using an online survey with 212 fitness tracker users, we asked questions to understand participants' knowledge, attitudes ...
Users' Privacy Issues with E-learning in Library2.0
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 01

This article discusses the users' privacy issues when they learn in Libray2.0. The authors classify learners' privacy issues in Library2.0 into four categories: users' personal information, users' seeking behavior privacy, threat from the third party ...
Method for measuring the privacy level of pre‐published dataset

Several privacy protection technologies have been designed for protecting individuals’ privacy information in data publishing. It is often easy to make additional information loss of a dataset without measuring the strength of privacy protection it ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI EA '23: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems

April 2023

3914 pages

ISBN:9781450394222

DOI:10.1145/3544549

Editors:
Albrecht Schmidt
LMU Munich, Germany
,
Kaisa Väänänen
Tampere University, Finland
,
Tesh Goyal
Google Research, USA
,
Per Ola Kristensson
University of Cambridge, UK
,
Anicia Peters
University of Namibia, Namibia

Copyright © 2023 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 April 2023

Check for updates

Author Tags

Qualifiers

Work in progress
Research
Refereed limited

Funding Sources

BMBF - Bundesministerium für Bildung und Forschung

Conference

CHI '23

Sponsor:

SIGCHI

CHI '23: CHI Conference on Human Factors in Computing Systems

April 23 - 28, 2023

Hamburg, Germany

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
263
Total Downloads

Downloads (Last 12 months)144
Downloads (Last 6 weeks)19

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Farag NNoë APatrinos DZawati M(2024)Mapping the Apps: Ethical and Legal Issues with Crowdsourced Smartphone Data using mHealth ApplicationsAsian Bioethics Review10.1007/s41649-024-00296-316:3(437-470)Online publication date: 18-Jun-2024
https://doi.org/10.1007/s41649-024-00296-3

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View full text|Download PDF

View Table of Contents