Mandy Goram

Background:

Digital apps and services are everywhere in our lives, helping us with our daily tasks and at work. The digital helpers are learning our habits, knowing our preferences and our schedule in order to provide us with the best possible support and convenience. However, what information is collected about the users usually remains hidden. While users are interested in knowing what happens to their information and who has access to it, privacy policies are far too complicated and too long. As a result, privacy policies are not read at all and are accepted without knowing what data processing the users are consenting to.

Research in the field of privacy recognized this problem a long time ago and is looking for suitable solutions to help users to understand privacy policies and data usage. However, there is still a lack of a clear approach to dealing with this asymmetry of knowledge and power between providers and users. Practical approaches are still required.

Objective(s):

Possible topics include, but are not limited to:

Review of scientific and practical approaches to compare data processing between different applications and services. What approaches have been developed for comparisons up to now? How successful has their evaluation been? What aspects should be compared? Where are there currently gaps in research and challenges that need to be solved in order to support users to compare different providers?

Review of scientific and practical approaches to how data processing in applications and services changes over time. What existing monitoring and privacy alerts exist and what are their advantages and disadvantages? What approaches enable users to track changes in data processing across all past data usage conditions? What privacy alerts exist to inform users about changes in data processing? 

This is an umbrella topic since topics of interest change rapidly. Students are encouraged to propose a topic that is of interest to them within the topic area. The thesis allows you to gain a broad and deep knowledge in privacy communication and to make a significant contribution towards a scientifically sound fundament.

Literature:

Zou, Y., Danino, S., Sun, K., & Schaub, F. (2019). You `Might’ Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications. Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems - CHI ’19, 1–14. https://doi.org/10.1145/3290605.3300424

Micallef, N., Just, M., Baillie, L., & Alharby, M. (2017). Stop annoying me!: An empirical investigation of the usability of app privacy notifications. Proceedings of the 29th Australian Conference on Computer-Human Interaction  - OZCHI ’17, 371–375. https://doi.org/10.1145/3152771.3156139

Balebako, R., Schaub, F., Adjerid, I., Acquisti, A., & Cranor, L. (2015). The Impact of Timing on the Salience of Smartphone App Privacy Notices. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices - SPSM ’15, 63–74. https://doi.org/10.1145/2808117.2808119

User interfaces for privacy agents | ACM Transactions on Computer-Human Interaction. (n.d.). Retrieved May 26, 2020, from https://dl.acm.org/doi/abs/10.1145/1165734.1165735

Kelley, P. G., Bresee, J., Cranor, L. F., & Reeder, R. W. (2009). A “Nutrition Label” for Privacy. Proceedings of the 5th Symposium on Usable Privacy and Security - SOUPS ’09, 1. https://doi.org/10.1145/1572532.1572538