Thea van der Geest by 0PNlQ1


									Informed Consent to Address
Trust, Control, and Privacy Concerns
in User Profiling

Thea van der Geest, Willem Pieterson, Peter de Vries
           Administrative burden
Background: Governments as form factories
• Jobseekers allowances
• Tax repayment
• National insurance
• Child care benefits
• Incapacity benefits
• Reduced earnings allowance
• Study loans
• etc, etc, etc
                                      PEP05 Edinburgh July 25 2005
     Objectives of e-government
UK Inland revenue, for example:
“a target of 100% all government services to be
  available on-line by 2005 and to achieve 50
  % take up of those services”
“ Delivering public services that are high quality
  and efficient, […] exploiting to the full
  technological opportunities and seeking to
  operate simpler processes”

                                   PEP05 Edinburgh July 25 2005
Customer         […] personalised services […] focused
focus            on needs of different customer segments
Effective        […] effective handling of customer contact
contact          […] automatic calculation […]
Range of         […] provide customers with relevant and
channels         tailored information services
Simplification   […] selfserve […] infrastructure for
                 automatic exchange of data […]
Consistency      Providing accurate, up to date information
                 to customers […]
From:           PEP05 Edinburgh July 25 2005
          The Alter Ego project
            on user profiling

Organisation   ICT application          User

                User profile

                                 PEP05 Edinburgh July 25 2005
A thought experiment

                PEP05 Edinburgh July 25 2005
         Defining the user profile
A user profile is a (structured) data record,
containing user-related information, such as ….
    –   Identifiers
    –   Characteristics
    –   (Dis-)abilities
    –   Needs and interests
    –   Preferences
    –   Personality traits
    –   Previous behaviour in contexts relevant for predicting
        and influencing future behaviour
…. supporting communication, interaction and
transaction between organisations and their
                                          PEP05 Edinburgh July 25 2005
           Literature review
What are the conditions for acceptance
and intention to use by users?
  - Acceptance of the technology
  - Acceptance of the collection of data for
    creating and maintaining a user profile
  - Acceptance of the use/application of the
    user profile

                                PEP05 Edinburgh July 25 2005
            Major factors
       determining acceptance

• Trust
• Control
• Privacy concerns

• Access

                        PEP05 Edinburgh July 25 2005
Multilayered, e.g.
• Propensity to trust
   – “Stable” personality trait
• Trust in the organisation
   – Perceived shared values, commitment
   – Quality of communication, experience
   – Perceived benefits, perceived risks
• Trust in the technology
   – Consistency, perceived ease of use
   – Perceived benefit of technology

                                            PEP05 Edinburgh July 25 2005
Sense of being in charge of:
- Technology used (self-efficacy)
- Transaction with organisation

But also in charge of:
- (The quality of the) personal information
- To whom information is provided
- Application of the information in new situations

                                       PEP05 Edinburgh July 25 2005
  Privacy concerns = data protection?
•Improper acquisition of information
•Improper use of information
•Privacy invasion
•Improper and insecure storage and delivery

                               What they say ≠ what they do
                               What they say ≠ what they are

                                        PEP05 Edinburgh July 25 2005
             Informed consent
- Required by EU law: 1995 and 2002 Data Protection
- ??? Consent can be dealt with by ticking off checkbox
  on web site???

                                       PEP05 Edinburgh July 25 2005
                Informed consent
            is a continuous process
• Disclosure
    – Nature of the personal data collected
    – Organisation’s objectives and its effects for users, including
      sharing data with other organisations and their objectives
    – Alternatives when no or just some information is collected
    – Relevant risks, benefits and uncertainties
•   Comprehension
•   Voluntariness
•   Competence
•   Agreement

                                                 PEP05 Edinburgh July 25 2005

To top