Development of Personal Information Privacy Concerns Evaluation

Development of Personal Information Privacy Concerns Evaluation

Anna Rohunen (University of Oulu, Finland) and Jouni Markkula (University of Oulu, Finland)
Copyright: © 2018 |Pages: 10
DOI: 10.4018/978-1-5225-2255-3.ch421

Abstract

Personal data is increasingly collected with the support of rapidly advancing information and communication technology, which raises privacy concerns among data subjects. In order to address these concerns and offer the full benefits of personal data intensive services to the public, service providers need to understand how to evaluate privacy concerns in evolving service contexts. By analyzing the earlier used privacy concerns evaluation instruments, we can learn how to adapt them to new contexts. In this article, the historical development of the most widely used privacy concerns evaluation instruments is presented and analyzed regarding privacy concerns' dimensions. Privacy concerns' core dimensions, and the types of context dependent dimensions, to be incorporated into evaluation instruments are identified. Following this, recommendations on how to utilize the existing evaluation instruments are given, as well as suggestions for future research dealing with validation and standardization of the instruments.
Chapter Preview
Top

Introduction

Personal data collection and utilization are increasingly taking place today as a part of the application of personal data intensive systems and services. Both individuals and data collecting organizations benefit from this. Personal data are collected and processed by private companies and public organizations for various purposes, for example, for delivery of more personalized services and for marketing. Despite its usefulness, extensive personal data collection raises privacy concerns among data subjects, and these concerns are also discussed in public very often. For example, vehicle GPS tracking-based kilometer taxation has been recently under debate. This debate has shown that vehicle tracking data can also be used for purposes other than taxation, and that it can be combined with other data, for example, for producing traffic information services by private or public organizations. Information privacy concerns derive from data subjects’ desire to not be monitored, and their worries about the consequences of the use of their data. Privacy concerns often decrease data subjects’ willingness to disclose their personal data or to use services that require personal data disclosure. For this reason, privacy concerns may lead to non-adoption of new services and technologies, dropping out of them, or a decline in data disclosure (i.e., omitting data or providing false information). To address these issues, we need to understand how to evaluate privacy concerns in current and future evolving service development contexts. We need insights into how privacy concerns have been evaluated in earlier contexts in order to adapt evaluations to new contexts.

In many countries, legislation sets the foundation for protecting personal data privacy and provides a framework for implementing privacy protection methods and technologies. However, it does not really suppress privacy concerns of the data intensive services’ users. People’s privacy concerns need to be understood to apply legislation in present-day data collection contexts, characterized by rapid technological change, expanded data collection, diverse uses for collected data, and possibilities to monitor individuals’ behavior and combine data from different sources. This understanding can be gained with well-designed privacy concerns evaluation instruments. When privacy concerns are evaluated and analyzed, their negative effects on personal data disclosure can be mitigated. In this way, more efficient promotion of personal data intensive services and realization of their benefits for both service users and providers can be reached. In practice, privacy concerns can be addressed by various means based on their evaluation. First, the means of privacy protection and the real risks of data disclosure can be communicated to the data subjects and the general public. Second, data subjects can be given control over their information, and benefits can be offered to them for disclosing information. Third, privacy-preserving systems and service design can be facilitated by taking service users’ privacy concerns into account.

Several researchers have contributed to development of information privacy concerns evaluation instruments since the beginning of the 1990s. Due to evolving technologies and new data collection contexts, the existing instruments do not necessarily match data subjects’ privacy concerns anymore. Therefore, the validity of these instruments should be examined for their subsequent development and use. We have addressed this challenge by carrying out an analysis of the most widely used privacy concerns evaluation instruments. Through this analysis, we have gathered information specifically on different aspects of individuals’ privacy concerns (referred to as privacy concerns’ dimensions in the instruments) and how they should be taken into account in the instruments’ development. We have identified both privacy concerns’ core dimensions that have remained unchanged in the evaluations with time and the types of context dependent dimensions to be incorporated into evaluation instruments. When summarizing the results of our analysis, we pay attention to the fact that in addition to being valid and up-to-date, evaluation instruments should also be made easy-to-use enough. In this way, they can be applied to the practical development of personal data intensive services.

Key Terms in this Chapter

Information Privacy Concerns: An individual’s concerns about collection, processing, and use of information about him/her, and about the related consequences.

Privacy Concerns Evaluation Instrument: A way or method to measure individuals’ privacy concerns, for example, a survey.

Personal Data Intensive Services: Services substantially based on collection, processing, and utilization of users’ personal data for service provision. These services can be produced by private companies, public sector organizations, or non-governmental parties.

Information privacy: An individual’s capability to control disclosure of information about him/her to others by determining the type, extent, uses, and users of the data to be disclosed.

Personal Data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity (EC Directive 95/46/EC).

Complete Chapter List

Search this Book:
Reset