Exploring Privacy Notification and Control Mechanisms for Proximity-Aware Tablets

Exploring Privacy Notification and Control Mechanisms for Proximity-Aware Tablets

Huiyuan Zhou (Dalhousie University, Canada), Vinicius Ferreira (Federal University of São Carlos, Brazil), Thamara Silva Alves (Federal University of São Carlos, Brazil), Bonnie MacKay (Dalhousie University, Canada), Kirstie Hawkey (Dalhousie University, Canada) and Derek Reilly (Dalhousie University, Canada)
DOI: 10.4018/978-1-5225-7113-1.ch087
OnDemand PDF Download:
No Current Special Offers


In hospitals, offices and other settings, professionals face the challenge of accessing and sharing sensitive content in public areas. As tablets become increasingly adopted in work environments, it is important to explore ways to support privacy that are appropriate for tablet use in dynamic, mobile workflows. In this research we consider how spatial information can be utilized to support both individual and collaborative work in a natural way while respecting data privacy. We present a proof-of-concept implementation of a proximity-aware tablet, and a range of privacy notification and control mechanisms designed for such a tablet. Results from a user study support the idea that interpersonal distance and orientation can be used to mediate privacy management for tablet interfaces. Selecting a specific design for privacy threat notification and response is highly context-dependent—for example, in health care the first priority is to not impede the fluid exchange of information.
Chapter Preview


It has long been recognized that there is an inherent trade-off between privacy and data utility (Boyle et al. 2009; Mohammed et al. 2009). For example, in video media spaces where groups of geographically distributed people collaborate using always-connected video channels, some privacy is sacrificed so collaborators can gain better mutual awareness (Parkin et al. 2011). This tradeoff is intensified in areas where both highly sensitive data and dynamic collaboration are essential aspects of the workflow. For instance, in a hospital context health professionals need to carry, share, and discuss private patient data (medical history, diagnosis, treatment, prognosis, etc.). As an increasing number of health professionals are using tablets for electronic health record (EHR) management and other clinical documentation (Epocrates, 2013), privacy issues in the hospital context are in the spotlight. For example, Garson et al. (2008) addressed privacy concerns by automatically purging sensitive files as people bring their tablet out of a designated working area. However, not much attention has been given to tablet screen privacy in hospitals and other health care contexts.

Proximity-based interaction research investigates how spatial relationships (distance, position, orientation, movement, etc.) among entities (e.g., people, devices, non-digital objects) can mediate the interaction between them. Privacy has been a core theme in this research. Greenberg et al. (2011) used the distance between people and devices to dynamically adjust audio and video fidelity to mitigate privacy concerns. Brudy et al.(2014) explored how proximity information can be exploited to provide awareness of shoulder surfing moments through visual cues (e.g. flashing border, 3D model) and also protect information (e.g. black out the window) on large public displays. However, it is not clear how spatial information might be used to enhance privacy on more personal, movable tablets where privacy can easily be managed by existing physical mechanisms (e.g. reorienting the display or ourselves). Moreover, to the best of our knowledge, no user evaluation of proxemics-driven protection mechanisms has been reported in the literature to date.

Since health professionals already maintain privacy with proximity (e.g. leaning closer to a collaborator, sheltering sensitive documents, or holding up a hand to cover one’s mouth when speaking) (Murphy et al., 2014), we might use these behaviors to trigger privacy protection mechanisms to give enhanced protection. For example, if a health professional holds a tablet closer to his/her body, sensitive patient information (e.g., name, pictures) could be automatically hidden.

Our work extends proximity-based interaction research concerning privacy in three ways:

  • We focus on dynamic mobile environments and tablet interfaces;

  • We emphasize health care contexts in our design work;

  • We explore privacy management during collaboration (specifically while sharing documents).

In this paper we present initial designs of a proximity-aware tablet interface that notifies the tablet user of potential privacy threats, and/or adapts screen content dynamically to protect privacy. We also present a user study designed to get feedback about the concept in general, and about specific interface design elements. Overall, our participants preferred a signal strength metaphor with a redundant colour coding to indicate privacy threat, but cited benefits of alternative designs. Results also show that while all privacy protection mechanisms should minimize the effect of protection on the flow of information, the specific privacy mechanism to use can depend on both the nature of the content and the context of use.

Complete Chapter List

Search this Book: