Eliciting Design Guidelines for Privacy Notifications in mHealth Environments

Abstract: The possibilities of employing mobile health (mhealth) devices for the purpose of self-quantification and fitness tracking are increasing; yet few users of online mhealth services possess proven knowledge of how their personal data are processed once the data have been disclosed. Ex post transparency-enhancing tools (TETs) can provide such insight and guide users in making informed decisions with respect to intervening with the processing of their personal data. At present, however, there are no suitable guide… Show more

“…To motivate the design requirements for our prototypical implementation (Section 5), we touch on sources related to design principles, guidelines and concrete requirements pertaining to both ex ante and ex post transparency. The groups of authors referenced here either draw on normative and systematic elicitation of their findings (Bravo-Lillo et al (2011), Schaub et al (2017), Murmann and Fischer-Hübner (2017), Murmann (2019), and Data Protection Working Party (2016)), or on user studies that elicit or evaluate respective outcomes (Thomas et al (2014), Cruzes and Jaatun (2015), Bravo-Lillo et al (2011), andSchaub et al (2017) present classification systems structured as legal and humancentered requirements, an analysis of the design space, and a discussion of the factors related to user interaction. Many facets of their respective taxonomies have carried over to privacy notifications, especially to the presentational aspects thereof.…”

“…Transparency obtained in the course of the transaction may have an immediate effect on the decision-making process. Conversely, ex post transparency typically reflects a decoupled relationship between the original cause that triggered a notification, and the asynchronous information displayed thereupon (Murmann, 2019). Users may not remember whether and why they made individual decisions in the past.…”

“…The requirements engineering process underlying our research pursues the traditional phases of eliciting, analyzing, and validating the requirements for the design of a technological artifact (see e. g. Sommerville, 2005). The final set of the design requirements presented in Section 5 is based on the findings presented in previous work (Murmann, 2019), which proposes guidelines for the design of a TET that operates on the basis of privacy notifications. These guidelines reconcile the findings pertaining to two independent research fields.…”

“…Jointly, both fields have led to the proposal of design guidelines that contextualize the notion of receiving privacy notifications on mobile phones. The guidelines thus proposed reflect principles encountered during the four interaction phases conceptualized for privacy notifications (Murmann, 2019): Configuration, Delivery, Presentation, and Intervention (Figure 2). As will be explained in Section 3.3, considering matters pertaining to the delivery of notifications was beyond the scope of this paper.…”

“…Privacy notification draw on various interaction paradigms established for the ecosystem of mobile phones, which in turn reflect behavioral patterns exhibited by the users of these devices. A recurring pattern is the habit of consuming relevant information in the form of contextualized messages rather than querying respective sources on one's own (Murmann, 2019). Reflecting individual usage behavior and preferences for transparency, privacy notification pose an interesting candidate for leveraging the merits of a device that is as omnipresent as a mobile phone.…”

From Design Requirements to Effective Privacy Notifications: Empowering Users of Online Services to Make Informed Decisions

“…To motivate the design requirements for our prototypical implementation (Section 5), we touch on sources related to design principles, guidelines and concrete requirements pertaining to both ex ante and ex post transparency. The groups of authors referenced here either draw on normative and systematic elicitation of their findings (Bravo-Lillo et al (2011), Schaub et al (2017), Murmann and Fischer-Hübner (2017), Murmann (2019), and Data Protection Working Party (2016)), or on user studies that elicit or evaluate respective outcomes (Thomas et al (2014), Cruzes and Jaatun (2015), Bravo-Lillo et al (2011), andSchaub et al (2017) present classification systems structured as legal and humancentered requirements, an analysis of the design space, and a discussion of the factors related to user interaction. Many facets of their respective taxonomies have carried over to privacy notifications, especially to the presentational aspects thereof.…”

“…Transparency obtained in the course of the transaction may have an immediate effect on the decision-making process. Conversely, ex post transparency typically reflects a decoupled relationship between the original cause that triggered a notification, and the asynchronous information displayed thereupon (Murmann, 2019). Users may not remember whether and why they made individual decisions in the past.…”

“…The requirements engineering process underlying our research pursues the traditional phases of eliciting, analyzing, and validating the requirements for the design of a technological artifact (see e. g. Sommerville, 2005). The final set of the design requirements presented in Section 5 is based on the findings presented in previous work (Murmann, 2019), which proposes guidelines for the design of a TET that operates on the basis of privacy notifications. These guidelines reconcile the findings pertaining to two independent research fields.…”

“…Jointly, both fields have led to the proposal of design guidelines that contextualize the notion of receiving privacy notifications on mobile phones. The guidelines thus proposed reflect principles encountered during the four interaction phases conceptualized for privacy notifications (Murmann, 2019): Configuration, Delivery, Presentation, and Intervention (Figure 2). As will be explained in Section 3.3, considering matters pertaining to the delivery of notifications was beyond the scope of this paper.…”

“…Privacy notification draw on various interaction paradigms established for the ecosystem of mobile phones, which in turn reflect behavioral patterns exhibited by the users of these devices. A recurring pattern is the habit of consuming relevant information in the form of contextualized messages rather than querying respective sources on one's own (Murmann, 2019). Reflecting individual usage behavior and preferences for transparency, privacy notification pose an interesting candidate for leveraging the merits of a device that is as omnipresent as a mobile phone.…”

From Design Requirements to Effective Privacy Notifications: Empowering Users of Online Services to Make Informed Decisions

Enhancing citizens trust in technologies for data donation in clinical research: validation of a design prototype