A User-Centric Approach to Usable Privacy for IoT Trigger-Action Platforms
Licentiatavhandling, 2025
This licentiate thesis analyzes the diversity of Internet of Things (IoT) Trigger-Action Platforms (TAPs) users' privacy concerns and preferences for proposing privacy profiles as a basis for usable privacy management. IoT TAPs host applications created by users or service providers based on automated interactions between IoT devices and online services. Despite the benefits of TAPs, their automation capabilities raise privacy concerns, as they necessitate the collection and sharing of personal data. The research presented in this thesis is the first step for a human-centred design for a usable privacy permission system for IoT TAPs.
The research, grounded in a triangulation approach, combines qualitative insights from focus groups with a large-scale quantitative survey (N=301) and expert reviews. Initial focus groups explored user-defined privacy factors concerning TAPs, revealing concerns, especially regarding transparency, control, confidentiality and trust. These qualitative findings were then used to find differences and similarities between IoT TAP and general IoT for investigating specific privacy factors for IoT TAPs that go beyond those that users have for general IoT, such as their reliance on automation and the integration of trigger-action functionalities. Second, these findings provided input for the development and validation of a comprehensive questionnaire to measure users' privacy concerns and data sharing preferences in various TAP scenarios. The quantitative study based on the questionnaire identified three clusters: High Privacy, Medium Privacy, and Basic Privacy which were each characterized by data sharing preferences. This clustering forms the basis for proposing privacy profiles that can guide the design of more usable privacy management systems for TAPs. It supports a context-specific approach to privacy management.
The three studies provide directions to a recommendation system for enhancing privacy within the evolving context of IoT TAPs, towards personalized privacy assistants.
The research, grounded in a triangulation approach, combines qualitative insights from focus groups with a large-scale quantitative survey (N=301) and expert reviews. Initial focus groups explored user-defined privacy factors concerning TAPs, revealing concerns, especially regarding transparency, control, confidentiality and trust. These qualitative findings were then used to find differences and similarities between IoT TAP and general IoT for investigating specific privacy factors for IoT TAPs that go beyond those that users have for general IoT, such as their reliance on automation and the integration of trigger-action functionalities. Second, these findings provided input for the development and validation of a comprehensive questionnaire to measure users' privacy concerns and data sharing preferences in various TAP scenarios. The quantitative study based on the questionnaire identified three clusters: High Privacy, Medium Privacy, and Basic Privacy which were each characterized by data sharing preferences. This clustering forms the basis for proposing privacy profiles that can guide the design of more usable privacy management systems for TAPs. It supports a context-specific approach to privacy management.
The three studies provide directions to a recommendation system for enhancing privacy within the evolving context of IoT TAPs, towards personalized privacy assistants.
Human-Computer Interaction
Privacy Concerns
Privacy Preferences
User-Centric Design
Internet of Things
Trigger-Action Platform
EC, EDIT building, Campus Johanneberg, Rännvägen 6B, Gothenburg
Opponent: Steven Furnell, University of Nottingham, United Kingdom
Författare
Piero Romare
Chalmers, Data- och informationsteknik, Informationssäkerhet
User-Driven Privacy Factors in Trigger-Action Apps: A Comparative Analysis with General IoT
IFIP Advances in Information and Communication Technology,;Vol. 695 IFIPAICT(2024)p. 244-264
Paper i proceeding
Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms
2023 20th Annual International Conference on Privacy, Security and Trust, PST 2023,;(2023)
Paper i proceeding
Romare, P. Karegar, F. Fischer-Hübner, S. Towards Usable Privacy Management for IoT TAPs: Deriving Privacy Clusters and Preference Profiles
Styrkeområden
Informations- och kommunikationsteknik
Ämneskategorier (SSIF 2011)
Data- och informationsvetenskap
Utgivare
Chalmers
EC, EDIT building, Campus Johanneberg, Rännvägen 6B, Gothenburg
Opponent: Steven Furnell, University of Nottingham, United Kingdom