Am I Private and If So, how Many? -- Communicating Privacy Guarantees of Differential Privacy with Risk Communication Formats

Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/GutachtenBeitrag in KonferenzbandBeigetragenBegutachtung

Beitragende

  • Daniel Franzen - (Autor:in)
  • Saskia Nuñez von Voigt - (Autor:in)
  • Peter Sörries - (Autor:in)
  • Florian Tschorsch - , Technische Universität Berlin, Humboldt-Universität zu Berlin (Autor:in)
  • Claudia Müller-Birn - (Autor:in)

Abstract

Every day, we have to decide multiple times, whether and how much personal data we allow to be collected. This decision is not trivial, since there are many legitimate and important purposes for data collection, for examples, the analysis of mobility data to improve urban traffic and transportation. However, often the collected data can reveal sensitive information about individuals. Recently visited locations can, for example, reveal information about political or religious views or even about an individual's health. Privacy-preserving technologies, such as differential privacy (DP), can be employed to protect the privacy of individuals and, furthermore, provide mathematically sound guarantees on the maximum privacy risk. However, they can only support informed privacy decisions, if individuals understand the provided privacy guarantees. This article proposes a novel approach for communicating privacy guarantees to support individuals in their privacy decisions when sharing data. For this, we adopt risk communication formats from the medical domain in conjunction with a model for privacy guarantees of DP to create quantitative privacy risk notifications. We conducted a crowd-sourced study with 343 participants to evaluate how well our notifications conveyed the privacy risk information and how confident participants were about their own understanding of the privacy risk. Our findings suggest that these new notifications can communicate the objective information similarly well to currently used qualitative notifications, but left individuals less confident in their understanding. We also discovered that several of our notifications and the currently used qualitative notification disadvantage individuals with low numeracy: these individuals appear overconfident compared to their actual understanding of the associated privacy risks and are, therefore, less likely to seek the needed additional information before an informed decision. The promising results allow for multiple directions in future research, for example, adding visual aids or tailoring privacy risk communication to characteristics of the individuals.

Details

OriginalspracheEnglisch
TitelCCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Seiten1125 - 1139
Seitenumfang15
ISBN (elektronisch)9781450394505
PublikationsstatusVeröffentlicht - Nov. 2022
Peer-Review-StatusJa
Extern publiziertJa

Externe IDs

Scopus 85143049353

Schlagworte

Schlagwörter

  • communication, differential privacy, privacy, privacy risk