Why using information flows in Privacy-by-Design can be harmful? Our new paper tries to tackle this question: “User-Centered Privacy-by-Design: Evaluating the Appropriateness of Design Prototypes“, which is now published in the International Journal of Human-Computer Studies. The paper, written by Oshrat Ayalon and Eran Toch, takes a deep look the design side of Privacy-by-Design, the leading approach to create systems that respect people’s privacy.

The paper asks how framing system designs affect the way people perceive privacy harms. Specifically, we are interested to know what is the effect of framing computing systems’ features using information flows, which are the common way to discuss systems in privacy impact assessments.

Information flows of smart metering from Victoria State

Based on a sample of 665 participants (Mechanical Turk crowd workers and students at Tel Aviv University),  we show that the framing of computing systems’ features using data flows results in features’ evaluations that are less critical, compared to using descriptions of personal experiences. We also found, based on the student sample, that students with professional engineering experience are less critical than those with no work experience when assessing the features’ appropriateness.

Feature’s appropriateness versus the type of information framing.

Our findings highlight the necessity of involving users during the development process and specifically in the context of privacy. For example, people with engineering-related work experience might perceive the systems as more appropriate than students with no work experience. Different perceptions, backgrounds, and framings, affect the feature’s evaluated appropriateness and are necessary for reducing privacy risks.