Abstract
In this paper we present preliminary results from a study of individual differences in privacy beliefs, as well as relate folk definitions of privacy to extant privacy theory. Focus groups were conducted with young adults aged 18–28 and older adults aged 65–75. Participants first shared their individual definitions of privacy, followed by a discussion of privacy in six scenarios chosen to represent a range of potentially invasive situations. Taken together, Westin’s and Altman’s theories of privacy accounted for both younger and older adults’ ideas about privacy, however, neither theory successfully accounted for findings across all age and gender groups. Whereas males tended to think of privacy in terms of personal needs and convenience, females focused more on privacy in terms of others, respecting privacy rights, and safety. Older adults tended to be more concerned about privacy of space rather than information privacy. Initial results reinforce the notion that targeting HCI design to the user population, even with respect to privacy, is critically important.
Keywords: Privacy, focus group methodology, age differences, gender differences
ACM Classification Keywords: K.4.1. [Computers and Society]: Public Policy Issues, J.4 Social and Behavioral Sciences
Introduction
As the way we interact with our world becomes more virtual we are being asked to disclose information about our lives in entirely new ways. To interact with many sites, users must create online identities and are required to divulge pieces of information that some consider private (social security numbers, bank account numbers, mother’s maiden name, etc.). Websites such as Facebook and MySpace have shed new light on fundamental questions about representations of self, both on and off-line. What information should be publically available and which information is considered private have both been the topic of mass media [4] and scholarly [9] attention.
Given the increase in necessary disclosures online, designing for privacy is important, some say critical, in helping users feel comfortable, safe, and private while interacting with technologies. Designers must understand the characteristics of systems that users perceive to influence their privacy. But how is this done? How does one design something to be private? Some designers have approached the privacy problem by adding privacy/sharing features that allow users to specify what information they wish to share and who they wish to share it with. Other technologies such as banking or health technologies, for example, apply a blanket privacy policy. But what are the best ways to help users understand the privacy decisions they are making?
To begin to design technologies that users perceive as privacy protective, one must understand what privacy is, and what users’ conceptual model of privacy is. Oft cited definitions of privacy stem from the work of Alan Westin [15] and Irwin Altman [1] from the 1960s and 1970s [12]. Westin’s theory describes privacy as the control over how information about a person is handled and communicated to others [12]. Altman added that privacy includes limiting social interaction and included regulating personal space and territory [1].
Though researchers within HCI often mention the work of Westin and Altman, many focus on narrow topics such as online self-disclosure in a particular domain like ecommerce [2], social networking [5], information sharing [14] or location sharing preferences [11]. While these studies do address aspects of privacy in a specific realm, what they leave to be desired is a contribution to the broader understanding of perceptions of privacy across contexts.
Researchers cite two reasons for the avoidance of studying privacy as a whole. One reason is the lack of an agreed upon definition of privacy [13]. The other is that problems arise in attempting to draw general conclusions because “privacy means different things to different people” [9]. If privacy does mean different things to different people, it is surprising then that few attempts have been made to study individual differences, as this understating might provide the biggest insight into how to successfully design for privacy.
A review of the literature on privacy suggests that there are certain components that are critical to perceptions of privacy. However, at the level of an individual, privacy perceptions may be more idiosyncratic [6]. Our goals in the present study are to understand the privacy views of individuals – young and old, male and female, to inform the design process at the individual level. We conducted a focus group study to investigate folk beliefs about privacy and to determine whether common issues arise in privacy perspectives across contexts as well as across individuals. This methodology provides a rich corpus of data that will enable us to determine how people think about privacy in the context of everyday activities, including those related to technology, and to link these views to extant theories of privacy.
Method
Participants
Participants were 26 students at Georgia Institute of Technology and 6 older adults (data collection with older adults is ongoing, we hope to run an additional 20 older adult participants). Students were recruited using the psychology participant pool at Georgia Tech and by recruitment emails directed at undergraduate students. The older adults were drawn from a participant pool of adults aged 65 – 80. Four younger adult focus group sessions and one older adult session were conducted with 6–8 participants in each session. To promote disclosure [10], encourage discussion, and enable analysis of differences across sessions groups were kept homogenous with respect to gender and age. Of the 26 younger adult participants (aged 18 to 28), 13 were male and 13 were female. Participants were compensated with course credit or with $10 an hour for 3 hours of their time.
Materials
Forms and questionnaires
Participants were asked to rank 8 privacy beliefs on a Likert scale to assess their base privacy attitudes and allow for categorization into one of three Westin classifications of privacy concern [6, 8]. These privacy attitudes included overall privacy beliefs (e.g. “Existing laws and organizational practices provide a reasonable level of protection for consumer privacy today”) and online privacy beliefs (e.g. “I am concerned about online identity theft”) based on Jensen et al.’s adaptation of Westin’s segmentations [7]. Participants also completed a questionnaire to determine technology usage (history, breadth of technology use, and time spent using such technologies), as well as a demographic and health questionnaires.
Focus Group Script
The focus group script was designed to elicit participants’ individual definitions of privacy and what privacy means to them individually, as well as their opinions about privacy in the context of six scenarios with semi-structured follow-up probes.
Procedure
Participants provided their privacy attitudes at least 24 hours prior to the focus group session to minimize bias on the content of the discussion. The rest of the questionnaires (e.g. demographics forms) were completed during the course of the session.
Privacy Definitions
The first task given to participants was to write down their individual definition of privacy and their idea of what privacy means to them. After working individually and recording these initial responses, participants collectively brainstormed about privacy definitions, explored ideas only some group members had mentioned in their definitions, and discussed ideas about privacy that were not shared by all group members. Participants were encouraged to share personal stories with the group as they discussed privacy definitions and were asked to discuss the last time privacy had come to their mind prior to the present study.
Privacy Scenarios
The remainder of the focus group session was devoted to discussion of six scenarios. Scenarios were chosen to provide participants with a wide range of topics for discussion, including topics commonly observed in discussions of privacy (e.g. identity theft, surveillance, health disclosure) broadly represented the information-based and boundary-based privacy theories of Westin and Altman [12].
Each scenario description was followed up by multiple probes aimed at digging deeper into the reasons for privacy beliefs and reported behaviors. For example, after discussing the scenario related to storing a lifetime of photos follow up questions assessed whether different views might exist when photos were stored using another medium (e.g. a scrapbook, or an online photo album), having a smaller set, choosing who sees the set of photos, or having a set with sensitive pictures. These probes were also chosen keeping in mind the four design dimensions affecting awareness and acceptance of monitoring within cooperative workplaces offered by Bellotti and Sellen [3], namely capture (the nature of the information), construction (how the information is stored), accessibility (who has access to the information), and purpose (why people want the data) and the design criteria proposed by Jensen, Tullio, Potts & Mynatt [7] such as notice/awareness, choice/consent, integrity/security, and enforcement/redress.
Results
Privacy Attitudes
The majority of the participants (82%) were categorized as privacy pragmatists, who “have strong feelings about privacy” and want to protect themselves from privacy invasions, yet are often willing to allow people to have access to their information at some times [6, 8]. While the percentage of pragmatists is much higher (82% in our sample vs. 64% in the Harris Poll [6]) than expected, this may be due to our initial sample being skewed heavily by younger adults. In fact, 3 of the 5 privacy fundamentalists (those who feel they have lost their privacy altogether) in our sample were older adults.
Privacy Definitions
A bottom-up coding scheme was applied to the individually written privacy definitions. The fundamental ideas that participants mentioned most often were that privacy involves other people (59%) and information of one form or another (52%). Supporting those fundamental beliefs, younger adults brought up ideas of control (i.e. controlling a piece of information, 26%), decisions (about what to do with the information, 30%), disclosure (whether to share the information, 41%), and non-disclosure (whether to keep the information to yourself, 37%). Issues about consent and confidentiality were also raised in discussion about whether or not to disclose something and when to disclose. Younger adults also talked about the right to privacy (22%), and the mutual respect (15%) that one should be given in regards to personal information (11%). While examples of all of the privacy states developed by Westin (reserve, solitude, intimacy, and anonymity) were mentioned, younger adults tended to define privacy in terms of what Westin calls reserve, or the desire to limit disclosures to others [12].
Gender Differences
Although overall participants from both genders discussed privacy in terms of control, there were some differences in factors motivating the desire for control across genders. Females were more likely to talk about privacy involving others (71%) than males (46%). In addition, females brought up topics that none of the males in the study mentioned, such as respect (29%), seclusion (21%), and the ‘personal’ nature of privacy (21%), as well as mentioning safety (14%) and having to protect one’s privacy (14%).
On the other hand, males tended to raise issues of personal needs in privacy such as convenience and being bothered by granting access to certain information, mentioning privacy as having freedom (8%), being anonymous (8%), comfort (8%), or not being seen or heard (8%).
Age Differences
Although still in the data collection phase, we have already begun to notice differences in the privacy definitions of older adults based on a qualitative analysis of the first focus group of 6 older adult females. The biggest difference is that older adults tended to define privacy in terms of space instead of information. For example, having one’s own space and invasions into one’s home were topics discussed. In addition, when older adults did define privacy as information, they tended to have a different idea of what this information was. In their privacy definitions, older adults mention private information as something that is given to them: a legal document, health information, their social security number, or a secret that a friend confides in them, whereas younger adults had a much broader conceptualization of information.
Conclusions and Future Work
Initial results suggest that males and females may think about privacy in different ways, as well as indicate that there may be differences between older and younger adults. While analysis is not complete, the data analyzed thus far indicate that Westin’s theory of information privacy better accounts for younger adults’ ideas about privacy whereas Altman’s theory of spatial privacy better accounts for older adults’ ideas about privacy.
The differences in the concept of privacy across age group and gender are important both in terms of refining privacy theory and for design. For example, knowing that younger adults think of privacy in terms of information should motivate designers to provide options to safeguard such personal information. However, this feature may not be as relevant for an older adult population, unless the information is ‘official,’ such as health records or legal documents.
As many researchers have claimed, privacy may be different for everyone. The data we have presented begins to narrow in on these individual differences in privacy definitions. Once analysis is complete, we will be able to draw connections between individual differences and specific scenarios, providing a much richer insight into how privacy beliefs vary person to person.
| Example Scenarios | |
|---|---|
| Surveillance | “Your city is trying to crack down on traffic violations by installing a traffic camera on every stoplight.” |
| Location tracking | “You are using a cell phone with a tracking device, and you find out that anyone in the world can determine your exact location.” |
| Photo sharing | “You have a lifetime of photos you are thinking of storing on a website.” |
| Self-disclosure & relationship building | “You are having a conversation with your friends at home.” |
| Identity Theft | “You are using your credit card in a restaurant and the waiter takes the card into the other room for 5 minutes.” |
| Health Disclosure | “You have symptoms of an illness that you are discussing with a nurse.” |
P5 – young adult female: “I believe that privacy is keeping information that [one] finds to be personal to yourself. I think it is important that information I find personal can only be divulged by me, in good conscious state, to people that I trust to keep it ‘secret’.”
P17 – young adult male: “Information and experiences from my life that only I, and those people that I deem appropriate, should have access to… specifically, thoughts, emotions, and actions that aren’t necessarily anyone else’s business but my own.”
P29 – older adult female: “Privacy, to me, means keeping confidential the personal information about myself, my family, and my closest friends who have confided in me. In particular, [privacy to me is] about health, interpersonal relationships, and financial status.”
Example privacy definitions show the prevalence of other people, information, and control.
Acknowledgments
This research is supported in part by Deere & Company as well as a grant from the National Institutes of Health (National Institute on Aging) Grant P01 AG17211 under the auspices of the Center for Research and Education on Aging and Technology Enhancement (CREATE).
Contributor Information
Michelle N. Kwasny, School of Interactive Computing, Georgia Institute of Technology, 801 Atlantic Drive, Atlanta, GA 30332 USA
Kelly E. Caine, School of Psychology, Georgia Institute of Technology, 654 Cherry Street, Atlanta, GA 30308 USA
Wendy A. Rogers, School of Psychology, Georgia Institute of Technology, 654 Cherry Street, Atlanta, GA 30308 USA
Arthur D. Fisk, School of Psychology, Georgia Institute of Technology, 654 Cherry Street, Atlanta, GA 30308 USA
References
- 1.Altman I. Privacy: Definitions and Properties. In: Altman I, editor. The Environment and Social behavior: Privacy, Personal Space, Territory, Crowding. Monterey, California: Brooks/Cole Publishing Company; 1975. [Google Scholar]
- 2.Ackerman MS, Cranor LF, Reagle J. Privacy in e-commerce: Examining user scenarios and privacy preferences. Proc ACM Conference on Electronic Commerce. 1999:1–8. [Google Scholar]
- 3.Bellotti V, Sellen A. Proceedings of the Third European Conference on Computer-Supported Cooperative Work. Boston, MA: 1993. Design for privacy in ubiquitous computing environments; pp. 77–92. [Google Scholar]
- 4.Gage D. Privacy laws need better controls, technology, panelists say. San Francisco Chronicle; 2007. December 16, 2007, from http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/12/16/BUGHTUEO6.DTL. [Google Scholar]
- 5.Gross R, Acquisti A. Information revelation and privacy in online social networks. Proceedings of the 2005 Workshop on Privacy in the Electronic Society 2005 [Google Scholar]
- 6.Harris Interactive. The Harris Poll®, #17: Most people are “privacy pragmatists who, while concerned about privacy, will sometimes trade it off for other benefits. 2003 Online: http://www.harrisinteractive.com/harris_poll/index.asp?PID=365 accessed 12-13-2007.
- 7.Jensen C, Tullio J, Potts C, Mynatt ED. STRAP: A Structured Analysis Framework for Privacy. GVU Technical Report;GIT-GVU-05-02 2005 [Google Scholar]
- 8.Jensen C, Potts C, Jensen C. Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies. 2005;63(1–2):203–227. [Google Scholar]
- 9.Karat J, Karat CM, Brodie C. Human-computer interaction viewed from the intersection of privacy, security, and trust. In: Sears A, Jacko JA, editors. The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies and Emerging Applications. 2nd. New York, NY: Lawrence Erlbaum Associates; 2008. [Google Scholar]
- 10.Krueger RA, Casey MA. Focus Groups: A Practical Guide for Applied Research. Thousand Oaks, California: Sage Publications; 2000. [Google Scholar]
- 11.Ludford PJ, Priedhorsky R, Reily K, Terveen L. Capturing, sharing, and using local place information. Paper presented at the Proceedings of the SIGCHI conference on Human factors in computing systems; San Jose, California, USA. 2007. [Google Scholar]
- 12.Margolis ST. On the status and contribution of Westin’s and Altman’s Theories of Privacy. Journal of Social Issues. 2003;59(2):411–429. [Google Scholar]
- 13.Newell PB. Perspectives on privacy. Journal of Environmental Psychology. 1995;15:87–104. [Google Scholar]
- 14.Olson JS, Grudin J, Horbitz E. A study on preferences for sharing and privacy. Proceedings of CHI: Late Breaking Results 2005 [Google Scholar]
- 15.Westin AF. Privacy and freedom. New York: Atheneum; 1967. [Google Scholar]