Informed Consent to Address Trust, Control, and Privacy Concerns in User Profiling Thea van der Geest, Willem Pieterson, Peter de Vries

Administrative burden Background: Governments as form factories Jobseekers allowances Tax repayment National insurance Child care benefits Incapacity benefits Reduced earnings allowance Study loans etc, etc, etc PEP05 Edinburgh July

Objectives of e-government UK Inland revenue, for example: “a target of 100% all government services to be available on-line by 2005 and to achieve 50 % take up of those services” “ Delivering public services that are high quality and efficient, […] exploiting to the full technological opportunities and seeking to operate simpler processes” PEP05 Edinburgh July

E-strategy PEP05 Edinburgh July Customer focus […] personalised services […] focused on needs of different customer segments Effective contact […] effective handling of customer contact […] automatic calculation […] Range of channels […] provide customers with relevant and tailored information services Simplification[…] selfserve […] infrastructure for automatic exchange of data […] ConsistencyProviding accurate, up to date information to customers […] From:

The Alter Ego project on user profiling PEP05 Edinburgh July Organisation ICT application User User profile system

A thought experiment PEP05 Edinburgh July

Defining the user profile A user profile is a (structured) data record, containing user-related information, such as …. – Identifiers – Characteristics – (Dis-)abilities – Needs and interests – Preferences – Personality traits – Previous behaviour in contexts relevant for predicting and influencing future behaviour …. supporting communication, interaction and transaction between organisations and their clients. PEP05 Edinburgh July

Literature review What are the conditions for acceptance and intention to use by users? -Acceptance of the technology -Acceptance of the collection of data for creating and maintaining a user profile -Acceptance of the use/application of the user profile PEP05 Edinburgh July

Major factors determining acceptance Trust Control Privacy concerns Access PEP05 Edinburgh July

Trust Multilayered, e.g. Propensity to trust –“Stable” personality trait Trust in the organisation –Perceived shared values, commitment –Quality of communication, experience –Perceived benefits, perceived risks Trust in the technology –Consistency, perceived ease of use –Perceived benefit of technology PEP05 Edinburgh July

Control Sense of being in charge of: -Technology used (self-efficacy) -Transaction with organisation But also in charge of: -(The quality of the) personal information -To whom information is provided -Application of the information in new situations PEP05 Edinburgh July

Privacy concerns = data protection? What they say ≠ what they do What they say ≠ what they are PEP05 Edinburgh July Improper acquisition of information Improper use of information Privacy invasion Improper and insecure storage and delivery

Informed consent -Required by EU law: 1995 and 2002 Data Protection Directives -??? Consent can be dealt with by ticking off checkbox on web site??? PEP05 Edinburgh July

Informed consent is a continuous process Disclosure –Nature of the personal data collected –Organisation’s objectives and its effects for users, including sharing data with other organisations and their objectives –Alternatives when no or just some information is collected –Relevant risks, benefits and uncertainties Comprehension Voluntariness Competence Agreement PEP05 Edinburgh July