Decisions about sharing personal information are not trivial, since there are many legitimate and important purposes for such data collection, but often the collected data can reveal sensitive information about individuals. Privacy-preserving technologies, such as differential privacy (DP), can be employed to protect the privacy of individuals and, furthermore, provide mathematically sound guarantees on the maximum privacy risk. However, they can only support informed privacy decisions, if individuals understand the provided privacy guarantees. This article proposes a novel approach for communicating privacy guarantees to support individuals in their privacy decisions when sharing data. For this, we adopt risk communication formats from the medical domain in conjunction with a model for privacy guarantees of DP to create quantitative privacy risk notifications. We conducted a crowd-sourced study with 343 participants to evaluate how well our notifications conveyed the privacy risk information and how confident participants were about their own understanding of the privacy risk. Our findings suggest that these new notifications can communicate the objective information similarly well to currently used qualitative notifications, but left individuals less confident in their understanding. We also discovered that several of our notifications and the currently used qualitative notification disadvantage individuals with low numeracy: these individuals appear overconfident compared to their actual understanding of the associated privacy risks and are, therefore, less likely to seek the needed additional information before an informed decision. The promising results allow for multiple directions in future research, for example, adding visual aids or tailoring privacy risk communication to characteristics of the individuals.
翻译:关于分享个人信息的决定并非微不足道,因为此类数据收集有许多合法和重要的目的,但所收集的数据往往能够揭示有关个人的敏感信息。隐私保护技术,例如不同的隐私(DP),可以用来保护个人隐私,并且对最大隐私风险提供数学上可靠的保障。然而,这些决定只能支持知情的隐私决定,只要个人理解所提供的隐私保障,它们只能支持知情的隐私决定。本条款提出一种新的方法,在共享数据时,传递隐私保障,以支持个人的隐私决定。为此,我们采用了医疗领域的风险通信格式,以及DP的隐私保障模式,以生成数量性隐私风险通知。我们与343名参与者进行了众包研究,以评价我们的通知如何很好地传达隐私风险信息,以及参与者对自身对隐私风险理解的自信。我们的调查结果表明,这些新通知可以很好地传达客观信息,类似于目前使用的定性通知,但个人对理解能力不足。我们还发现,我们的一些通知和目前使用的定性通知对低识数的个人不利:与他们对相关隐私风险的实际理解相比,这些个人似乎过于自信。我们与343名参与者一道,我们进行了一项来自多方来源的研究,因此,因此不太可能在获取更多了解隐私风险。