Company and User Acceptance of Electronic Privacy Negotiation Technologies

Motivation

Information technology advances are making Internet and Web-based system use the common choice in many application domains, ranging from business to health care to scientific collaboration and distance learning. However, adaption is slowed by well-founded concerns about privacy, especially given that data collected about individuals is being combined with information from other sources and analyzed by powerful tools (such as data mining tools) [Anton et. al].

Numerous consumer surveys have revealed that computer users are very concerned about their privacy online [Kobsa]. By publishing privacy profiles, P3P statements and intelligent choice of interface design element companies can increase their customers trust in the company’s privacy policy.

This thesis shall (i) investigate possible privacy issues in e-commerce applications, (ii) describe privacy frameworks and technologies suitable of protecting the user’s privacy, (iii) describe and categorize the handling of privacy issues and (iv) determine how users respond to privacy assertion measures.

Tasks

• Privacy - approaches (normative, privacy-enhanced technology, …)
• Describe Frameworks for specifying privacy policies (P3P, APPEL, EPAL)
• Investigate whether companies (e.g. the top 100 Fortune 1000 companies/austrian top 100, …) use P3P-profiles and whether they correspond to their written counterparts.
  • classify privacy policies (categories; which ones are used by which kind of company?)
  • compare written privacy policies with their P3P counterparts
• How is privacy perceived by customers (questionnaire)
  • determine: how well written are privacy policies
  • do customers read privacy statements (compare: literature)
  • do these statements influence their willingness to disclosure information
  • what other site elements affect the customer’s trust in the company (and its products)

Literature to start

• [Anton et. al] Antón, A. I., Bertino, E., Li, N., and Yu, T. 2007. A roadmap for comprehensive online privacy policy management. Commun. ACM 50, 7 (Jul. 2007), 109-116.
• [Kobsa] Kobsa, A. 2007. Privacy-enhanced personalization. Commun. ACM 50, 8 (Aug. 2007), 24-33.
• [Platform for Privacy Preferences (P3P) Project http://www.w3.org/P3P/]