Beyond the EULA: Improving Consent for Data Mining

Hutton, Luke; Henderson, Tristan

doi:10.1007/978-3-319-54024-5_7

Cited by 29 publications

(8 citation statements)

References 41 publications

(46 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The purpose of the data management covers the use by academic researchers [71], commercial companies [29], and the government [35]. Finally, the parameter of consent describes how the data is managed -without the user's consent, within a signed consent, within a signed consent but without the user being aware, and against the user's consent but within the existing legal framework [33,44,47,63].…”

Section: Stagementioning

confidence: 99%

Assessing MyData Scenarios: Ethics, Concerns, and the Promise

Alorwu

Kheirinejad

Berkel

et al. 2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Public controversies around the unethical use of personal data are increasing, spotlighting data ethics as an increasingly important feld of study. MyData is a related emerging vision that emphasizes individuals' control of their personal data. In this paper, we investigate people's perceptions of various data management scenarios by measuring the perceived ethicality and level of felt concern concerning the scenarios. We deployed a set of 96 unique scenarios to an online crowdsourcing platform for assessment and invited a representative sample of the participants to a second-stage questionnaire about the MyData vision and its potential in the feld of healthcare. Our results provide a timely investigation into how topical data-related practices afect the perceived ethicality and the felt concern. The questionnaire analysis reveals great potential in the MyData vision. Through the combined quantitative and qualitative results, we contribute to the feld of data ethics. CCS CONCEPTS• Human-centered computing → Human computer interaction (HCI); • Security and privacy → Human and societal aspects of security and privacy; Social aspects of security and privacy.

show abstract

Section: Stagementioning

confidence: 99%

Assessing MyData Scenarios: Ethics, Concerns, and the Promise

Alorwu

Kheirinejad

Berkel

et al. 2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…However, these studies only focused on a small subset of apps. Recent years have witnessed increased public awareness of privacy issues [ 10 - 12 ], and users are known to be concerned about the improper use of sensitive data [ 13 ]. This suggests a need to evaluate the broader landscape in order to provide a characterization of privacy risks that can emerge in mHealth apps that are intended for self-tracking.…”

Section: Introductionmentioning

confidence: 99%

Assessing the Privacy of mHealth Apps for Self-Tracking: Heuristic Evaluation Approach

Hutton¹,

Price²,

Kelly³

et al. 2018

JMIR Mhealth Uhealth

Self Cite

105

View full text Add to dashboard Cite

BackgroundThe recent proliferation of self-tracking technologies has allowed individuals to generate significant quantities of data about their lifestyle. These data can be used to support health interventions and monitor outcomes. However, these data are often stored and processed by vendors who have commercial motivations, and thus, they may not be treated with the sensitivity with which other medical data are treated. As sensors and apps that enable self-tracking continue to become more sophisticated, the privacy implications become more severe in turn. However, methods for systematically identifying privacy issues in such apps are currently lacking.ObjectiveThe objective of our study was to understand how current mass-market apps perform with respect to privacy. We did this by introducing a set of heuristics for evaluating privacy characteristics of self-tracking services.MethodsUsing our heuristics, we conducted an analysis of 64 popular self-tracking services to determine the extent to which the services satisfy various dimensions of privacy. We then used descriptive statistics and statistical models to explore whether any particular categories of an app perform better than others in terms of privacy.ResultsWe found that the majority of services examined failed to provide users with full access to their own data, did not acquire sufficient consent for the use of the data, or inadequately extended controls over disclosures to third parties. Furthermore, the type of app, in terms of the category of data collected, was not a useful predictor of its privacy. However, we found that apps that collected health-related data (eg, exercise and weight) performed worse for privacy than those designed for other types of self-tracking.ConclusionsOur study draws attention to the poor performance of current self-tracking technologies in terms of privacy, motivating the need for standards that can ensure that future self-tracking apps are stronger with respect to upholding users’ privacy. Our heuristic evaluation method supports the retrospective evaluation of privacy in self-tracking apps and can be used as a prescriptive framework to achieve privacy-by-design in future apps.

show abstract

“…'It is hard, therefore, to consider them to be free and voluntary arrangements since one party has no power to enact their demands' (Birch, 2016: 124). Companies are routinely caught smuggling dubious clauses into their EULAs; like, for example, requiring users to give up rights to ownership of their data or to restrict what kind of data is collected and how it is used (Hutton and Henderson, 2017). Moreover, EULAs are designed to prevent even the most enterprising person from being informed of the binding terms and conditions.…”

Section: Data Extractionmentioning

confidence: 99%

When data is capital: Datafication, accumulation, and extraction

2019

View full text Add to dashboard Cite

The collection and circulation of data is now a central element of increasingly more sectors of contemporary capitalism. This article analyses data as a form of capital that is distinct from, but has its roots in, economic capital. Data collection is driven by the perpetual cycle of capital accumulation, which in turn drives capital to construct and rely upon a universe in which everything is made of data. The imperative to capture all data, from all sources, by any means possible influences many key decisions about business models, political governance, and technological development. This article argues that many common practices of data accumulation should actually be understood in terms of data extraction, wherein data is taken with little regard for consent and compensation. By understanding data as a form capital, we can better analyse the meaning, practices, and implications of datafication as a political economic regime.

show abstract

Beyond the EULA: Improving Consent for Data Mining

Cited by 29 publications

References 41 publications

Assessing MyData Scenarios: Ethics, Concerns, and the Promise

Assessing MyData Scenarios: Ethics, Concerns, and the Promise

Assessing the Privacy of mHealth Apps for Self-Tracking: Heuristic Evaluation Approach

When data is capital: Datafication, accumulation, and extraction

Contact Info

Product

Resources

About