User-Tailored Privacy by Design2017; USEC, Useable Security Conference; Sivakumar, S.; Wilkinson, D.; Cherry, D.; Knijnenburg, B.P.
The “privacy by design” philosophy addresses privacy aspects early in the design and development of an information system. While privacy by design solutions often provide considerable advantages over “post hoc” privacy solutions, they are usually not customized to the needs of individual users. Further, research shows that users differ substantially in their privacy management strategies. Thus, how can we support such broad privacy needs in a comprehensive and user-centered way? This paper presents the idea of user-tailored privacy by design, a design methodology that combines multiple privacy features into a single intelligent user interface. We discuss how this methodology moves beyond the “one-size-fits-all” approach of existing privacy by design solutions and the narrow focus on information disclosure of existing user-tailored privacy solutions. We illustrate our approach through an implementation of user-tailored privacy by design within Facebook based on six privacy management profiles that were discovered in recent work, and subsequently extend this idea to the context of the Total Learning Architecture (TLA), which is a next generation learning platform that uses pervasive user monitoring to provide highly adaptive learning recommendations.