The General Data Protection Regulation (GDPR) presents a set of directives to give individuals control over their personal data by enforcing concrete actions on enterprises regarding users’ privacy. However, enforcing actions in the context of mobile and ubiquitous computing imposes multiple challenges. For example, the ubiquity of smart devices, combined with the lack of information about the data garnered by them, hinders compliance with GDPR. We can observe that despite the current regulations enforced by the GDPR, individuals are still unaware of privacy risks when using mobile and ubiquitous devices such as IoT devices. Thus, a practical solution for increasing awareness of privacy risks and providing a useful and intuitive way to manage them is fundamental for safeguarding users’...[ Read more ]

The General Data Protection Regulation (GDPR) presents a set of directives to give individuals control over their personal data by enforcing concrete actions on enterprises regarding users’ privacy. However, enforcing actions in the context of mobile and ubiquitous computing imposes multiple challenges. For example, the ubiquity of smart devices, combined with the lack of information about the data garnered by them, hinders compliance with GDPR. We can observe that despite the current regulations enforced by the GDPR, individuals are still unaware of privacy risks when using mobile and ubiquitous devices such as IoT devices. Thus, a practical solution for increasing awareness of privacy risks and providing a useful and intuitive way to manage them is fundamental for safeguarding users’ privacy.

This thesis presents an in-depth study of individuals’ privacy from their conceptual models and behavior in ubiquitous computing environments. Under the general term of privacy, theories, and individuals’ conceptual models, there is an underlying universal dilemma about information disclosure. These shared concepts regarding privacy can shed more light on the impact of privacy on individuals’ decision-making processes in ubiquitous computing. Our results show that participants are firmly in favor of consent requests for collecting and processing personal information. Information disclosure should be granular, and they are not concerned about third parties’ identity. With these underlying individuals’ concepts in mind, we explore users’ privacy-related behavior in data collection environments such as the web and how different interface design approaches (e.g., nudged) can influence individuals’ choices for cookie consent notices. Our findings demonstrate the importance of nudged interfaces and the effects orthogonal nudging techniques can have on users’ choices. The aforementioned results allow us further to explore users’ privacy-related behavior in smart device ecosystems. We study the effects of contextual information visualization on users’ privacy perceptions. Our results show new insights into factors mediating user’s privacy perceptions and provide design guidelines for improving users’ knowledge of risks associated with smart devices using AR-based privacy assistants. These findings guide us to propose a privacy-preserving assistant driven by augmented reality (AR) for smart devices at home, namely Privacy Augmented Reality Assistant (PARA). PARA owns two key functions of contextualizing data disclosure and configuring privacy settings in the appropriate usage context. Our results show that PARA increases users’ privacy perceptions with a higher intention of applying privacy protection mechanisms. PARA serves as an intuitive yet informative privacy assistant for smart device ecosystems. Finally, we propose a system that preserves shoppers’ privacy in retail analytics. EyeShopper is an innovative system that tracks shoppers’ gaze when facing away from the camera and provides insights into their physical stores’ behavior. The lack of facial features (i.e., identifiable information) in EyeShopper can open new approaches in retail analytics while providing privacy protection according to the GDPR.