Enabling Users to Specify Correct Privacy Requirements

Abstract

Privacy becomes more and more important for users of digital services. Recent studies show that users are concerned about having too little control over their personal data. However, if users get more possibilities for self-determining the privacy effecting their personal data, it must be guaranteed that the resulting privacy requirements are correct. This means, they reflect the user’s actual privacy demands. There exist multiple approaches for specifying privacy requirements as an end user, which we call specification paradigms. We assume that a matching of specification paradigms to users based on empirical data can positively influence the objective and perceived correctness. We use the user type model by Dupree, which categorizes users by their motivation and knowledge. We experimentally determined the best match of user types and paradigms. We show that participants with less knowledge and motivation make more mistakes and that a strong limitation of selection options increases objective and perceived correctness of the specified privacy requirements.