Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
143 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The Role of Privacy Guarantees in Voluntary Donation of Private Health Data for Altruistic Goals (2407.03451v2)

Published 3 Jul 2024 in cs.CR and cs.HC

Abstract: The voluntary donation of private health information for altruistic purposes, such as supporting research advancements, is a common practice. However, concerns about data misuse and leakage may deter people from donating their information. Privacy Enhancement Technologies (PETs) aim to alleviate these concerns and in turn allow for safe and private data sharing. This study conducts a vignette survey (N=494) with participants recruited from Prolific to examine the willingness of US-based people to donate medical data for developing new treatments under four general guarantees offered across PETs: data expiration, anonymization, purpose restriction, and access control. The study explores two mechanisms for verifying these guarantees: self-auditing and expert auditing, and controls for the impact of confounds including demographics and two types of data collectors: for-profit and non-profit institutions. Our findings reveal that respondents hold such high expectations of privacy from non-profit entities a priori that explicitly outlining privacy protections has little impact on their overall perceptions. In contrast, offering privacy guarantees elevates respondents' expectations of privacy for for-profit entities, bringing them nearly in line with those for non-profit organizations. Further, while the technical community has suggested audits as a mechanism to increase trust in PET guarantees, we observe limited effect from transparency about such audits. We emphasize the risks associated with these findings and underscore the critical need for future interdisciplinary research efforts to bridge the gap between the technical community's and end-users' perceptions regarding the effectiveness of auditing PETs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (120)
  1. Prolific. https://www.prolific.com, 2024.
  2. Exploring user mental models of End-to-End encrypted communication tools. In 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI 18), 2018.
  3. Obstacles to the adoption of secure communication tools. In 2017 IEEE Symposium on Security and Privacy (SP), pages 137–153. IEEE, 2017.
  4. What is privacy worth? The Journal of Legal Studies, 42(2):249–274, 2013.
  5. Public responses to the sharing and linkage of health data for research purposes: a systematic review and thematic synthesis of qualitative studies. BMC Medical Ethics, 17(1), November 2016.
  6. From secure to military-grade: Exploring the effect of app descriptions on user perceptions of secure messaging. In Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society, pages 119–135, 2021.
  7. Privacy-preserving machine learning: Threats and solutions. IEEE Security & Privacy, 17(2):49–58, 2019.
  8. Orthogonal Security With Cipherbase. In 6th Biennial Conference on Innovative Data Systems Research (CIDR’13), January 2013.
  9. Americans and privacy: Concerned, confused and feeling lack of control over their personal information. Pew Research Center, 15:175–190, 2019.
  10. Wei Bai. User Perceptions of and Attitudes toward Encrypted Communication. PhD thesis, University of Maryland, College Park, 2019.
  11. Improving non-experts’ understanding of end-to-end encryption: An exploratory study. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 210–219. IEEE, 2020.
  12. TrustedDB: A Trusted Hardware Based Database with Privacy and Data Confidentiality. In Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, SIGMOD ’11, pages 205–216, New York, NY, USA, 2011. Association for Computing Machinery.
  13. Susanne Barth and Menno D.T. de Jong. The privacy paradox – investigating discrepancies between expressed privacy concerns and actual online behavior – a systematic literature review. Telematics and Informatics, 34(7):1038–1058, 2017.
  14. The importance of relevance: Willingness to share eHealth data for family medicine research. Frontiers in Public Health, 6, September 2018.
  15. Online privacy concerns and privacy management: A meta-analytical review. Journal of Communication, 67(1):26–53, 2017.
  16. Shielding Applications from an Untrusted Cloud with Haven. ACM Trans. Comput. Syst., 33(3), August 2015.
  17. An investigation into the sensitivity of personal information and implications for disclosure: A UK perspective. Frontiers in Computer Science, 4:908245, 2022.
  18. Opportunities and challenges in the use of personal health data for health research. Journal of the American Medical Informatics Association, 23(e1):e42–e48, September 2015.
  19. Towards understanding differential privacy: When do people trust randomized response technique? In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pages 3833–3837, 2017.
  20. Purpose based access control of complex data for privacy protection. In Proceedings of the tenth ACM symposium on Access control models and technologies, pages 102–110, 2005.
  21. Mary Ellen Callahan. Handbook for safeguarding sensitive personally identifiable information. United States Department of Homeland Security, Washington, DC, 2012.
  22. Pew Research Center. Public Perceptions of Privacy and Security in the Post-Snowden Era. 2014.
  23. Blockchain-based random auditor committee for integrity verification. Future Generation Computer Systems, 131:183–193, 2022.
  24. Use and understanding of anonymization and de-identification in the biomedical literature: scoping review. Journal of medical Internet research, 21(5):e13484, 2019.
  25. Cryptϵitalic-ϵ\epsilonitalic_ϵ: Crypto-Assisted Differential Privacy on Untrusted Servers. CoRR, abs/1902.07756, 2019.
  26. Angela M Cirucci. Oversharing the super safe stuff:“privacy-washing” in apple iphone and google pixel commercials. First Monday, 2024.
  27. Danielle Keats Citron. The privacy policymaking of state attorneys general. Notre Dame Law Review, 92:747, 2016.
  28. European Commission. European data governance act. https://digital-strategy.ec.europa.eu/en/policies/data-governance-act.
  29. User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact., 13(2):135–178, jun 2006.
  30. “I need a better description”: An investigation into user expectations for differential privacy. In ACM Conference on Computer and Communications Security (CCS), 2021.
  31. Expert and non-expert attitudes towards (secure) instant messaging. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), pages 147–157, 2016.
  32. Covault: A secure analytics platform. arXiv preprint arXiv:2208.03784, 2022.
  33. In encryption we don’t trust: The effect of end-to-end encryption to the masses on user perception. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pages 401–415. IEEE, 2019.
  34. Field evidence of the effects of privacy, data transparency, and pro-social appeals on covid-19 app attractiveness. In CHI Conference on Human Factors in Computing Systems, pages 1–21, 2022.
  35. Covid-19, digital privacy, and the social limits on data-focused public health responses. International Journal of Information Management, 55:102181, 2020.
  36. Centers for Medicare and Medicaid Services. Medicare Chronic Conditions, 2024. https://data.cms.gov/medicare-chronic-conditions.
  37. A systematic literature review of individuals’ perspectives on broad consent and data sharing in the united states. Genetics in Medicine, 18(7):663–671, July 2016. Publisher Copyright: © American College of Medical Genetics and Genomics.
  38. " like lesbians walking the perimeter": Experiences of {{\{{US}}\}}.{{\{{LGBTQ+}}\}} folks with online security, safety, and privacy advice. In 31st USENIX Security Symposium (USENIX Security 22), pages 305–322, 2022.
  39. Lgbtq privacy concerns on social media. arXiv preprint arXiv:2112.00107, 2021.
  40. Why johnny fails to protect his privacy. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 109–118, 2019.
  41. De-identified genomic data sharing: the research participant perspective. Journal of Community Genetics, 8(3):173–181, April 2017.
  42. Secure sharing of mhealth data streams through cryptographically-enforced access control. Smart Health, 12:49–65, 2019. Special Issue on Security in Medical Cyber-Physical Systems.
  43. Dimensions of diversity in human perceptions of algorithmic fairness. arXiv preprint arXiv:2005.00808, 2020.
  44. Obscure: Information-Theoretic Oblivious and Verifiable Aggregation Queries. Proceedings of the VLDB Endowment, 12(9):1030–1043, May 2019.
  45. ‘nothing is really safe’: a focus group study on the processes of anonymizing and sharing of health data for research purposes. Journal of evaluation in clinical practice, 17(6):1140–1146, 2011.
  46. How privacy concerns, trust and risk beliefs, and privacy literacy influence users’ intentions to use privacy-enhancing technologies: The case of tor. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 51(1):51–69, 2020.
  47. Americans’ willingness to adopt a covid-19 tracking app. First Monday, 25(11):online, 2020.
  48. An assessment of perspectives and concerns among research participants of childbearing age regarding the health-relatedness of data, online data privacy, and donating data to researchers: Survey study. Journal of Medical Internet Research, 25:e41937, March 2023.
  49. Logcrypt: forward security and public verification for secure audit logs. Cryptology ePrint Archive, 2005.
  50. Systematic review of participants’ attitudes towards data sharing: a thematic synthesis. Journal of Health Services Research & Policy, 23(2):123–133, April 2018.
  51. Assessment of access control systems. US Department of Commerce, National Institute of Standards and Technology …, 2006.
  52. Selecting privacy-enhancing technologies for managing health data use. Frontiers in Public Health, 10:814163, 2022.
  53. Willingness to share personal health information: impact of attitudes, trust and control. Records Management Journal, 31(1):48–59, 2021.
  54. Caring about sharing: User perceptions of multiparty data sharing. In 31st USENIX Security Symposium (USENIX Security 22), pages 899–916, Boston, MA, August 2022. USENIX Association.
  55. "my data just goes everywhere": user mental models of the internet and implications for privacy and security. In Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security, SOUPS ’15, page 39–52, USA, 2015. USENIX Association.
  56. Exploring {{\{{User-Suitable}}\}} metaphors for differentially private data analyses. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), pages 175–193, 2022.
  57. Kristyn Karl and Yu Tao. Correcting overconfidence in online privacy: experimenting with an educational game. Information, Communication & Society, 26(5):990–1007, 2023.
  58. Dynamic consent: a patient interface for twenty-first century research networks. European journal of human genetics, 23(2):141–146, 2015.
  59. Standardizing privacy notices: an online study of the nutrition label approach. In Proceedings of the SIGCHI Conference on Human factors in Computing Systems, pages 1573–1582, 2010.
  60. Pratyush Khanra. Bridging health data donation. 2023.
  61. Comparison of consumers’ views on electronic data sharing for healthcare and research. Journal of the American Medical Informatics Association, 22(4):821–830, March 2015.
  62. What matters to users? factors that affect users’ willingness to share information with online advertisers. In Proceedings of the ninth symposium on usable privacy and security, pages 1–12, 2013.
  63. OP043: The evolving attitude towards privacy and security of personal genomic data. Genetics in Medicine, 24(3):S369, March 2022.
  64. Jarrett Lewis. Patient Data Sharing: The Public’s Opinion, 2019. https://medium.com/swlh/patient-data-sharing-the-publics-opinion-6c385d6d7eda.
  65. Secure auditing and deduplicating data in cloud. IEEE Transactions on Computers, 65(8):2386–2396, 2015.
  66. Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM conference on ubiquitous computing, pages 501–510, 2012.
  67. MainWP. Unveiling the facade: Understanding the phenomenon of privacy washing, 2023. Accessed: 2024-06-06.
  68. Exploring public concerns for sharing and governance of personal health information: a focus group study. JAMIA Open, 4(4), October 2021.
  69. Reliability and inter-rater reliability in qualitative research: Norms and guidelines for cscw and hci practice. Proceedings of the ACM on human-computer interaction, 3(CSCW):1–23, 2019.
  70. Global public perceptions of genomic data sharing: What shapes the willingness to donate dna and health data? American journal of human genetics, 107, 09 2020.
  71. Information sensitivity typology: Mapping the degree and type of risk consumers perceive in personal data sharing. Journal of Consumer Affairs, 51(1):133–161, 2017.
  72. Ipsos Mori. Public attitudes to commercial access to health data. https://www.ipsos.com/sites/default/files/publication/5200-03/sri-wellcome-trust-commercial-access-to-health-data.pdf, 2016.
  73. "if i press delete, it’s gone" - user understanding of online data deletion and expiration. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pages 329–339, Baltimore, MD, August 2018. USENIX Association.
  74. A comparative study of data anonymization techniques. In 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pages 306–309, 2019.
  75. What are the chances? explaining the epsilon parameter in differential privacy. In 32nd USENIX Security Symposium (USENIX Security 23), pages 1613–1630, 2023.
  76. Privacy-aware role-based access control. ACM Transactions on Information and System Security (TISSEC), 13(3):1–31, 2010.
  77. Helen Nissenbaum. Privacy in context: Technology, policy, and the integrity of social life. In Privacy in Context. Stanford University Press, 2009.
  78. Turtles, locks, and bathrooms: Understanding mental models of privacy through illustration. Proceedings on Privacy Enhancing Technologies, 2018(4):5–32, August 2018.
  79. Kate O’Flaherty. Apple slams facebook and google with bold new privacy ad, 2022. Accessed: 2024-06-06.
  80. Online privacy and consumer protection: An analysis of portal privacy statements. Journal of Broadcasting & Electronic Media, 49(3):259–281, 2005.
  81. Blind Seer: A Scalable Private DBMS. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014, pages 359–374. IEEE Computer Society, 2014.
  82. R. Perlman. File system design with assured delete. In Third IEEE International Security in Storage Workshop (SISW’05), pages 6 pp.–88, 2005.
  83. The moral limits of the market: the case of consumer scoring data. Ethics and Information Technology, 21:117–126, 2019.
  84. Effectiveness of digital forced-choice nudges for voluntary data donation by health self-trackers in germany: Web-based experiment. J Med Internet Res, 24(2):e31363, Feb 2022.
  85. Exploring user perceptions of discrimination in online targeted advertising. In USENIX Security, 2017.
  86. Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity, 4(1), 03 2018. tyy001.
  87. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 85–100, 2011.
  88. E. M. Redmiles. User Concerns & Tradeoffs in Technology-facilitated COVID-19 Response. ACM Digital Government: Research and Practice, 2020.
  89. “I just want to feel safe”: A diary study of safety perceptions on social media. In AAAI Conference on Web and Social Media (ICWSM), 2019.
  90. A summary of survey methodology best practices for security and privacy researchers. 2017.
  91. Public attitudes to data sharing in northern ireland: Findings from the 2015 northern ireland life and times survey, February 2018.
  92. What are data? A categorization of the data sensitivity spectrum. Big Data Research, 12:49–59, 2018.
  93. Towards enforcement of the eu gdpr: Enabling data erasure. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pages 222–229, 2018.
  94. Advanced digital health technologies for covid-19 and future emergencies. Telemedicine and e-Health, 26(10):1226–1233, 2020.
  95. Post-covid public health surveillance and privacy expectations in the united states: scenario-based interview study. JMIR mHealth and uHealth, 9(10):e30871, 2021.
  96. A two-stage de-identification process for privacy-preserving medical image analysis. In Healthcare, volume 10, page 755. MDPI, 2022.
  97. A preregistered vignette experiment on determinants of health data sharing behavior: Willingness to donate sensor data, medical records, and biomarkers. Politics and the Life Sciences, 41(2):161–181, 2022.
  98. Psychology of personal data donation. PloS one, 14(11):e0224240, 2019.
  99. Death by a thousand facts: Criticising the technocratic approach to information security awareness. Information Management & Computer Security, 20(1):29–38, 2012.
  100. “giving something back”: A systematic review and ethical enquiry into public views on the use of patient data for research in the united kingdom and the republic of ireland. Wellcome Open Research, 3:6, January 2019.
  101. On the limited impact of visualizing encryption: Perceptions of {{\{{E2E}}\}} messaging security. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pages 437–454, 2021.
  102. Replication: How well do my results generalize now? the external validity of online privacy and security surveys. In Eighteenth symposium on usable privacy and security (SOUPS 2022), pages 367–385, 2022.
  103. Defining privacy: How users interpret technical terms in privacy policies. Proceedings on Privacy Enhancing Technologies, 2021.
  104. Egocentric interpretations of fairness and interpersonal conflict. Organizational Behavior and Human Decision Processes, 51(2):176–197, 1992.
  105. Security, privacy, and access control in information-centric networking: A survey. IEEE communications surveys & tutorials, 20(1):566–600, 2017.
  106. The public’s comfort with sharing health data with third-party commercial companies. Humanities and Social Sciences Communications, 7(1), November 2020.
  107. Gap: A game for improving awareness about passwords. In Stefan Göbel, Augusto Garcia-Agundez, Thomas Tregel, Minhua Ma, Jannicke Baalsrud Hauge, Manuel Oliveira, Tim Marsh, and Polona Caserman, editors, Serious Games, pages 66–78, Cham, 2018. Springer International Publishing.
  108. When the data are out: Measuring behavioral changes following a data breach. Marketing Science, 43(2):440–461, 2024.
  109. The users’ perspective on the privacy-utility trade-offs in health recommender systems. International Journal of Human-Computer Studies, 121:108–121, 2019.
  110. Mental models of software updates. International Communication Association, pages 1–39, 2014.
  111. Are those steps worth your privacy? fitness-tracker users’ perceptions of privacy and utility. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., 5(4), dec 2022.
  112. Willingness to donate genomic and other medical data: results from germany. European Journal of Human Genetics, 28(8):1000–1009, 2020.
  113. Privacy-preserving public auditing for secure cloud storage. IEEE transactions on computers, 62(2):362–375, 2011.
  114. Rick Wash. Folk models of home computer security. In Proceedings of the Sixth Symposium on Usable Privacy and Security. ACM, July 2010.
  115. To share or not to share: What risks would laypeople accept to give sensitive data to differentially-private nlp systems? arXiv preprint arXiv:2307.06708, 2023.
  116. Willingness to share personal health record data for care improvement and public health: a survey of experienced personal health record users. BMC Medical Informatics and Decision Making, 12(1), May 2012.
  117. First, design for data sharing. Nature biotechnology, 34(4):377–379, 2016.
  118. When is a tree really a truck? Exploring mental models of encryption. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pages 395–409, 2018.
  119. Hybrid trust multi-party computation with trusted execution environment.
  120. Towards effective differential privacy communication for users’ data sharing decision and comprehension. In 2020 IEEE Symposium on Security and Privacy (SP), pages 392–410. IEEE, 2020.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now