Document Type
Article
Journal/Book Title/Conference
Information and Computer Security
Publisher
Emerald Publishing Limited
Publication Date
8-12-2021
First Page
1
Last Page
11
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Abstract
Purpose: With the rapid deployment of Internet of Things (IoT) technologies, it has been essential to address the security and privacy issues through maintaining transparency in data practices. The prior research focused on identifying people’s privacy preferences in different contexts of IoT usage, and their mental models of security threats. However, there is a dearth in existing literature to understand the mismatch between user’s perceptions and the actual data practices of IoT devices. Such mismatches could lead users unknowingly sharing their private information, exposing themselves to unanticipated privacy risks. We aim to identify these mismatched privacy perceptions in our work.
Methodology: We conducted a lab study with 42 participants, where we compared participants’ perceptions with the data practices stated in the privacy policy of 28 IoT devices from different categories, including health & exercise, entertainment, smart homes, toys & games, and pets.
Findings: We identified the mismatched privacy perceptions of users in terms of data collection, sharing, protection, and storage period. Our findings revealed the mismatches between user’s perceptions and the data practices of IoT devices for various types of information, including personal, contact, financial, heath, location, media, connected device, online social media, and IoT device usage.
Value: The findings from this study lead to our recommendations on designing simplified privacy notice by highlighting the unexpected data practices, which in turn, would contribute to the secure and privacy-preserving use of IoT devices.
Recommended Citation
Al-Ameen, M.N., Chauhan, A., Ahsan, M.A.M. and Kocabas, H. (2021), "A look into user’s privacy perceptions and data practices of IoT devices", Information and Computer Security. https://doi.org/10.1108/ICS-08-2020-0134