Information and Computer Security
Emerald Publishing Limited
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Purpose: With the rapid deployment of Internet of Things (IoT) technologies, it has been essential to address the security and privacy issues through maintaining transparency in data practices. The prior research focused on identifying people’s privacy preferences in different contexts of IoT usage, and their mental models of security threats. However, there is a dearth in existing literature to understand the mismatch between user’s perceptions and the actual data practices of IoT devices. Such mismatches could lead users unknowingly sharing their private information, exposing themselves to unanticipated privacy risks. We aim to identify these mismatched privacy perceptions in our work.
Findings: We identified the mismatched privacy perceptions of users in terms of data collection, sharing, protection, and storage period. Our findings revealed the mismatches between user’s perceptions and the data practices of IoT devices for various types of information, including personal, contact, financial, heath, location, media, connected device, online social media, and IoT device usage.
Value: The findings from this study lead to our recommendations on designing simplified privacy notice by highlighting the unexpected data practices, which in turn, would contribute to the secure and privacy-preserving use of IoT devices.
Al-Ameen, M.N., Chauhan, A., Ahsan, M.A.M. and Kocabas, H. (2021), "A look into user’s privacy perceptions and data practices of IoT devices", Information and Computer Security. https://doi.org/10.1108/ICS-08-2020-0134