Privacy Nudging 1. The tech industry has been using design to persuade users to give away their data or spend more time on their service. If we turn this upside down, we have privacy nudging which can support individuals in their decisions and align them with their behaviour.
Individual decisions are often irrational and even to the individuals’ own disadvantage, especially in digital environments. An example of irrational decision-making is the so-called privacy paradox, which means the discrepancy between the attitude and actual behavior of users regarding their privacy. The privacy paradox shows that individuals are concerned about the protection of their privacy. However, they do not always react accordingly, e.g., by disclosing personal information.
Research has shown that users often act irrationally due to cognitive, emotional, and social factors. One approach to explain this is stated by Daniel Kahnemann’s Dual-Process Theory, which constitutes that individuals use two systems of thought. System 1 represents our intuitions or our unconscious autopilot. System 2 expresses itself through our conscious planning and control, which requires significantly more mental effort and time. Both systems are active at the same time and usually work together smoothly.
In everyday life though, individuals rarely have enough time and information to fully evaluate all alternatives with both systems. Instead, individuals tend to deploy so-called heuristics (mental short-cuts). Heuristics are informal rules of thumb that reduce the complexity of decision making and thus represent abbreviations in decision making. Although heuristics are an efficient way to solve recurring problems, they can lead to systematic errors such as biases in information evaluation. For example, personal data is often disclosed carelessly because the risk of unwanted monitoring is mentally less tangible (availability heuristics). These false conclusions are often systematic and thus predictable deviation from rational behavior. At this point nudges come to play. Nudging is a promising approach, so that users of digital systems can be enabled and guided to make “better” decisions for protecting their personal information.
Last year, Apple made changes in its mobile operating system, IOS, so iPhone users had to opt in, if they wanted advertisers to track them. For years, ad tech companies had been collecting huge amounts of data, because most systems – including Apple’s – were based on opt out. Thus, they were tracked by default, unless they opted out. With Apples change, which has already cost the advertising industry a lot of money, especially Facebook, only 24 percent of iPhones users opt in to tracking according to data from analytics company Flurry. Apple’s change is a good example of privacy nudging.
Nudges Can Align Preferences with Behavior
One way to support individuals in their decision making are so-called nudges. Nudges are a concept from behavioral economics that are described as “any aspect of the choice architecture that alters people’s behavior in a predictable way without forbidding any options, or significantly changing their economic incentives”. In decisions where individuals tend to struggle, nudges can support individuals in aligning their preferences with their behavior. To achieve this, nudging is based on the principle of libertarian paternalism to influence decisions. This means that user can, at any time, freely choose a decision alternative (liberalism component). The individual’s freedom of choice is not restricted, since none of the options are prohibited, and the economic incentive of the alternatives is not significantly changed. However, the individual is nudged to select the alternative that represents the supposedly greatest benefit for him (paternalism component).
In digital environments, nudging typically uses design elements in the user interface to influence behavior. A sub-form of the digital nudges are the so-called privacy nudges. Privacy nudging describes a targeted influence on the decision-making process guiding individuals to make “better” decisions regarding their privacy and lead individuals to their informational self-determination.
Privacy Nudge Components
Following, a selection of possible digital nudge components is introduced. The privacy nudge components are classified in six categories, which represent their underlying nudge mechanism: Defaults, Presentation & Framing, Information, Feedback, Error, Social Influence.
Default privacy nudges are very effective since individuals often do not adapt privacy settings to their needs, the default option (the status-quo) remains overly preferred (status-quo bias). In addition, the default option is used as a reference point. Each decision option is now weighed against this alternative, and the decision is influenced in this direction.
Research concerning presentation and framing nudges focuses mainly on framing effects. Framing effects exist, when two identical alternatives influence the consumer’s decision-making behavior differently due to their different presentation. For example, colored fonts draw attention to selected elements to emphasize certain decision alternatives.
Regarding information privacy nudges, the probability of privacy violations is often incomprehensible underestimated. This can be attributed to representation heuristic, which states that individuals tend to incorrectly associate the frequency of observations of an event with its probability of occurrence. In this context, research also discussed the availability heuristic, which suggests, that decisions are based on information that is mentally easily accessible. To counteract these heuristics, nudges can inform individuals about the risks and consequences of their actions.
Feedback nudges create awareness of individual’s previous and current decisions and their consequences. Research analyzing this nudge covers mainly framing effects, hyperbolic discounting and in large parts the state of incomplete information. It is assumed that the feedback nudge is enabled as individual’s have not sufficient knowledge to make decisions in line with their motivations.
Error resiliency privacy nudges can assist consumers, as decisions on privacy often favor risky and not thought through decisions, without taking possible long-term consequences into account. This is based on so-called hyperbolic discounting, in which the immediate benefit is overestimated, and costs incurred later are underestimated by individuals. To counteract this, a time delay can be used as a privacy nudge. In this way, the individual should be persuaded to act less impulsively and to rethink the message and possible negative consequences.
The effect of social influence privacy nudges is based on the principle of social norms. The individual derives to what extent it is appropriate to share personal information from the behavior of his fellow users. The majority’s decision influences the perception and the behavior of users in a way that others get the feeling of trying to imitate the behavior of the majority. The more users have the same opinion on a particular topic, the more likely it is to elicit the same opinion in others because the behavior of like-minded people leads to individual behavior. It is believed that in situations where individuals are not sure how to decide social influences can be strong cues for guiding behavior.
This is the fist article in a mini-series on privacy nudging. The second one can be read here. The third here.
Parts of this post were first published in:
Barev, T. J. & Janson, A. (2019): Towards an Integrative Understanding of Privacy Nudging – Systematic Review and Research Agenda. In: 18th Annual Pre-ICIS Workshop on HCI Research in MIS (ICIS)
Schomberg, S.; Barev, T. J.; Janson, A. & Hupfeld, F. (2019): Ansatz zur Umsetzung von Datenschutz nach der DSGVO im Arbeitsumfeld: Datenschutz durch Nudging. In: Datenschutz und Datensicherheit – DuD, Ausgabe/Nummer: Issue 12, Vol. December 2019 Volume 43, Erscheinungsjahr/Year: 2019. pp. 774-780.
Photo: Pixabay