Mobile Privacy Expectations in Context

Abstract

An increasing amount of social activity and commerce is performed using applications running on mobile devices such as phones and tablets. During these activities, mobile applications collect increasing amounts of personal data. Consumers, organizations, and regulators struggle to address privacy expectations for these new forms of data collection across a diverse set of activities. This paper describes findings from empirical research employing a context-based survey to understand consumers’ privacy expectations for mobile devices across diverse real-world contexts (e.g., consulting medical applications, navigating using map applications, or playing music or games, etc). The project tests the hypotheses that (a) individuals hold different privacy expectations based on the social context of their mobile activity, and (b) contextual factors such as who (the data collection actor, e.g. the application developer or mobile phone provider), what (data attributes, e.g. the type of information received or tracked by the primary organization), why (application purpose, e.g. playing games, checking the weather, participating in social networking, navigating using maps, listening to music, banking, shopping, and organizing personal productivity) and how (the use of data by the collector, e.g. the amount of time data is stored or how that data is reused) affect individuals’ privacy expectations. This paper reports on survey findings that identify contextual factors of importance in the mobile data ecosystem. Our survey demonstrated that overall, very common activities of mobile application companies such as harvesting and reusing location data, accelerometer readings, demographic data, contacts, keywords, name, images and friends do not meet users’ privacy expectations. But these differences are modulated by both information type and social context. Addressing privacy expectations for mobile devices is an explicit goal of US regulatory bodies and firms rely on understanding privacy expectations to gain the trust of users. Understanding how consumer privacy expectations change in different data use and business contexts can help regulators identify contexts that may require stricter privacy protections and help firms and managers better meet privacy expectations of users. Study results help us understand one aspect of mobile privacy: the expectations of consumers as they vary by context. These expectations have direct implications for researchers, business leaders, policy experts, and consumers.