Towards Usable Privacy Management for IoT TAPs: Deriving Privacy Clusters and Preference Profiles
Piero Romare, Farzaneh Karegar, Simone Fischer-Hübner
TL;DR
The paper tackles the challenge of usable privacy management in IoT TAPs by deriving attitudinal privacy clusters and corresponding data-sharing profiles from an online study with $N=301$ participants informed about potential risks. It develops and validates a TAP-specific privacy questionnaire, applies EFA/MGCFA to ensure reliability and invariance across four scenarios, and uses hierarchical clustering to extract three privacy clusters: Basic, Medium, and High. These clusters are then characterized by data-sharing preferences via a factorial vignette study, yielding three privacy profiles that map to increasingly stringent privacy expectations. The findings provide a foundation for semi-automated, risk-informed permission bundles in TAPs and highlight the need for scenario-specific, transparent risk communication and adaptable privacy controls in practice.
Abstract
IoT Trigger-Action Platforms (TAPs) typically offer coarse-grained permission controls. Even when fine-grained controls are available, users are likely overwhelmed by the complexity of setting privacy preferences. This paper contributes to usable privacy management for TAPs by deriving privacy clusters and profiles for different types of users that can be semi-automatically assigned or suggested to them. We developed and validated a questionnaire, based on users' privacy concerns regarding confidentiality and control and their requirements towards transparency in TAPs. In an online study (N=301), where participants were informed about potential privacy risks, we clustered users by their privacy concerns and requirements into Basic, Medium and High Privacy clusters. These clusters were then characterized by the users' data sharing preferences, based on a factorial vignette approach, considering the data categories, the data recipient types, and the purpose of data sharing. Our findings show three distinct privacy profiles, providing a foundation for more usable privacy controls in TAPs.