Putting Mobile Application Privacy in Context: An Empirical Study of User Privacy Expectations for Mobile Devices
Kirsten Martin & Katie Shilton
Users increasingly use mobile devices to engage in social activity and commerce, enabling new forms of data collection by firms and marketers. User privacy expectations for these new forms of data collection remain unclear. A particularly difficult challenge is meeting expectations for contextual integrity, as user privacy expectations vary depending upon data type collected and context of use. This paper illustrates how fine-grained, contextual privacy expectations can be measured. It presents findings from a factorial vignette survey that measured the impact of diverse real-world contexts (e.g., medical, navigation, music), data types, and data uses on user privacy expectations. Results demonstrate that individuals’ general privacy preferences are of limited significance for predicting their privacy judgments in specific scenarios. Instead, the results present a nuanced portrait of the relative importance of particular contextual factors and information uses, and demonstrate how those contextual factors can be found and measured. The results also suggest that current common activities of mobile application companies, such as harvesting and reusing location data, images, and contact lists, do not meet users’ privacy expectations. Understanding how user privacy expectations vary according to context, data types, and data uses highlights areas requiring stricter privacy protections by governments and industry.