Visible to the public Governance for Big Data - July 2022Conflict Detection Enabled

Submitted by Serge Egelman on Wed, 09/14/2022 - 2:20pm

PI(s), Co-PI(s), Researchers:

  • Serge Egelman (ICSI)
  • Julia Bernd (ICSI)

HARD PROBLEM(S) ADDRESSED
Human Behavior, Policy-Governed Secure Collaboration

PUBLICATIONS

  • Accepted for publication:
    Mohammad Tahaei, Julia Bernd, and Awais Rashid. 2022. Privacy, Permissions, and the Health App Ecosystem: A Stack Overflow Exploration. In Proceedings of the 2022 European Symposium on Usable Security (EuroUSEC '22). Association for Computing Machinery, New York, NY, USA, 117-130. https://doi.org/10.1145/3549015.3555669

KEY HIGHLIGHTS

  • Our paper with our colleagues Mohammad Tahaei and Awais Rashid at University of Bristol, "Privacy, Permissions, and the Health App Ecosystem: A Stack Overflow Exploration", described in our January 2022 report, analyzes Stack Overflow posts by developers of health apps to illuminate how the data governance mechanisms of various stakeholders, especially the major mobile platforms, affect their approach to health app privacy.

  • The paper was not accepted to Empirical Software Engineering, so we revised it and submitted it to EuroUSEC (the European Symposium on Usable Security). It was accepted, and we will be presenting it in September.

  • We are moving forward with the survey study described in our April 2022 report that examines the relationship between U.S. consumers' expectations about how different types of apps will handle user data, and their assumptions about sector-specific laws regulating handling of health data. The study will examine users' expectations and preferences around who is responsible and who should be responsible for regulating data collection and handling, and whether users have different expectations and preferences about regulation of health vs. other types of data.

    • After receiving an IRB exemption determination from ICSI's Human Research Protections Committee, we collected some walkthroughs using UserBob and ran a 50-participant pilot on the Prolific.co platform; we are now analyzing the data from those to make any necessary revisions to the survey instrument and the data analysis plan.

    • We are also beginning a lightweight analysis of the relevant laws and app store rules, to provide context for how users' expectations and preferences may differ from the actual state of affairs.

COMMUNITY ENGAGEMENTS

  • Nothing to report this quarter.

EDUCATIONAL ADVANCES:

  • Our user study is being led by a UC Berkeley computer science grad student.
Groups: