Name: Roshini Tuniya

Roll No.: 27
MAEMA
SEM IV
Relevant information from Research Papers

Topic: Perception & Awareness of people towards data privacy. Are

people aware of data breach while using social networking sites?

Keywords: Social media, Users, Information, Perceptions, Data Privacy,

Privacy, Privacy Awareness, Awareness, Online social networks, User
perceptions.

1. Social Media Users Perception on Privacy Issues in a Nigerian

University

ABSTRACT

This study describes the level of awareness of social media network users
to terms of service and verifying the social media users perception on the
information shared on social network. A structured questionnaire was used
to elicit information from 220 respondents among the randomly selected
students. Results indicated that over 91% of the respondents were aware
of terms of service relating to privacy on the social media networks and
66.3% of the users had read the terms of service in whole or in part.
Meanwhile, 78% request for consultation on the use of their information.
The study concluded that social media users need to understand the
conditions attached to its use via proper orientation.

INTRODUCTION
The development and usage of social media technologies has become a way
of life to many Nigerians. Social media technologies have been observed to
be a landslide breakthrough in information and communications
technology in the 21st century. Though still evolving, its high level of
adoption and usage is on the daily increase (Adaja and Ayodele, 2013). The
use of social media has enabled real time communication among users such
as companies, consumers, institutions, and many more. To this effect,
communication has become more effective, breaking the barrier that comes
with different products and issues around the world (Mangold and Faulds,
2009). Remarkably, within the twinkling of an eye, information can be
passed to numerous people, distance is no longer a barrier and this
becomes possible due to the advent of social media technologies which
made communication easy and unproblematic. Scholars share divergent
opinions about the conceptual nature of social media and this is due to its
fast evolving nature and diversity in delivery platforms. The cogent idea in
most of the social media definitions is communication, interaction and
exchange of ideas, knowledge via internet based platform. Some definitions
of social media networks and their respective scholars are as shown in
Table 1. So many definitions of social media networks are available in the
literature, Drury (2008) definition is considered appropriate for this study.
Social media can be described as online resources that people use to share
content: video, photos, images, text, ideas, insight, humour, opinion, gossip,
news.

There are various forms of social media which ranges from media-sharing
tools such as YouTube and Flickr to social networking sites such as
Facebook, Whatsapp, Instagram, Badoo and LinkedIn. Others include social
bookmarking tools (Delicious and CiteULike), collaborative knowledge
development tools and creative tools such as blogs (e.g. WordPress and
Blogger) and micro blogs and applications (Twitter, Whatsapp), amongst
others (Balakrishnan and Gan, 2016). Social media sites are characterised
with information sharing, this information may be about their personal life,
not mindful of the reactions by others as they have no control over what
others post about them and how this information is utilised by the social
network developers (Wu, Majedi, Ghazinour and Barker, 2010).
Furthermore, social media users may not be adequately informed of the
risks of using social networks. They seem to have a limited sense of how
the information posted might be used by others and what type of data to be
shared with third parties (Williams, 2010). One of the most significant and
identified problem of social networking is privacy; many users do not
understand the consequences of revealing personal information online
(Polakis et al., 2010). Using social media also requires that users agree to
certain terms and conditions (also called T&C or terms of service). These
are rules and clauses which users must agree on, in order to use a service;
these terms are usually binding to two parties (organisation and users). It
includes a list of provisions such as a disclaimer of liability (owner takes no
responsibility for any damages a user receives as a result of use), a licence
of the copyright or agreement clause. Junco (2012) observed that the rate
at which users read the agreement is reducing day-by-day. It is believed to
be time consuming, tedious and unnecessary. Since the use of social media
has become a trend among the people, it is assumed that not reading or
violating it, may involve them in an unknown legal battle. The design of
privacy controls of the social networks makes it possible for information to
be revealed (Conti et al., 2011). Facebook as a social networking site
ensures the privacy of its users through several settings that fits its
requirements (Everson et al., 2013). Wu et al., (2010) was of the opinion
that data retention may be a problem since all of the privacy policies
involved do not have clear statements. Some perceived the terms to be
written in ambiguous terms and long for users to read and are also of the
belief that users need to be informed in easily accessible privacy
statements that are easy to understand. Similarly, Asif and Khan (2012)
found out that people remained unaware of information sharing policies
despite the fact that the policies were clearly stated. There study also
showed that people do not know how their personal data can be utilised;
this made users to share their private information with unauthorized
people. They conclude that complexity of privacy settings and lack of
control provided to user is seen to be responsible for unintentional
information sharing. In the same vein, the high security threat that
accompanies the use of social media is worth discussing. With billions of
users online, these tools not only attract friends and family who wants to
stay in touch, but they also attract people with ulterior motives. Theft of
identity is one of the common threats of using social media. Most social
networks have information that is required, such as email address,
birthday, location and others. It’s common for an identity thief to hack an
email account by using social information as well as knowing your location
at a particular time. By going directly to the source of social media sites,
hackers can interject malicious codes which makes it easy to steal identity,
inject viruses to your computer, smart phones and obstruct bank account
information, to name a few.

This study attempts to ascertain whether social media users actually read
through the terms of service of social media before consenting to it, it also
evaluate their knowledge of the use of the private/public information
shared. Specifically, the study focused on describing the level of awareness
of social media network users to terms of service and verifying the social
media users perception on the information shared on social networks.

EVIDENCE FROM LITERATURE

The use of social networks invariably involves the processing of personal

data and thus engages the necessity of privacy policies. The advent of
technology such as smart phones, tablets, and other wearable i-techs has
brought considerable threat to life. It has also challenged traditional
concepts of privacy for well over a century and also redefined social
attitudes and perception towards privacy concerns.

Social Media Networks and Privacy Issues

Despite the enormous benefits of using social media networks, its adoption has
also been characterised by many risks. The identified risks as stated by
Livingstone & Helsper (2007); Livingstone (2008) and sited in Collin, (2009)
include management of personal information and privacy, the risk of predation
and cyber bullying, privacy breaches and predation and understanding
copyright law in relation to creative content production.
Asif and Khan (2015) evaluated user’s perception on facebook’s privacy policies
with the intention to study the amount and type of information disclosed by
Facebook, its consented parties and other Facebook users; and to compare the
findings with regard to the hypothesis that creates a foundation as to why
people do not properly organize their Facebook privacy settings. The study
asserts that people are ignorant of such privacy policies and settings, and even
if they are conscious and they’ve read them, they hardly understand their
effect. It was argued that even the computer science graduates have least idea
regarding information disclosure by Facebook. The result clearly showed that
people remain unaware of information sharing policies despite been clearly
stated. And if they have read them, they are not confirmed about the effect.
The study also shows that people do not know how their personal data can be
shared. And they end up in sharing their private information with unauthorized
people because of their ignorant attitude. It was concluded that complexity of
privacy settings and lack of control provided to user is equally responsible for
unintentional information sharing.

In a study conducted by Abdulahi, Samadi and Gharleghi (2014), they studied

the negative effects of social networking sites such as facebook among Asia
Pacific University scholars. The researcher utilized survey research design
among 152 students of the chosen university in order to examine and study
the negative effects. Their paper measured frequency of use, participation in
activities and time spent preparing for class, in order to know if Facebook
affects the performance of students. Social network sites were believed to be
an electronic connection between users, but unfortunately it has become an
addiction for students. Lastly, the paper provided a comprehensive analysis of
the law and privacy of Facebook.
It shows how Facebook users socialize on the site, while they are not aware
or misunderstand the risk involved and how their privacy suffers as a
result. The researcher found that people remain unaware of information
sharing policies, although the policies are clearly stated and if they have
read them, they are not deep-rooted about the effect. The result also means
that the increase in usage of Facebook often leads to increase in the amount
of exposure to privacy and security issues increases as well. It concluded
that people do not know how their personal data can be shared on social
media. Research has also shown that young people are aware of potential
privacy threats online and many take tactical steps to minimise potential
risks (Hitchcock 2008; Lenhart & Madden 2007; Hinduja & Patchin 2008;
cited in Boyd and Ellison (2007)

RESEARCH METHOD

The paper employed descriptive survey design. A structured questionnaire

was used to elicit information from about two hundred and twenty (220)
respondents from randomly selected students. A total number of one
hundred and eighty nine (189) duly completed questionnaire representing
85.9% response rate was retrieved and found suitable for analysis.
Quantitative method of analysis (descriptive statistics) was used to
describe the variables of study and the socio-demographic characteristics
of the respondents.
The study majorly operationalized on variables such as self-reported years
of social media networks adoption, perceived levels of awareness of
privacy policies based on knowledge of social media networks’ terms of
service, degree of social media networks’ information privacy consent and
levels of access to social media networks users’ information by third
parties. The respondent’s length of social media networks usage was
determined through a closed-ended behavior question on a four point scale
with each option been indicated in intervals. Self-perceived depth of
knowledge of social media networks’ terms of service was measured by
asking the respondents whether they were aware that social media
networks have terms of services with a binary response of ‘yes or no’. Also,
the respondents were asked whether they have ever read any of the terms
of service in whole or in part for each social media networks to which they
use, as well as if they were aware of the fact that when accepting the terms
of service of a social media network, they were giving permission for some
of their information to be accessed by third parties. Furthermore, a set of
five belief statements (constructs) aimed at establishing how the
respondents viewed the use of their information (such as status updates,
photos, videos, personal information etc.) uploaded to social media
networks by third parties for academic purposes in the university
environment without their explicit consent were stated to ascertain the
users’ level of knowledge on their privacy rights. This was in line with
study by Turow et al (2007), as this would give insight into what the users
think their level of privacy is, when using the social media networks and
this was measured using a Likert rating scale. Also, the respondents were
asked how concerned they were each time their social media information
(such as status, updates, photos, videos, personal information etc.) were
been used by organizations such as universities, advertisers, commercial
research companies, government departments etc. for research purposes
without their consent and this was also measured using a Likert rating
scale.
2. Privacy Awareness: A Means to Solve the Privacy Paradox?

Abstract. People are limited in their resources, i.e. they have limited
memory capabilities, cannot pay attention to too many things at the same
time, and forget much information after a while; computers do not suffer
from these limitations. Thus, revealing personal data in electronic
communication environments and being completely unaware of the impact
of privacy might cause a lot of privacy issues later. Even if people are
privacy aware in general, the so-called privacy paradox shows that they do
not behave according to their stated attitudes. This paper discusses
explanations for the existing dichotomy between the intentions of people
towards disclosure of personal data and their behaviour. We present
requirements on tools for privacy-awareness support in order to
counteract the privacy paradox.

Introduction

The protection of privacy is an important issue in modern information

society. The release of personal information in electronic communication
environments may cause severe privacy issues in the future, if people are
completely unaware of their privacy. Secondary uses of data promote these
problems further [22]. Even if people have a theoretical interest in keeping
their privacy when acting on the Internet and do not want everybody to
know their personal data and private information, studying their real
online communication often shows a different behaviour.

Privacy Awareness of People

The term privacy awareness is not well established in the literature. Hence,
as a starting point, we present interpretations of privacy, which are taken
into consideration for this work. After the concept of awareness is
introduced, we give a definition of privacy awareness.

Privacy of personal data

The disclosure of personal data is bound to the recipient and to the usage
and, in contrast to the concept of solitude, actively determined by the
individual as owner of the data. To be able to select which data to disclose
to whom, does not only comprise options to keep data confidential but also
options to disclose data to selected receivers, e.g. through the availability of
communication means.

Privacy Awareness

Awareness is based on an individual’s attention, perception and cognition

of physical as well as non-physical objects. The state of being aware of
something fades away as soon as there is no longer any stimulus present.
Information from the environment or from other people constitutes such
stimuli. Since the focus of this paper lies on privacy in the context of
interactive scenarios between customers and service providers as well as
collaborative use cases, where arbitrary entities interact with each other,
the privacy awareness of people will be discussed.

Taking into account the two views on privacy presented above, privacy
awareness of an individual encompasses the attention, perception and
cognition of:

− whether others receive or have received personal information about

him/her, his/her presence and activities,

− which personal information others receive or have received in detail,

− how these pieces of information are or may be processed and used, and

− what amount of information about the presence and activities of others

might reach and/or interrupt the individual.

User-independent vs. User-specific privacy-awareness information

Means to build up and enhance privacy awareness can be identical for each
user of a system or be tailored to group-specific or even to individual
requirements and needs. Whereas privacy disclaimers on Websites can be
seen as an example of general, user-independent privacy-awareness hints,
the evaluation of individual privacy preferences can serve as a basis for
more individualised and user-specific features of privacy-awareness
support.
Tools to Support Privacy Awareness

In principle, there exist two options to encounter the privacy paradox:

either the behaviour of people would have to be adapted with their
attitudes or vice versa. In order to enhance privacy, the first option should
be pursued, i.e., people should be “reminded” about their intentions to
protect privacy during interactions. Therefore tools and features need to be
designed and developed that increase privacy awareness in specific
software applications.

Requirements on Tools to Support Privacy Awareness

For the design of tools that support privacy awareness, a number of

requirements emerge and should be considered. In the following section,
these requirements are pointed out and explained. Ambivalences, which
ensue from the demand for a high flexibility of tools, user-control and
freedom of choice for the individual on the one hand and strict definition of
rules for implementation on the other hand, are discussed.

• Measure privacy attitude of people

In order to “remind” people about their privacy attitude in specific

situations, their general attitude have to be known by the support tool.
There are two ways to capture the privacy preferences of people: (a) ask
them directly or (b) gather preferences from observation of actual
behaviour. The latter option has at least two problems. First, monitoring of
the behaviour might be privacy-invasive itself and, second, the privacy
paradox describes the gap between attitude towards privacy and
behaviour. Hence, drawing conclusions from monitored behaviour would
simply not help. Asking people directly means in fact to let them customise
their tool for privacy awareness support. The challenge here is to motivate
people to configure and to change preferences, particularly since usually
people rarely customise their preferences but rather use default settings
[14, 10]. Cognitive science refers to this phenomenon as the “status quo
bias”. Privacy Awareness: A Means to Solve the Privacy Paradox? 233

• No invasion to privacy itself

As discussed previously in this paper, privacy means not only minimal

disclosure of data to the public, but also minimal interruptions. Thus, the
tool for privacy awareness support should not interrupt its user all time
and be annoying to him/her.

• Understandable for target group

The choice of words and descriptions need to be understandable for

ordinary people, not only for computer specialists. It is not sufficient to rely
on expert opinions about what may be useful to display and how to inform
people. As pointed out by Adams and Sasse, it is important to identify and
consider the perception, understanding and needs of the target group for
designing usable applications [2]. The majority of people is not an expert
and their level of technical knowledge differs.

• Consider cognitive boundaries

The concept of “bounded rationality”, which is well known in cognitive

science, signifies the limited ability of individuals to acquire, process, and
remember information [20]. That is, even if people would theoretically
have all privacy-relevant information available, they will not be able to use
all the information for making a rational decision, however they apply a
simplified mental model. When designing tools to support privacy
awareness this needs to be considered and opportunities have to be
researched how to present data to people in a way that they are able to
handle it cognitively.

• Tailored to the specifics of situations

Tools to support privacy awareness should influence people’s behaviour in

concrete situations and therefore need to be user-specific and application-
specific. Presentation of information should depend on the current context,
i.e., the task, kind of information, recipients, usage, etc. This means either a
rule set of all possible contexts has to be defined beforehand by the
system’s designers or users need to configure their personal sets of
contexts, which means making an additional effort for them.

• Offer support, no assumption of responsibility

Tools need to be designed in such a way that they offer support to people.
The tools should not convey the impression that they fully protect the
privacy of the users according to their preferences or that there is no
longer any need for people to be aware of privacy and to take care for
themselves.

• Performance

It is essential that tools or features for privacy-awareness support do not

decrease performance of the primary application to a perceptible extent,
since people will not accept long delays. This is documented for usage of
Web sites [9], anonymization services [13], and it is assumed to be true for
privacy-awareness support as a secondary feature as well.

Conclusions and Future Work

In this paper an introduction to privacy awareness is given. Several studies,

mainly from the field of e-commerce, are examined and show the existence
of the privacy paradox, i.e., a discrepancy between the stated attitudes of
people and their actual behaviour regarding handling of personal data.
3. Privacy in India: Attitudes and Awareness V 2.0

This research was partially funded by International Development Research

Centre (IDRC), Canada entitled/Privacy in India." Any opinions, findings,
conclusions or recommendations expressed in this publication are those of
the authors and do not necessarily reflect those of the funding agencies and
others who supported the study.

Acknowledgments

Given that our work on “Privacy in India: Attitudes and Awareness"

received a warm welcome among the community in 2005 and thereafter,
we were always keen to do a larger study to understand the privacy
perceptions of people in India and create a bench-mark for empirical data
for the same.

Chapter 1

Executive Summary

India, world's largest democracy, has witnessed enormous development in

information technology over past few years. It has become a necessity to
share personal information for every service, from getting a mobile phone
connection to registering for online banking. India being a collectivist
society (one of the developing countries part of BRIC 1 nations), has
different expectations of privacy than other developed nations. The concept
of privacy in India has not been investigated in detail, and we also lack
empirical data with respect to privacy perceptions among Indian citizens.
Recent developments in the Indian scenario e.g. privacy bill, UID project
signify a need for privacy awareness and understanding in Indian masses.
It is also important for policy makers to comprehend sentiments and
opinion of masses for structuring effective laws and policies for the citizens
of India. Our study focuses on understanding privacy perceptions and
expectations of Indian citizens. In the first phase, we conducted interviews
among 20 participants and 4 focus group discussions with 31 participants,
to collect qualitative data about the privacy perceptions. In the second
phase, we developed a survey questionnaire to collect quantitative data.
We collected responses (10,427) from various cities in India. We hope the
understanding developed through the responses collected during the study,
helps decision makers and technology developers in producing
customizable solutions and laws for Indian users. Also, it will help us in
identifying conflicting nature of users in their expectations and practices on
privacy matters.

Key takeaways from this research work are stated below; these are drawn
from the interviews, focus group discussions, and surveys that we
conducted to study the privacy perceptions in India. As far as our
knowledge goes, this is the largest ever study on privacy perceptions in
India, we also believe that, this is the case around the world too.

General Privacy:

Participants related to communication privacy and Internet privacy mostly,

when asked about the first reactions for the word “privacy." Participants
showed more concerns about privacy through mobile phones, and Internet
than other forms of privacy issues (physical, territorial, work place, etc.).

Majority of the participants felt passwords to be the most protected

Personally Identifiable Information (PII) and then, financial information
(bank, credit card details). In comparison to this, religion, mobile phone
number, and health related information were rated as less protected PII.

Privacy awareness about issues in public places was low. Participants were
not aware of various privacy issues related to cameras in public places, and
others taking pictures in public places.

Mobile Phones:

Mobile phones are becoming the next destination for storing private
information. Participants stored personal information like passwords,
credit card numbers, Permanent

Account Number (PAN), PINs, etc. Privacy seems to be the primary concern
for not storing personal information on the mobile phones for the rest.
Majority of the participants felt comfortable with the protection provided
by the mobile service providers.

Most participants tend to delete the information on phone (e.g. contacts,

messages, videos, audios, etc.) before discarding the devices.

Privacy invasion through somebody specifically taking picture of the

individual is of more concern than pictures / videos taken through CCTV
and the likes.

Internet and Online Social Media:

About 40% of the participants would never save / share personal

information in / through emails. Privacy seems to be the primary reason
for this behavior.

Survey participants were more aware about privacy policies and tend to
read these policies more than the earlier study in 2004.

Minority of the participants had “no privacy concerns" with online social
networks. Majority of the participants felt pictures to be the most privacy
invasive data on the OSNs.

About 5% of the survey participants tend to accept friend requests from

strangers or people whom they dont know, but just have common friends.
This behavior seems to be same even with the third party applications.

Financial Privacy:

Participants were aware of privacy issues related to financial data; thanks

to various financial frauds and thefts that has created the awareness.

About 15% of the survey respondents felt that the credit cards should
display personal information like name, date of birth, and phone number.

About 80% of the survey respondents were aware of identity theft issue
through credit cards.

Government:
Citizens have misinformed mental models of the privacy situation; e.g.
Participants felt there were privacy laws where as there is no privacy law
in India.

About 17% of the survey participants said that personal information

collected by UID and NATGIRD projects will not be misused.

Trust in the government has reduced from 2004.

Chapter 2

Motivation:

One of our primary motivations was to get India in the world map of
privacy discussion; towards achieving this goal, we have attempted to
create a bench-mark for privacy perceptions in India and we hope this type
of study will be done in a longitudinal basis to understand the changes in
the privacy awareness in the society over the years.

Methodology

To achieve the above mentioned goals, we followed a typical research

methodology approach of conducting the interviews, succeeded by the
focus group discussions and finally, a large survey. We describe below a
quick snapshot of the methodology.

Interviews: To get qualitative insights onto what people think about

privacy and what topics to study in detail, we conducted 20 interviews
among various stakeholders in Delhi and National Capital Region (NCR).
The conclusions from interviews helped us in designing FGDs and later the
surveys.

Focus group discussions: Using the interviews, we developed the FGD

protocol. We conducted 4 FGDs (each of it having about 8 participants)
among various stakeholders of privacy.

Survey: Using our understanding from interviews and FGDs, we developed

a protocol to conduct survey among large participants. In total, we have
about 10,427 completed participants; one of the largest studies conducted
on privacy in India.
Conclusions

The concept of privacy in India has not been investigated in detail, and also
lack of empirical data with respect to privacy perceptions among Indian
citizens. Recent developments in the Indian scenario e.g. privacy bill,
NATGRID, UID project, signify need for privacy awareness and
understanding in Indian masses. It is also important for policy makers to
comprehend sentiment and opinion of masses for structuring effective laws
and policies for citizens of India. Our study focuses on understanding
privacy perceptions and expectations of Indian citizens. In the first phase,
we conducted interviews among 20 participants and 4 focus group
discussions with 31 participants in total, to collect qualitative data about
the privacy perceptions. In the second phase, we developed a survey
questionnaire to collect quantitative data. We collected responses (10,427)
from various cities in India which could help in creating an information
base for masses and policy makers, showcasing the true (perceived)
picture of privacy in India on various platforms e.g. mobile phone, credit
cards, online social networks, and government related issues.

Key takeaways from this research work are stated below:

Citizens have misinformed mental models of the privacy situation; e.g.

some portion of the participants felt that there is a law which protects them
where there is no privacy law in India, but.

Most participants felt passwords to be the most protected Personally

Identifiable Information (PII) and then, financial information (bank, credit
card details). In comparison to this, religion, mobile phone number, and
health related information were rated as less protected PII.

Mobile phones are becoming the next destination for storing private
information. Participants stored personal information like passwords,
credit card numbers, Permanent Account

Number (PAN), PINs, etc. Privacy seems to be the primary concern for not
storing personal information on the mobile phones for the rest.

About 5% of the survey participants tend to accept friends request from

strangers or people whom they dont know, but just have common friends.
This behavior seems to be same even with the third party applications.
About 80% of the survey respondents were aware of identity theft issue
through credit cards.

Interview Questionnaire

1. When you hear the word privacy, what comes to your mind?

2. By the word privacy, if you mean keeping your personal information to

yourself, then what all would constitute ‘personal information’ according to
you.

3. How important is privacy for you and why?

4. Do you think it is your basic right to have privacy?

5. If yes, whom do you think you need to have privacy from? Family /
Friends / Relatives / Colleagues / Formal institutions/ Government / Any
other If Family, Who is family for you?

6. Where do you think privacy is required? List the areas where you think
privacy must be exercised?

7. Are you aware of the following security provisions at websites /Internet?

• Cookies

• Auto Passwords save

• Privacy settings

8. Which social network sites do you use/ have account?