Evaluating Cognitive Privacy Heuristics that Influence Facebook Users Data Disclosure

Authors

DOI:

https://doi.org/10.5753/jisa.2022.2550

Keywords:

Privacy, Cognitive heuristics, Information disclosure, Informed consent, Heuristic evaluation, Online Social Network, Facebook

Abstract

Privacy protection has been a challenging issue in online social networks, such as Facebook, Instagram, and Snapchat. The General Data Protection Regulation (GDPR), which protects the privacy and security of individuals, entered into force on May, 2018. This regulation intends to enhance individuals’ control and rights over their own data, guided by lawfulness, loyalty, transparency, adequacy, purpose limitation, need, or minimization. However, despite regulatory efforts to protect personal data online, users are prone to consent to disclose more personal information than they intend and tend to reveal more than they know. With this in mind, the main goal of this study is to carry out a heuristic evaluation of the online social network Facebook to identify the factors that influence the disclosure of user information and verify informed consent. For this, we carried out a survey of cognitive heuristics that influence individuals’ decisions to protect or renounce their privacy. Then, using these heuristics, we conducted a heuristic evaluation on Facebook to explore a significant presence of cue triggers for a specific cognitive heuristic that helps users make their decisions. We found on Facebook a notable amount of heuristics that increase information disclosure, such as modality and narrative. However, the intrusiveness heuristic was also detected, violating the Privacy by Design (PbD) principle of "Privacy as the Default Setting". Accordingly, understanding the number and diversity of suggestions (heuristics) to which users are susceptible allows the creation of explicit guidelines addressing privacy concerns.

Downloads

Download data is not yet available.

References

Acquisti, A., Brandimarte, L., and Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221):509–514. DOI: 10.1126/science.aaa1465 [link]

Agência Brasil (2018). Facebook chega a 2,6 bilhões de usuários no mundo com suas plataformas. Accessed 13 June 2020. [link]

Albesher, A. S. and Alhussain, T. (2021). Evaluating and comparing the usability of privacy in whatsapp, twitter, and snapchat. International Journal of Advanced Computer Science and Applications, 12(8). DOI: 10.14569/IJACSA.2021.0120829. URL: http://dx.doi.org/10.14569/IJACSA.2021.0120829

Altman, I. (1975). The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding. Brooks/Cole Publishing Company. Book.

Ataei, M., Degbelo, A., and Kray, C. (2018). Privacy theory in practice: designing a user interface for managing location privacy on mobile devices. Journal of Location Based Services, 12(3-4):141–178.DOI: 10.1080/17489725.2018.1511839 [link]

Baden, R., Bender, A., Spring, N., Bhattacharjee, B., and Starin, D. (2009). Persona: An online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, SIGCOMM ’09, page 135–146, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/1592568.1592585. URL: https://doi.org/10.1145/1592568.1592585

Cavoukian, A. (2009). The 7 foundational principles. Accessed 17 June 2019. [link]

Chassang, G. (2017). The impact of the EU general data protection regulation on scientific research. Ecancermedicalscience, 11(709):1–13. DOI: 10.3332/ecancer.2017.709. URL: https://doi.org/10.3332/ecancer.2017.709

Díaz Ferreyra, N. E., Meis, R., and Heisel, M. (2018). At your own risk: Shaping privacy heuristics for online self-disclosure. In 2018 16th Annual Conference on Privacy, Security and Trust (PST), pages 1–10.DOI: 10.1109/PST.2018.8514186. [link]

Engineering at Meta (2017). Rapid release at massive scale. Accessed 17 June 2020. [link]

Estivill-Castro, V. and Nettleton, D. F. (2015). Privacy tips: Would it be ever possible to empower online social-network users to control the confidentiality of their data? In Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, ASONAM ’15, page 1449–1456, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/2808797.2809279 URL: https://doi.org/10.1145/2808797.2809279

Facebook (2020). Sobre os anúncios do facebook. Accessed 24 June 2020. [link]

Gambino, A., Kim, J., Sundar, S. S., Ge, J., and Rosson, M. B. (2016). User disbelief in privacy paradox: Heuristics that determine disclosure. In Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA ’16, page 2837–2843, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/2851581.2892413. URL: https://doi.org/10.1145/2851581.2892413

GDPR (2019). General Data Protection Regulation (GDPR). Accessed 20 October 2019. [link]

Ghaiumy Anaraky, R., Byrne, K. A., Wisniewski, P. J., Page, X., and Knijnenburg, B. (2021). To disclose or not to disclose: Examining the privacy decision-making processes of older vs. younger adults. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, page 1–14, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3411764.3445204. URL: https://doi.org/10.1145/3411764.3445204

Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers Security, 64:122–134. DOI: 10.1016/j.cose.2015.07.002. URL: https://doi.org/10.1016/j.cose.2015.07.002

Lei Nº 13.709 (2018). Lei nº 13.709, de 14 de agosto de 2018. Accessed 20 October 2019. [link]

Lei Nº 14.010 (2020). Lei nº 14.010, de 10 de junho de 2020. Accessed 15 February 2021. [link]

LGPD Brasil (2019). Lei Geral de Proteção de Dados (LGPD) – Lei nº 13.709/18. Accessed 20 October 2019. [link]

Meta (2018). Facebook apresenta novas opções para proteger dados e privacidade em conformidade com a gdpr. Accessed 23 June 2022. [link]

Meta (2021). Founder’s letter, 2021. Accessed 19 December 2021. [link]

Michel Protti, Chief Privacy Officer, Product (2020). Fighting platform abuse, simplifying privacy in groups, and protecting information while sharing data. Accessed 24 June 2020. [link]

Neumann, G. K., Grace, P., Burns, D., and Surridge, M. (2019). Pseudonymization risk analysis in distributed systems. Journal of Internet Services and Applications, 10:1– 16. DOI: 10.1186/s13174-018-0098-z. URL: https://doi.org/10.1186/s13174-018-0098-z

Nielsen, J. (1994). Usability inspection methods. In Conference Companion on Human Factors in Computing Systems, CHI ’94, page 413–414, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/259963.260531. URL: https://doi.org/10.1145/259963.260531

Norberg, P., Horne, D., and Horne, D. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41:100–126. DOI: 10.1111/j.1745-6606.2006.00070.x. URL: https://doi.org/10.1111/j.1745-6606.2006.00070.x

Oberlo (2021). 10 Facebook statistics every marketer should know in 2021. Accessed 12 December 2021. [link]

Oliveira, M., Mattedi, A., and Seabra, R. (2021). Usability evaluation model of an application with emphasis on collaborative security: an approach from social dimensions. Journal of the Brazilian Computer Society, 27:3:1–32. DOI: 10.1186/s13173-021-00108-8 URL: https://doi.org/10.1186/s13173-021-00108-8

Omnicore (2021). 63 facebook statistics you need to know in 2021. Accessed 12 December 2021. [link]

Ortiz-Ospina, E. (2019). Our world in data - the rise of social media. Accessed 24 June 2020. [link]

Rodrigues, A. A., Valentim, N. M. C., and Conte, T. (2017). Privacy evaluation of online social network stories feature: An empirical study with pdm. In Proceedings of the XVI Brazilian Symposium on Human Factors in Computing Systems, IHC 2017, pages 1–10, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3160504.3160528. URL: https://doi.org/10.1145/3160504.3160528

Social Media Perth (2021). Facts & figures // facebook statistics for 2022. Accessed 12 December 2021. [link]

Solove, D. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154(3):477–560. DOI: 10.2307/40041279 URL: https://doi.org/10.2307/40041279

Statista (2021). Facebook - statistics & facts. Accessed 12 December 2021. [link]

Sundar, S. S., Kim, J., Rosson, M. B., and Molina, M. D. (2020). Online privacy heuristics that predict information disclosure. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI ’20, page 1–12, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3313831.3376854 URL: https://doi.org/10.1145/3313831.3376854

Vincent, J. M., Bishop, F., Millard, D. E., and Stevenage, S. V. (2017). The cognitive heuristics behind disclosure decisions. In Social Informatics. SocInfo 2017, volume 10539, pages 591–607, Oxford, United Kingdom. Springer. DOI: 10.1007/978-3-319-67217-5_35. URL: https://doi.org/10.1007/978-3-319-67217-5_35

Westin, A. F. (2003). Social and political dimensions of privacy. Journal of Social Issues, 59(2):431–453. DOI: 10.1111/1540-4560.00072 URL: https://doi.org/10.1111/1540-4560.00072

Wu, H., Zhang, H., Zhen Cui, L., and Wang, X. (2018). A heuristic model for supporting users’ decision-making in privacy disclosure for recommendation. Security and Communication Networks, 2018:1–13. DOI: 10.1155/2018/2790373 URL: https://doi.org/10.1155/2018/2790373

Wu, P. (2018). The privacy paradox in the context of online social networking: A self-identity perspective: Journal of the association for information science and technology. Journal of the Association for Information Science and Technology, 70. DOI: 10.1002/asi.24113. URL: https://doi.org/10.1002/asi.24113

Young, A. and Quan-Haase, A. (2013). Privacy protection strategies on Facebook. Information, 16. DOI: 10.1080/1369118X.2013.777757 URL: https://doi.org/10.1080/1369118X.2013.777757

Downloads

Published

2022-12-16

How to Cite

F. B. de Carvalho, D. F., N. Nobre, C., & T. Marques-Neto, H. (2022). Evaluating Cognitive Privacy Heuristics that Influence Facebook Users Data Disclosure. Journal of Internet Services and Applications, 13(1), 66–81. https://doi.org/10.5753/jisa.2022.2550

Issue

Section

Research article