Author:

Abstract:

Privacy management is becoming a fundamental task of everyday use of the Web. People often disclose sheer amounts of data on the Web. In different web services, and in particular social software, people communicate through data disclosure. By selecting what data to disclose and to whom, people build and manage their online identities. The disclosed data can vary in its sensitivity. Handling sensitive data inappropriately or disseminating it in inappropriate contexts can drastically affect users’ identities, privacy and lives. To avoid data misappropriation, a high degree of control over data and context is required. Through contextual privacy, users could have such control. Contextual privacy management can be a complicated process. It requires reasoning about data and context changes. It also requires assessing the sensitivity of a data item and how it might change when context changes. Due to its complexity, most technological approaches offer a simplistic and limited degree of contextual privacy management. A fundamental step towards addressing this complexity without limiting the degree of contextual privacy is investigating the relationship between data, context and privacy. The approach of this thesis is a multidimensional investigation of contextual privacy. Firstly, the investigation is performed from an empirical point of view. Through big data analyses and machine learning, we investigate the effect of context on data sensitivity and users’ behaviour. The analyses show that sensitivity cannot be defined by what is commonly considered as sensitive topics, e.g., sex and health. The modelling of sensitivity management behaviour demonstrates that sensitivity is affected by context as well. The modelling demonstrates also the effect of time and subjectivity on data sensitivity. Moreover, our analysis demonstrates the effect of context on data disclosure patterns. Secondly, the investigation involves a conceptual examination of the role of context in communication. This investigation highlights the role of context in facilitating the interpretation of disclosed data and estimating its sensitivity. We propose controlling data sensitivity and interpretation to manage contextual privacy. We propose facilitating the inference and management of these ingredients and context by machine learning tools. The inference would facilitate the automatic monitoring of changes of data sensitivity and interpretation to identify misappropriation attacks. Through this approach, contextual privacy management can be effective without overloading users. Thirdly, the investigation extends to analyse contextual privacy in the legal framework. This analysis compares how privacy is tackled in the technical and legal frameworks to assess the possible degrees of control, privacy and surveillance. It puts forward criteria to assess these degrees. The analysis shows the interdependence between privacy and surveillance in both frameworks. In summary, the thesis puts forward an extensive exploration and analysis of contextual privacy. It decomposes contextual privacy and shows through big data analysis that it is an interaction between data sensitivity and context. The information provided in this thesis could contribute to developing usable and effective contextual privacy management mechanisms.