More about HKUST
Privacy and Privacy Enhancing Technologies for Post-GDPR Ubiquitous Computing
PhD Thesis Proposal Defence Title: "Privacy and Privacy Enhancing Technologies for Post-GDPR Ubiquitous Computing" by Mr. Carlos BERMEJO FERNANDEZ Abstract: The General Data Protection Regulation (GDPR) presents a set of directives to give individuals control over their personal data. The GDPR imposes enterprises to take concrete actions to enforce the user's privacy. On the other hand, mobile and ubiquitous computing aim for computer use to be as transparent and seamless as possible. The ubiquity of smart devices, combined with the lack of information about data garnered by them, makes privacy a significant challenge for adopting smart devices. A practical solution for increasing awareness of privacy risks and providing a useful and intuitive way to manage them is fundamental for safeguarding user privacy in emerging IoT and smart device environments. This thesis presents an in-depth study of individuals’ privacy from their conceptual models and behavior in ubiquitous computing environments. We also propose a privacy manager system for smart devices and a real-world solution to protect individuals’ personal information in retail stores. Under the general term of privacy, theories, and individuals' conceptual models, there is an underlying universal dilemma about information disclosure. These shared concepts regarding privacy can shed more light on the impact of privacy on individuals' decision-making processes in ubiquitous and mobile computing heterogeneity. Therefore, we first explore how individuals define privacy in their terms. Our results show that participants are firmly in favor of consent requests for collecting and processing personal information. Information disclosure should be granular, and they are not concerned about third parties' identity. With these underlying individuals' concepts in mind, we further explore users' privacy-related behavior in smart device ecosystems. We analyze how visualization can improve the situation of users' privacy awareness in smart homes. For this study, we develop a novel AR privacy management interface that uses AR visualization to contextualize data disclosure and improves users' awareness of privacy threats. Our results show that the visualization of different disclosure contexts (smart device's collected data, purpose, and location) affects user privacy preferences. Our proposed AR interface provides a robust solution for privacy-awareness and control and improves awareness of risks compared to existing approaches such as list-based and voice assistants. For privacy control, we demonstrate that our AR-based prototype improves the users' capability to identify risks and provides an effective and easy-to-use mechanism for controlling privacy disclosure, in contrast with state-of-the-art privacy management interfaces. Finally, we propose a system that preserves shoppers' privacy in retail analytics. EyeShopper is an innovative system that tracks shoppers' gaze when facing away from the camera (i.e., nonvisible face features) and provides insights about their behavior in physical stores. The lack of facial features (i.e., identifiable information) in EyeShopper can open new approaches in retail analytics while providing privacy-protection techniques following the GDPR. The system is readily deployable in existing surveillance systems and robust against low-resolution video inputs. Date: Thursday, 17 December 2020 Time: 3:00pm - 5:00pm Zoom Meeting: https://hkust.zoom.us/j/9419765702 Committee Members: Dr. Pan Hui (Supervisor) Prof. James Kwok (Chairperson) Prof. Shing-Chi Cheung Dr. Dimitris PAPADOPOULOS **** ALL are Welcome ****