Privacy and Privacy Enhancing Technologies for Post-GDPR Ubiquitous Computing

PhD Thesis Proposal Defence


Title: "Privacy and Privacy Enhancing Technologies for Post-GDPR 
Ubiquitous Computing"

by

Mr. Carlos BERMEJO FERNANDEZ


Abstract:

The General Data Protection Regulation (GDPR) presents a set of directives 
to give individuals control over their personal data. The GDPR imposes 
enterprises to take concrete actions to enforce the user's privacy. On the 
other hand, mobile and ubiquitous computing aim for computer use to be as 
transparent and seamless as possible. The ubiquity of smart devices, 
combined with the lack of information about data garnered by them, makes 
privacy a significant challenge for adopting smart devices. A practical 
solution for increasing awareness of privacy risks and providing a useful 
and intuitive way to manage them is fundamental for safeguarding user 
privacy in emerging IoT and smart device environments. This thesis 
presents an in-depth study of individuals’ privacy from their conceptual 
models and behavior in ubiquitous computing environments. We also propose 
a privacy manager system for smart devices and a real-world solution to 
protect individuals’ personal information in retail stores.

Under the general term of privacy, theories, and individuals' conceptual 
models, there is an underlying universal dilemma about information 
disclosure. These shared concepts regarding privacy can shed more light on 
the impact of privacy on individuals' decision-making processes in 
ubiquitous and mobile computing heterogeneity. Therefore, we first explore 
how individuals define privacy in their terms. Our results show that 
participants are firmly in favor of consent requests for collecting and 
processing personal information. Information disclosure should be 
granular, and they are not concerned about third parties' identity. With 
these underlying individuals' concepts in mind, we further explore users' 
privacy-related behavior in smart device ecosystems. We analyze how 
visualization can improve the situation of users' privacy awareness in 
smart homes. For this study, we develop a novel AR privacy management 
interface that uses AR visualization to contextualize data disclosure and 
improves users' awareness of privacy threats. Our results show that the 
visualization of different disclosure contexts (smart device's collected 
data, purpose, and location) affects user privacy preferences. Our 
proposed AR interface provides a robust solution for privacy-awareness and 
control and improves awareness of risks compared to existing approaches 
such as list-based and voice assistants. For privacy control, we 
demonstrate that our AR-based prototype improves the users' capability to 
identify risks and provides an effective and easy-to-use mechanism for 
controlling privacy disclosure, in contrast with state-of-the-art privacy 
management interfaces. Finally, we propose a system that preserves 
shoppers' privacy in retail analytics. EyeShopper is an innovative system 
that tracks shoppers' gaze when facing away from the camera (i.e., 
nonvisible face features) and provides insights about their behavior in 
physical stores. The lack of facial features (i.e., identifiable 
information) in EyeShopper can open new approaches in retail analytics 
while providing privacy-protection techniques following the GDPR. The 
system is readily deployable in existing surveillance systems and robust 
against low-resolution video inputs.


Date:			Thursday, 17 December 2020

Time:                  	3:00pm - 5:00pm

Zoom Meeting: 		https://hkust.zoom.us/j/9419765702

Committee Members:	Dr. Pan Hui (Supervisor)
  			Prof. James Kwok (Chairperson)
 			Prof. Shing-Chi Cheung
 			Dr. Dimitris PAPADOPOULOS


**** ALL are Welcome ****