(1) To ascertain how the British public (adults) feel about personal data storage apps and services, and how in control over their personal data they feel, we conducted a UK-wide demographically representative national survey (implemented by survey company, ICM Unlimited, across 15-18 January 2021, 2,065 respondents, online omnibus). (2) To qualitatively assess UK adults' views on control over personal data, and perceptions of personal data storage apps and services, six two-hour focus groups (35 participants) were conducted in February 2021, split according to age (18-34 year olds in Groups A, D and E, and 65+ in Groups B, C and F). (3) To ascertain how the British public (adults) feel about being paid for supplying their biometric and emotion personal data in a controlled fashion via personal data storage apps and services, we conducted a UK-wide demographically representative national survey (implemented by survey company, Walnut Unlimited, across 29 Sep – 1 Oct 2021, 2,070 respondents, online omnibus).Research from academia, industry and regulators finds that most citizens care about their privacy and want greater control over their personal data. However, even the digital cognoscenti struggle to understand how personal data is collected, used and recirculated. Data literacy approaches therefore do not solve the issue of privacy exploitation. The utility of legal approaches is also questionable as European General Data Protection Directive consent processes are problematic. In addition to rights frameworks and regulation, new solutions are needed. As part of a privacy toolkit, privacy-by-design may help to achieve greater data privacy by embedding privacy considerations into systems that process personal data. Funded by Innovate UK Smart Grants (TS/T019964/1, File reference: 106283) in collaboration with project partner, Cufflink, this project’s central research question is: What empirically generated ethical factors do citizen-level personal data storage services such as Cufflink need to build in their app to empower users to manage their own personal information? Citizen-level personal data storage services seek to empower users to manage and control their own personal information when linking this to other individuals and organisations. Our project partner, Cufflink is developing a personal data storage app that, uniquely does not require users to prove their identity, and that has a clear, iconography-driven explanation of terms and conditions. However, we do not yet understand the ethical principles by which these apps work, whether their revenue models raise other ethical and privacy externalities, and whether their design adequately reflects citizen concerns with control over their data. If they are a privacy solution that helps structure interaction between citizens and businesses, what features are needed to ensure that everyday citizens, and not just the digital cognoscenti, use it? To answer these questions, we have collaborated with Cufflink to understand the perceptual, behavioural and ethical contexts in which their product will be used. We have studied the affordances of early iterations of Cufflink’s app and key established competitor apps, and we undertook scoping interviews with relevant governance actors to discuss issues raised by citizen-level personal data storage apps. We conducted 2 demographically representative national surveys: survey 1 establishes UK-level attitudes towards the level of control that people feel they have over personal data, and towards personal data stores; survey 2 establishes UK-level attitudes towards being paid for supplying their biometric and emotion personal data in a controlled fashion via personal data storage apps. We conducted online focus groups of lay users’ comprehension of personal data and privacy provided by personal data stores. We fed our analysis into Cufflink’s product design, thereby improving the product, and we developed an Ethical Impact Assessment toolkit to evaluate all apps that are based on citizen-level personal data storage principles.
1) Our UK-wide demographically representative national survey was implemented by survey company, ICM Unlimited, across 15-18 January 2021, (2,065 respondents, online omnibus). ICM Omnibus is a quantitative syndicated survey conducted twice a week. The survey is conducted online, interviewing a nationally representative sample of c.2,000 UK adults (aged 18+). Interviews are completed by members of ICM's newvista panel who have agreed to take part in their surveys. Participants are invited by email which are sent to panellists selected at random from their panel. Emails are sent to panellists selected at random from their panel. The responding sample is weighted to the profile of the sample definition to provide a representative reporting sample. The nationally representative profile is based on census data collected by Office for National Statistics. Our eight closed-ended survey questions were co-designed with ICM Unlimited and our project partner Cufflink to ensure neutrality of language, comprehensibility and to avoid survey fatigue. They query how in control people feel about their online personal data; whether people currently use a range of privacy enhancing services; what types of personal data, if any, people would be happy to store and share with a Personal Information Management System (PIMS, also commonly called 'personal data stores'); whether people would feel comfortable using a PIMS to share real-time personal data with specific shops as they move around town in return for rewards (discounts or personalised services); and whether, via a PIMS, it is acceptable for a person to be paid by companies for their personal data to enable the companies to further personalise services and marketing. To maximise comprehensibility, we ensured that our survey questions used real world examples. 2) Our UK-based online focus groups qualitatively assess participants' views on control over personal data, and perceptions of personal data stores. Due to COVID-19-restrictions, we recruited focus group participants via a specialist research recruitment panel, Panelbase, and conducted meetings online (via the Zoom platform). This enabled participants from across the UK, rather than being limited to researchers’ locations. Because of the online recruitment format, participants (especially older participants) were likely to have a greater degree of familiarity with the online environment compared to the wider population. Six two-hour focus groups (35 participants) were conducted in February 2021, split according to age (18-34 year olds in Groups A, D and E, and 65+ in Groups B, C and F). We ensured a balance of gender and socio-economic status within each of the age-based focus groups. We investigated 5 areas. (a) What participants understood personal data to constitute. (b) How in control participants’ felt over their personal data online and whether they engage in privacy-enhancing activities. (c) Participants’ views on using a personal data store/PIMS to share and store their personal data. (d) Participants’ views on using a a personal data store/PIMS in three different scenarios: (i) retail; (ii) sports stadiums; and (iii) data passports. (e) Monetisation of personal data via a personal data store/PIMS. 3) To ascertain how the British public feel about being paid for supplying their biometric and emotion personal data in a controlled fashion via personal data storage apps and services (PIMS), we conducted a UK-wide demographically representative national survey (implemented by survey company, Walnut Unlimited, across 29 Sep – 1 Oct 2021, 2,070 respondents, online omnibus). We inquired into three areas. Firstly, how comfortable respondents are with the idea of selling personal data about their emotions, moods, and mental wellbeing in most circumstances (q.1). We also asked if they would be prepared to sell to any or all organisations a wide range of named personal data types from which emotion can be inferred (q.5). Secondly, prompted from our prior focus group work that uncovered willingness to sell to some organisations but not others, we devised a set of questions that focus on selling emotion data to different types of organisations. We asked if people would be willing to sell such data (derived from social media content and data from wearables) in anonymised forms or identifiable forms (these being better remunerated) to the National Health Service for mental wellbeing research (q.2) and to the advertising industry (q.3). We also assessed the circumstances by which respondents would be happy to sell identifying and non-identifying personal data about their emotions, moods, and mental state, and to whom, by offering a wide range of organisations (profit and non-profit) (q.4). Thirdly, we paired up three benefits and concerns in selling data about emotions, moods, and mental state, and asked participants via a five-point Likert scale whether they agreed more with the benefit or concern (the middle point of the scale enabled participants to express no preference towards either the benefit or concern) (q.6).