a pattern. Time—in particular the
future—is an unmet, open challenge.
For example, in our current negotiation
models, we test only those conditions
where the data stays within a particular
time frame. But what happens to
collected data when the company is
sold or closes and sells off its assets?
The EU GDPR tries to take these
kinds of future-proofing scenarios into
account, but how do we represent these
decisions in terms of interactions, from
apparency to semantic and pragmatic
transparency, to help consumers,
businesses, and policymakers make
choices? With rich apparency to s/p
transparency interactions in which time
is one of the variables to make apparent,
consent for data use can be far more
Apparency of these conditions can
also enable developers and businesses
to have new markets and can create
new and valuable differentiators. For
instance, hardware developers may
create open trackers that output open
data to a health or storage device or
service of their choice, where people
themselves offer up their data for open
studies, in which, like open software,
access to the data used by any third
party must remain open.
If we do not have apparency-to-transparency models of how our data
is actually being used now and in
potential futures, we cannot consent in a
meaningful way to its use.
To consider whether or not we
consent—assuming we can have a
clearer sense of consent terms—we need
a prime time in which to consider the
terms of our consent policy, as we would
our bank statements or insurance.
To have consent, we need greater
apparency of how data is being used as a
result of our consent. For the scale and
speed of the Io T, this apparency/consent
decision will need to be automated
on our behalf; there is rich potential
to create nuanced human-centered
services with our colleagues in AI that
can leverage the negotiation of consent/
Having strong, clear apparency
to real semantic and pragmatic
transparency as a backbone to
meaningful consent will also help clarify
risks within the data flows of large-scale,
Overall, by improving apparency to
s/p transparency, we make meaningful
consent possible. When meaningful
consent becomes part of a system,
entirely new kinds of services may be
imagined that create value based on
visible, shareable data. We can also
make services more resilient. To get
there, we need the design acumen of
HCI researchers and UX practitioners
to help design, deliver, and evaluate
apparency interactions at Io T scale.
The work informing this paper is
supported by the Engineering and
Physical Science Research Council
UK projects Meaningful Consent in
the Digital Economy (EP/K039989/1)
and Cyber Security and the Internet
of Things (EP/N02298X/1). We are
grateful to Simone Barbosa, who in
discussions of apparency helped tease
out and name the two ways we use
transparency as semantic/pragmatic.
1. McDonald, A. M. and Cranor, L.F. The cost of
reading privacy policies. I/S: A Journal of Law
and Policy for the Information Society. 2008.
2. Moran, S., Luger, E., and Rodden, T.
Literatin: Beyond awareness of readability
in terms and conditions. Proc. of
UBICOMP 2014 Adjunct, 641–646.
3. Trafton, J.G. and Monk, C.A. Task
interruptions. Reviews of Human Factors
and Ergonomics 3, 1 (2007), 111–126.
4. Shih, F., Liccardi, I., and Weitzner,
D.J. Privacy tipping points in
smartphones privacy preferences. Proc
of CHI 2015; http://dl.acm.org/citation.
5. Gomer, R., Mendes Rodrigues, E., Milic-Frayling, N., and schraefel, m.c. Network
analysis of third party tracking: User
exposure to tracking cookies through
search. Proc. of WI-IAT 2013, 549–556.
6. Blasé, U., Leon, P.G., Cranor, L.F., Shay,
R., and Wang, Y. Smart, useful, scary,
creepy: Perceptions of online behavioral
advertising. Proc. of the Eighth Symposium
on Usable Privacy and Security. ACM, Ne w
York, 2012, Article 4. DOI: http://dx.doi.
7. Melicher, W., Sharif, M., Tan, J., Bauer,
L., Christodorescu, M., and Leon,
P.G. (Do not) track me sometimes:
Users’ contextual preferences for web
tracking. Proc. on Privacy Enhancing
Technologies 2016, 2, 135–154; https://doi.
8. Chalmers, M. and Galani, A. Seamful
interweaving: Heterogeneity in the design
and theory of interactive systems. Proc. of
DIS 2004, 347–356.
9. Hanmak, A., Soeller, G., et al. Measuring
price discrimination and steering on
e-commerce web sites. Proc. of IMC 2014;
10. Baarslag, T., Alan, A. T., Gomer, R.,
Alam, M., Perera, C., Gerding, E. H., and
schraefel, m.c. An automated negotiation
agent for permission management. Proc.
of Autonomous Agents and Multi Agent
Systems. 2017, 380–390.
11. McIntyre, J.J. Balancing expectations of
online privacy: Why Internet Protocol
(IP) addresses should be protected as
personally identifiable information.
DePaul Law Review. 2011.
12. Woolf, N. DDoS attack that disrupted
internet was largest of its kind in
history, experts say. Guardian. Oct. 26,
m.c. schraefel ( http://www.ecs.soton.
ac.uk/~mc) is a professor of computer science
and human performance at the University
of Southampton, U.K, where she leads the
WellthLab in Human-Systems Interaction. Her
work focuses on human-systems design to
enhance quality of life for all.
Richard Gomer is a researcher in the
Agents, Interaction and Complexity group
at the University of Southampton. His main
research interests lie in designing systems
that support meaningful human control and
agency, and reframing design praxis to treat
thoughtfulness and even outright rejection as
worthwhile design goals.
Alper T. Alan is an HCI and AI researcher
with an interest in human interaction with
intelligent agents. He is a postdoctoral fellow
in the Agents, Interaction and Complexity
group at the University of Southampton.
Enrico H. Gerding is an associate professor
in electronics and computer science at the
University of Southampton. His research
field is artificial intelligence and multi-agent
systems with a particular focus on automated
negotiation, auctions and game theory, and
applications including privacy, the smart grid,
and transportation systems.
Carsten Maple is professor of cyber
systems engineering and director of cyber-security research at WMG, University of
War wick. He leads the GCHQ-EPSRC Academic
Centre of Excellence in Cyber Security
Research and has particular interest in
multidisciplinary approaches to privacy and
trust in cyber-physical systems.
DOI: 10.1145/3149025 COPYRIGHT HELD BY AUTHORS
INTERACTIONS.ACM.ORG NOVEMBER–DECEMBER 2017 INTERACTIONS 33