Improving User Privacy in Mobile and Ubiquitous Health Technologies
Lead Research Organisation:
University of Bath
Department Name: Computer Science
Abstract
Our world is increasingly moving online, and healthcare is no exception. The use of mobile and ubiquitous health
(mHealth and uHealth) technologies - devices that can assist with monitoring and managing the health of an
individual such as smartphones, smart home assistants and wearable sensors - has increased massively in recent
years and millions of people now own devices capable of collecting data and making inferences about their health
and wellbeing. While this is of benefit to the user, for example by making it easier to manage a health condition or to
motivate them to reach fitness goals, this continuous data collection can also negatively impact an individual's
privacy with real-world consequences - such as being denied health insurance based on inferences made from such
data or a fitness tracking app revealing the location of an individual's home to their social network. Another potential
consequence is the loss of behavioural privacy. A smart home assistant designed for individuals to check up on
elderly relatives, for example, may also be revealing information about that relative's daily routines and activities.
Previous research has shown that individuals struggle with privacy decision making and thus may make decisions
that do not align with their privacy preferences. The aim of this project is to reduce this burden by enabling individuals
to make informed choices. Theories such as communication privacy management and privacy calculus seek to
explain the decision making process and will be useful in the development of a model to assist users with providing
consent, making disclosure decisions, and determining how their data should be used. Both communication privacy
management and privacy calculus use the idea of balancing costs and benefits of data disclosure to make a decision.
This is something that is difficult for individuals to do, particularly when the costs and benefits are not made explicit,
hence the need for automated assistance.
The initial focus of this project will be gaining an understanding of users' privacy expectations and preferences for
mHealth and uHealth technologies, followed by studies into how users understand and perceive privacy properties
and risks of such systems. This knowledge will then be used to develop a model for facilitating informed decision
making within these technologies, with further research aimed at evaluating and refining this model. The goal is to
make sure users are fully aware of factors such as what data is being shared, with whom, and what information may
be inferred from this data in order to help them make an informed decision.
This project is funded by the EPSRC via the Centre for Doctoral Training in Cyber Security (Trust, Identity, Privacy
and Security at Scale) and is most aligned with the 'privacy' aspect of the CDT. The CDT's 'at scale' focus is also
reflected in the ubiquitous nature of mHealth and uHealth technologies, and the pervasive large-scale data collection
they facilitate.
(mHealth and uHealth) technologies - devices that can assist with monitoring and managing the health of an
individual such as smartphones, smart home assistants and wearable sensors - has increased massively in recent
years and millions of people now own devices capable of collecting data and making inferences about their health
and wellbeing. While this is of benefit to the user, for example by making it easier to manage a health condition or to
motivate them to reach fitness goals, this continuous data collection can also negatively impact an individual's
privacy with real-world consequences - such as being denied health insurance based on inferences made from such
data or a fitness tracking app revealing the location of an individual's home to their social network. Another potential
consequence is the loss of behavioural privacy. A smart home assistant designed for individuals to check up on
elderly relatives, for example, may also be revealing information about that relative's daily routines and activities.
Previous research has shown that individuals struggle with privacy decision making and thus may make decisions
that do not align with their privacy preferences. The aim of this project is to reduce this burden by enabling individuals
to make informed choices. Theories such as communication privacy management and privacy calculus seek to
explain the decision making process and will be useful in the development of a model to assist users with providing
consent, making disclosure decisions, and determining how their data should be used. Both communication privacy
management and privacy calculus use the idea of balancing costs and benefits of data disclosure to make a decision.
This is something that is difficult for individuals to do, particularly when the costs and benefits are not made explicit,
hence the need for automated assistance.
The initial focus of this project will be gaining an understanding of users' privacy expectations and preferences for
mHealth and uHealth technologies, followed by studies into how users understand and perceive privacy properties
and risks of such systems. This knowledge will then be used to develop a model for facilitating informed decision
making within these technologies, with further research aimed at evaluating and refining this model. The goal is to
make sure users are fully aware of factors such as what data is being shared, with whom, and what information may
be inferred from this data in order to help them make an informed decision.
This project is funded by the EPSRC via the Centre for Doctoral Training in Cyber Security (Trust, Identity, Privacy
and Security at Scale) and is most aligned with the 'privacy' aspect of the CDT. The CDT's 'at scale' focus is also
reflected in the ubiquitous nature of mHealth and uHealth technologies, and the pervasive large-scale data collection
they facilitate.
Planned Impact
Who will benefit?
The inter-disciplinary doctoral graduates trained within the CDT will play a key role in addressing the acute shortage of highly skilled workers in this area, hence meeting industry and government needs. The research they will conduct in the CDT and their future work will strongly impact industry, government, academia and society. Industrial applications cover those involving large-scale, socio-technical infrastructures where resilience-at-scale is a fundamental need, such as, intelligent transportation, finance, digital healthcare, energy generation & distribution and advanced manufacturing. The globally unique capacity focusing on TIPS-at-Scale will position the UK as a world-leader, offering major economic benefits by ensuring that the UK is a safe place in which to do business, and social benefits in terms of security and privacy of the individual.
More specifically, the CDT's research and training programme will provide graduates with capabilities to address socio-technical challenges of TIPS-at-Scale, including understanding of user and adversarial behaviours. This is of major importance to digital infrastructure providers, government agencies and law enforcement agencies. This is in addition to the wider business and health sectors where the protection of data and the physical processes controlled by large-scale infrastructure is vital. Research on resilience in partially-trusted environments will lead to new architectures and new technologies to significantly enhance integrity and resilience, including new authentication methods and trust models. Research on empirically-grounded assurances for TIPS will break new ground by providing new interdisciplinary techniques and design principles to underpin infrastructures of the future. Last, but by no means least, by embedding Responsible Innovation into the programme throughout, the CDT ensures that TIPS-at-Scale approaches take a values-based view that considers TIPS across the full lifecycle of digital infrastructures: from conception to design, implementation and deployment through to maintenance, evolution and decommissioning. Such a Responsible Innovation approach will benefit society-at-large.
How will they benefit?
There is a critical need within the UK for a new breed of researchers and future leaders, equipped with a breadth of interdisciplinary skills to tackle TIPS issues at play in future infrastructures and a depth of knowledge, drawing upon interdisciplinary skills, to develop novel and innovative solutions to address TIPS-at-Scale. The CDT will produce a pipeline of such researchers and leaders trained to PhD level. It will build on very strong existing links with organisations such as Vodafone, Google, HP, Airbus , Thales, Symantec, IBM, Babcock, NCC Group, Altran, Wessex Water, Cybernetica and Embecosm, all of which have contributed to co-creation of the CDT and are committed to close engagement with it. Both universities will use their business development teams to further engage with these and other relevant organisations. Major opportunities for generating economic and societal benefits exist with the planned Temple Quarter Enterprise Campus of University of Bristol (due to open in 2021) - with a focus on co-creation of a suite of PG training programmes with industry - and the Bath Innovation Centre. The CDT will also leverage the various impact channels of the three EPSRC-NCSC Research Institutes, the PETRAS Hub and the CREST Centre in which the two Universities play a major role. Both universities already have research and PhD studentships directly funded by industry and agencies such as DSTL, NCSC and GCHQ as well as iCASE awards hence close relationships already exist to maximise impact. The CDT will also organise public debates and social media campaigns to encourage public participation and shaping of TIPS-at-scale discussions and solutions.
The inter-disciplinary doctoral graduates trained within the CDT will play a key role in addressing the acute shortage of highly skilled workers in this area, hence meeting industry and government needs. The research they will conduct in the CDT and their future work will strongly impact industry, government, academia and society. Industrial applications cover those involving large-scale, socio-technical infrastructures where resilience-at-scale is a fundamental need, such as, intelligent transportation, finance, digital healthcare, energy generation & distribution and advanced manufacturing. The globally unique capacity focusing on TIPS-at-Scale will position the UK as a world-leader, offering major economic benefits by ensuring that the UK is a safe place in which to do business, and social benefits in terms of security and privacy of the individual.
More specifically, the CDT's research and training programme will provide graduates with capabilities to address socio-technical challenges of TIPS-at-Scale, including understanding of user and adversarial behaviours. This is of major importance to digital infrastructure providers, government agencies and law enforcement agencies. This is in addition to the wider business and health sectors where the protection of data and the physical processes controlled by large-scale infrastructure is vital. Research on resilience in partially-trusted environments will lead to new architectures and new technologies to significantly enhance integrity and resilience, including new authentication methods and trust models. Research on empirically-grounded assurances for TIPS will break new ground by providing new interdisciplinary techniques and design principles to underpin infrastructures of the future. Last, but by no means least, by embedding Responsible Innovation into the programme throughout, the CDT ensures that TIPS-at-Scale approaches take a values-based view that considers TIPS across the full lifecycle of digital infrastructures: from conception to design, implementation and deployment through to maintenance, evolution and decommissioning. Such a Responsible Innovation approach will benefit society-at-large.
How will they benefit?
There is a critical need within the UK for a new breed of researchers and future leaders, equipped with a breadth of interdisciplinary skills to tackle TIPS issues at play in future infrastructures and a depth of knowledge, drawing upon interdisciplinary skills, to develop novel and innovative solutions to address TIPS-at-Scale. The CDT will produce a pipeline of such researchers and leaders trained to PhD level. It will build on very strong existing links with organisations such as Vodafone, Google, HP, Airbus , Thales, Symantec, IBM, Babcock, NCC Group, Altran, Wessex Water, Cybernetica and Embecosm, all of which have contributed to co-creation of the CDT and are committed to close engagement with it. Both universities will use their business development teams to further engage with these and other relevant organisations. Major opportunities for generating economic and societal benefits exist with the planned Temple Quarter Enterprise Campus of University of Bristol (due to open in 2021) - with a focus on co-creation of a suite of PG training programmes with industry - and the Bath Innovation Centre. The CDT will also leverage the various impact channels of the three EPSRC-NCSC Research Institutes, the PETRAS Hub and the CREST Centre in which the two Universities play a major role. Both universities already have research and PhD studentships directly funded by industry and agencies such as DSTL, NCSC and GCHQ as well as iCASE awards hence close relationships already exist to maximise impact. The CDT will also organise public debates and social media campaigns to encourage public participation and shaping of TIPS-at-scale discussions and solutions.
Organisations
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/S022465/1 | 01/04/2019 | 30/09/2027 | |||
| 2271797 | Studentship | EP/S022465/1 | 01/10/2019 | 21/09/2023 | Hannah HUTTON |