Cumulative Revelations of Personal Data *
Lead Research Organisation:
Northumbria University
Department Name: Fac of Arts, Design and Social Sciences
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
Organisations
Publications
Armstrong A
(2023)
Everyday digital traces
in Big Data & Society
Azzopardi L
(2025)
Assessing Risks in Online Information Sharing
Azzopardi L
(2022)
Making sense of Trifles: Data Narratives and Cumulative Data Disclosure
in Jusletter-IT
Azzopardi, L.
(2021)
Cumulative revelations in personal data
Collard H
(2020)
Creative Toolkits for TIPS
Nash C
(2022)
Recht Digital
| Description | We designed two online methods, determined by the necessary move to enabling online participation of respondents during Lockdown, as opposed to the planned for face-to-face participatory design workshops. These methods directly built on the outcomes from the data narrative study, with the first one trialled with some of the same participants. Findings included: That our multi-method approach prompted changes in participants' thought or action concerning their personal online safety and approaches to mitigating risk. Knowledge was exchanged during the research interaction as well as across our wider multi-method approach (including the earlier data narrative study), improving participants' data literacy. The 'ongoingness' of digital traces requires careful management to cope with what Pink et al. (2018) call the 'processual element of the everyday'. Participants' coping strategies include retrospective curation of their information, using pseudonyms, entering fake information, encrypting data, changing privacy settings and using sparingly a particular technology e.g. location tracking. The online Mural format enabled participants to articulate approaches to mitigating online risk and demonstrate their awareness of the care required to control and maintain separation between one's digital traces, e.g. between the public, private, personal and professional self, something that had been challenging for them in the earlier interviews. Mostly, participants discussed these separations and collision of traces from their own perspective and experiences, showing how the online tool and the case of 'Alex Smith' in combination with the discussions with the researcher encouraged some to narrate and self-disclose quite personal information. It was apparent that participants thought digital traces only provide a fragment and/or an incomplete picture of a personality and their values, and that this partial representation could invite inaccurate or harmful inferences. Most were cognisant that the persistent function of someone's online information means that it is always contingent on its context of reception and 'not a reflection of who they are now'. Grounded in these findings we went on the design a more extensive assemblage of 'Taylor Addison's' online information in collaboration with the Strathclyde team. This browser-based cyber safety tool has the dual aim of collecting research data while promoting respondents' awareness of the potential for diachronical (across traces) and synchronical (across time) functions of cumulative risk within digital traces, for deployment amongst a much wider population. |
| Exploitation Route | The Home Office expressed interest in the applicability fo the latest tool for SMEs and young people/women and girls. |
| Sectors | Education Financial Services and Management Consultancy Government Democracy and Justice Security and Diplomacy |
| Description | Impact from tool development: Emerging impact from this award lies in the development of new prototype tools to train staff in how to manage their online profiles to avoid others 'joining the dots' and gaining unintended insights into their lives. This is particularly relevant where an employer has security considerations to attend to. The tools are expected to deliver economic impact by protecting organisations from information leakage, and societal impact by enabling citizens to protect their privacy online more effectively. We presented the tool to a variety of potential users, including government and private sector, and engaged in particular with organisations in the decentralised digital economy which are particularly sensitive to cumulative data effects to review their data practices and develop new policies that are safer for their users. The Big Data & Society article Everyday Digital Traces (2023) shares sufficient information on the "Alex Smith" method that we developed to enable contextually relevant customisation Impacts on policy and practice: (1) the research has informed the TAS response to the UK Government consultation on the White paper on AI regulation, and is now also being used to develop a toolbox with AI4People (https://eismd.eu/ai4people/) to help companies carry out the mandated impact assessments under the EU AI Act. (2) The way in which the GDPR conceptualizes consent does not match how people think about it when they organize their daily online activity. The optimism expressed by the EU about the increased understanding of privacy, gained through quantitative surveys, does not match the qualitative interviews we conducted, and which point to a much more sceptical, if not resigned, attitude - one that is also at odds with the depiction of privacy in many of the more GDPR critical news sources that too depict us as (over) confident users of our rights. While this could be mainly a problem of communication, a deeper analysis shows that the GDPR's "risk-based" approach uses an understanding of risk that at odds with the way we make risk-based decisions more generally, and overburdens the individual. Our research also shows possible conflicts with other legal regimes, which will be particularly an issue in the post-Brexit data regime. Equality Legislation, in particular, imposes on employers surveillance duties that can be in conflict with Data Protection requirements if interpreted too broadly. We fed these insights back to policy decision makers and regulators, in particular the ICO. |
| First Year Of Impact | 2023 |
| Sector | Communities and Social Services/Policy,Education,Government, Democracy and Justice |
| Impact Types | Societal |
| Description | Cumulative Revelations University PhD Scholarship (UKRI level stipend and fees) |
| Amount | £60,000 (GBP) |
| Organisation | Northumbria University |
| Sector | Academic/University |
| Country | United Kingdom |
| Start | 01/2021 |
| End | 12/2023 |
| Title | Alex Smith method |
| Description | The Big Data & Society article Everyday Digital Traces (2023) https://journals.sagepub.com/doi/full/10.1177/20539517231213827 presents the replicable and contextually customsiable "Alex Smith" method that we developed. We used a co-designed, fictional persona called Alex Smith to concretise and represent people's online information to help participants (through role-playing) to reflect on data and digital traces. Drawing together four fields of scholarly research concerning personal data: digital traces and the digital self, datafication and dataveillance, mundane, everyday data and the data journey - we advanced understandings of personal data by exploring ordinary people's seemingly innocuous digital traces generated through everyday online interactions. The method developed enabled investigations into ordinary people's engagement with their data, and can be adapted for and used with different participant groups, which also supports their awareness of cumulative functions of personal data and potential use by un/known actors. |
| Type Of Material | Improvements to research infrastructure |
| Year Produced | 2023 |
| Provided To Others? | Yes |
| Impact | Too early to quantify |
| URL | https://journals.sagepub.com/doi/full/10.1177/20539517231213827 |
| Title | Cumulative Revelations in Personal Data Study 1 |
| Description | Data collected in respect of EPSRC Cumulative Revelations in Personal Data EP/R033889/1 This project was a major EPSRC funded study that sought to better understand the revelations that arise when pieces from an individual's personal information available online are connected over time and across multiple platforms. Such more complete digital traces can give unintended insights into their life and opinions. Extensive fieldwork included an interview study (Study 1) with UK employees regarding their experiences of cumulative revelation of their data. We examined the risks and harms to individuals and employers when others joined the dots between their online information. Interviews employed a "digital narrative" technique where participants were asked to make drawings of their information and communication networks, the types of information shared and details of to whom it was available or visible. Study 1 was conducted online in the period May 2020-August 2020 when much of the UK was in lockdown due to the Covid-19 pandemic. Interviews included questions addressing changes to information sharing behaviour occurring during lockdown conditions. The dataset contains: • Transcripts of 26 interviews with the Uk public • Photographic images of drawings created by participants during the interviews • Data from a technology survey completed by participants at the start of each interview regarding their use of devices, information channels and data storage |
| Type Of Material | Database/Collection of data |
| Year Produced | 2023 |
| Provided To Others? | Yes |
| Impact | None yet |
| Description | 'Alex Smith' tool used in youth work for raising awareness of online safety |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Schools |
| Results and Impact | The online 'Alex Smith' tool was used by a youth charity in North Shields to promotes awareness-raising of the cumulative, temporal aspects of online safety. Briggs provided the digital content and sufficient training to enable the experienced youth worker to run sessions, the first of which took place with year 10 pupils (aged around 14) in March 2022. The youth charity conducts a multiplicity of outreach/schools-based activities relating to post-digital aspects of personal safety (how on-line risks and threats can escalate into offline physical, psychological and reputational harms) and support young people in envisioning potential future consequences of of their online behaviours, to promote their agency around responsible personal information sharing and online identity management. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Cybersecurity in FinTech: Joining the Dots - Personal Data Security of FinTech employees |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | Presentation on the Northumbria design work package by Briggs and 30min demo of the "Alex Smith tool" with Briggs and Nash each facilitating a breakout room. Other project investigators also presented. Around 20 participants in all from academia and external organisations. The event was aimed at those working in FinTech and aligned activities. The event presented mid-term findings from the EPSRC-funded Cumulative Revelations in Personal Data project, which examines: - Ways in which people unintentionally reveal more information to others than they intend to across multiple online channels and over time. - How this can create reputational and security risks to people and their employers. This event involve a demo of our research method comprising a digital tool designed by the Northumbria team led by Briggs. It invites people to reflect on risks created when sharing personal information, and assists them in anticipating and managing these risks. CN and JB ran one of the \breakout rooms' from a larger event and invited discussions on the research's mid-term findings, and exploration around potential future directions for research within the FinTech community. The event took place online on 25 May 2021 organised by the University of Strathclyde. Any requests for further information will have been directed to the PI of the project rather than our small team. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.engage.strath.ac.uk/event/791 |
| Description | Demonstrator Booth |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Approx. 50 information retrieval and behaviour professionals visited our demonstration booth at ACM SIGIR Conference 2022 to view and interact with our persona based scenarios tool for raising awareness about the threats and harms of cumulative revelations in online data. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Home Office STAR presentation |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | This was an invited talk at Home Office STAR Week 2022. The host was the Behavioural and Social Science Programme Lead, Science & Technology Team, Homeland Security Group. Talk title was "Leaks and Secrets: Creative Approaches to Cybersecurity Training". 50-60 Home Office staff attended in person/ by Teams link. We showcased three creative approaches to delivering training on cybersecurity issues, informed by four years of cybersecurity research. The focus was on information revealed online, and secrets kept - with relevance for onboarding staff and for increasing citizens' digital privacy literacy. There were follow-on discussions with Behavioural and Social Science Programme Lead and the Deputy Head of Science for the Home Office. |
| Year(s) Of Engagement Activity | 2022 |