A new study by MIT researchers uses a card game to elicit public valuations of data privacy, revealing that people’s views on the issue can shift significantly based on context and use-cases.
In our increasingly networked world, questions about data privacy are ubiquitous and matter for companies, policymakers, and the public. But how should personal data be protected? What are the best uses of it?
Research suggests that people’s views about privacy are not firmly fixed and can shift significantly based on different circumstances and different uses of data.
A new study by MIT researchers provides insight into this complex issue. The study used a card game, called Data Slots, to elicit public valuations of data privacy relating to different topics and domains of life. Players held hands of cards with 12 types of data — such as personal profiles, health data, vehicle location information, and more — that relate to three types of domains where data are collected: home life, work, and public spaces.
After exchanging cards, the players generated ideas for data uses, then assessed and invested in some of those concepts. The game was played in-person in 18 different countries, with people from another 74 countries playing it online; over 2,000 individual player-rounds were included in the study.
The Data Slots game allowed researchers to estimate the relative weight people place on privacy in different situations. The idea behind the game is to let people themselves come up with their own ideas and assess the benefits and privacy concerns of their peers’ ideas, in a participatory way.
Taking a more flexible, user-driven approach to understanding what people think about data privacy can help inform better data policy. Cities — the core focus on the Senseable City Lab — often face such scenarios. By disclosing what they plan to do with data and involving resident stakeholders in decision-making, cities can produce viable policies for local officials to pursue.
The study’s findings indicate that when residents are involved in shaping their own data policies, people’s privacy concerns start to decrease significantly. This approach acknowledges that the value of privacy is highly contingent on specific use-cases and recognizes that using health data in workspaces, for instance, can be beneficial if anonymized and used to improve workplace wellness.
A data policy outlines how an organization collects, stores, and uses personal data.
It ensures compliance with regulations such as GDPR and CCPA.
Key components include data collection notice, consent management, data subject rights, and breach notification procedures.
Effective data policies protect consumer privacy while facilitating business operations.
They also mitigate potential fines and reputational damage associated with non-compliance.
The researchers’ study provides a new perspective on how we think about protecting data. By recognizing that people’s views about privacy are malleable and dependent on context, policymakers can develop more effective strategies for balancing individual rights with the benefits of data-driven solutions.
- mit.edu | How we think about protecting data
