Equitable Privacy: Understanding Privacy Requirements of Marginalised and Vulnerable Populations

Digital technologies are becoming pervasive in society, from online shopping and social interactions through to finance, banking and transportation. With a future vision of smart cities, driven by a real-time, data-driven, digital economy, privacy is paramount. It is critical to engendering trust in the digital fabric on which society relies and is enshrined as a fundamental human right in the Universal Declation of Human Rights and regulations such as GDPR. Significant efforts have been made to provide users with more agency in understanding, controlling and assuring the way their data and information is processed and shared.

However, this ability to control, understand and assure is not equitably experienced across society. For instance, individuals from lower-income groups often have to share devices to access services that may include sensitive information. In case of victims of intimate partner violence, an innocuous app (such as find my phone) or digital device (such as a smart doorbell) may be used to monitor their activities and there are significant risks of using online reporting tools for fear of traceability. Such vulnerable and marginalised populations have nuanced privacy and information control needs as well as threat models. These needs and requirements are not typically foregrounded to software developers. The challenge is compounded by the fact that developers are neither privacy experts nor typically have the training, tools, support and guidance to design for the diverse privacy needs of marginalised and vulnerable groups.

In this talk, I will discuss insights from an ongoing multi-year programme of research on understanding the privacy requirements of such populations and highlight a research agenda on how to support software developers in systematically addressing them.

Awais Rashid is Professor of Cyber Security at the University of Bristol. His research spans cyber security and software engineering, with a particular focus on cyber-physical systems security, software security and usable security and privacy. He is Director of the UK’s National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN) and Director of the EPSRC Centre for Doctoral Training in Cyber Security.