A Survey-Based Exploration of Users’ Awareness and Their Willingness to Protect Their Data with Smart Objects

. In the last years, the Internet of Things (IoT) and smart objects have become more and more popular in our everyday lives. While IoT contributes in making our everyday life more comfortable and easier, it also increases the threats to our privacy, as embedded sensors collect data about us and our environment. To foster the acceptance of IoT, privacy-preserving solutions are therefore necessary. While such solutions have already been proposed, most of them do not involve the users in their design. In this paper, we therefore adopt a user-centric approach and lay the ground for the future design of user-centric privacy-preserving solutions dedicated to smart home environments. To this end, we have designed and distributed a questionnaire fulﬁlled by 229 anonymous participants. Our objectives are two-fold: We aim at investigating (1) requirements for end user-involved privacy-preserving solutions and (2) users’ readiness to be involved in their own privacy protection. Our results show that the majority of our participants are aware of the data collection happening as well as the associated privacy risks and would be ready to control and audit the collected data.


Introduction
In the last decade, the interest in IoT has tremendously increased, resulting in different products now available for and usable by the general public [7].IoT is based on a network, where the physical objects of our environment, such as homes and workplaces, gain the ability to provide services and simultaneously play an active role in our environment via embedded systems [7].The IoT is composed of different smart objects, which adapts to both, users' behavior and the environment.For example, smart objects include smart lamps, smart fridges, smart door locks, and smart parking systems [7].This rapid technological development is foreseen to continue in the coming years, reaching billions of smart objects.These objects further contribute in improving our lives in different areas, including our homes and workplaces [7].Note that smart objects do not only present advantages in households, such as helping in managing our energy consumption, but also in companies, which can benefit from automated contextaware processes [7,12,16].To provide these services, smart objects with embedded sensors continuously collect a vast amount of data about their environments and potential users, thus potentially endangering the privacy of their owners as well as of potential bystanders [36,38].Privacy issues especially arise when sensitive personal data are collected and disclosed to third parties without the users' consent by smart object providers [18,27,38].Cyber attacks caused by security vulnerabilities [28,38], which among others are enabled by the use of low-power hardware in smart objects, can also result in information leaks and endanger users' privacy [28,38].Recently, Bloomberg reported that thousands of the Amazon workers listen, how the users interact with Alexa, the virtual assistant in Amazon Echo devices [11].Despite the phenomenon of the privacy paradox1 [10,20], laws [1] still call for more user involvement in their own privacy protection process, because (1) users have the fundamental right of protecting their personal data [1,27] and (2) users' privacy behavior highly depends on the context [10].Furthermore, the European General Data Protection Regulation (GDPR) with different rights, such as "Right for Access" and "Right to be Forgotten", calls for giving the users more transparency regarding the personal data processing, empowering users to be responsible and to have more control for the protection of the personal data processing [1].Therefore, it is important to put the user in the center while designing usable privacy-preserving solutions for smart home environments.Within the scope of this paper, we primarily focus on (1) the exploration of user's willingness to control the disclosure of their data and their need for transparency regarding the data collection.Based upon the results, we further focus on (2) identifying requirements in the form of user centric control mechanisms for privacy-preserving solutions for smart home environments.The remaining paper is structured as follows.We first discuss related work in Sec. 2. We next detail the methodology of our empirical study in Sec. 3. In Sec. 4, we present the demographics and the results of our survey.In Sec. 5, we formulate design requirements based on the survey results for end user-centric-privacypreserving solutions.Discussions and closing remarks conclude this paper in Sec.6 and Sec. 7, respectively.

Related Work
Existing works can be classified as follows: (1) user surveys regarding privacy issues in IoT and (2) technical approaches allowing users to apply control mechanisms for their privacy protection.The first category includes surveys, which are carried out with smart objects' consumers in order to find out users' perception and opinions regarding privacy issues in IoT.Based on interviews with eleven smart home owners, Zheng et al. outline that the users' primary motivation of using smart objects lies on the convenience and connectedness [37].They recommend developers to focus on designing (mobile) applications, allowing the users to access and control the collected data [37].In [36], Zeng et al. also encourage developers to design smart objects considering users' privacy needs.Additionally, the user study by Martin and Nissenbaum [23] outlines that users find that the usage of their data is more relevant to users' privacy opinion than the sensitivity level of the collected data.Moreover, few large-scale surveys [3,21,25] were also carried out in order to find out users' privacy preferences while using smart objects.The results of these studies confirm that privacy issues regarding IoT objects highly depend on the context [3,25].Some user studies also focus on privacy issues regarding smart watches and toys connected to the Internet [24,30].These studies investigate users' awareness of privacy issues while using such smart objects.They give hints for the designers and smart object providers how to deal with users' needs regarding such smart objects in order to increase the acceptance of smart objects.In comparison to the previous works, our questionnaire-based approach focuses on identifying control mechanisms that users want to have in the data collection and disclosure process of smart home environments.These control mechanisms should empower users to protect their own privacy in their smart home environment.Additionally, our study helps to understand, whether the users want to have the empowerment to control their personal data protection while living in smart home environments.
In the second category, we consider technical solutions that allow users to apply control mechanisms for their privacy protection.Solutions such as [16,17,28,35] aim at avoiding the misuse of IoT objects and collected data by attackers for burglaries.While [16] implements a strong password authentication policy in their smart home automation system, the approach in [35] includes a set of new security policies for detecting abnormal behavior of each device.In addition, the solution presented in [17] introduces a new context-based permission system, which allows the user to decide based on collected context information, whether an abnormal action will be performed.Perera et al. propose in [28] a Privacy-by-Design framework, allowing the evaluation of IoT applications and middleware platforms based on a set of guidelines.These guidelines can be categorized in four elements: (a) Minimizing data collection, storage and disclosure without users' consent; (b) reducing the data granularity and controlling data; (c) anonymizing data and encrypting data communication and processing; (d) publishing source code, data flow diagrams of IoT applications, certifications and fulfilled compliance.Few technical frameworks, such as [4,8,14,15,26], present Role Based Access Control (RBAC) including k-anonymity mechanisms and privacy preserved access control protocols for IoT environments.These frameworks include authentication protocols to identify the user and to allow users the event-based data sharing for user-defined roles, such as doctor, partner, etc.The functionality of the frameworks is mostly explained with the help of the collected sensor data based on smart healthcare systems and other devices, such as wearables as well as few home and hotel automation devices [4,8,14,15,26].Further ap-proaches introduce a privacy preserving policy, authentication protocols and data encryption methods in order to protect the collected sensor data and thus users' privacy [2,5,6,9,13,22,29,[31][32][33][34].However, most of these solutions reduce the availability of original data with time delay [36].Finally, in [19], Khan et.al. present a solution to improve the privacy concerns in case of ownership change of the smart objects.These considerations show us that the proposed technical solutions include less user involvement.In comparison to previous works, our survey thus focuses on deriving control mechanisms from the end user perspectives.The proposed technical solutions in this category can be considered in the technical implementation of the derived requirements of this paper.To the best of our knowledge, the contribution of our research work to this body of literature is two-fold: (1) We show users' readiness to be involved in their own privacy protection, (2) we derive requirements for end user-centric-privacypreserving solutions.This lays the ground for our future work.

Methodology
In order to gather insights regarding our main objectives, we carried out an online questionnaire based survey 2 .Our questionnaire including 22 questions is in English and available in Appendix A. It is structured as follows.It gathers insights in participants' knowledge and experience with smart objects.Next, it addresses the potential participants' awareness of data collected and disclosed by smart objects and their related privacy risks.It then focuses on the participants' potential willingness to inform themselves and control the data collected and shared by smart objects, before analyzing their requirements and motivation to use privacy-preserving solutions.We distributed our questionnaire on online social network platforms, such as Xing, LinkedIn, SurveyCircle, IoT Subreddit and the community platforms of several companies in order to reach frequent Internet users.No incentives were given to the participants.It required approximately ten to fifteen minutes to be answered and consisted of multiple choice and open-ended questions.Main goal of the survey is to conduct a preliminary study as a basis for future studies rather than collecting representative insights, which are valid for the whole population.In total, 229 participants completed the questionnaire.We have discarded invalid data sets and this resulted in 209 valid data sets.Moreover, during our analysis we derived and tested five hypotheses based on Q 16 , applied statistical tests, such as Mann-Whitney, multiple linear regression and correlation tests and carried out comparisons of different participant groups in order to get more insight regarding user-centric control mechanisms for privacy-preserving solutions.

Knowledge and Experience
In our sample, about 93% of our participants indicated that they have already heard about IoT (Q 1 , n Q1 =209).In order to get more insight, we asked our participants, in which context they have heard about IoT (Q 2 ).In Q 2 , we also specified what we meant by IoT, by giving some examples for orientation, such as smart home, smart factory, smart city, etc.The mentioned answers were smart home (ca.27%), Industry 4.0 (ca.20%), smart/intelligent things (ca.19%), smart city (ca.19%), and smart factory (ca.13%) (Q 2 , n Q2 =209).In the free text box further answers were given such as smart vehicles, smart clothes, wearables, smart meters, smart grids, smart supply chain, smart campus, smart agriculture, robotic machines, smart logistics, smart health devices, and predictive maintenance.Additionally, 89% of the participants mentioned that they know or use smart objects (Q 3 , n Q3 =209).The most cited answers were: Controlling home technology apps (12%), smart voice control objects, like Amazon Echo (10%), smart health devices (8%), smart door/window locks (8%), smart bulbs (7.5%), smart fridge (7.2%), augmented /virtual reality glasses (7%), smart washing machine (6%), smart alarm clock (5.7%), smart toothbrush (4%), smart grid apps (3%) and smart scale (2.7%).The majority uses the specific smartphone apps for this purpose (71%), while 11% uses the associated web interface (Q 4 ).Regarding Q 5 with "How frequently do you use a device connected to the Internet, such as smart scale, fridge, wearables, watch, etc.? (smartphone, computer, smart TV does not count as smart devices in this question)", about 70% of the participants indicated that they use devices connected to the Internet frequently (n Q5 = 206).Among the participants frequently using smart objects, 76% use them at least once per day, while the remaining 24% only use them occasionally.The cross tables grouped by gender and age groups show that male participants and participants in general aged between 26 and 50 years significantly use connected devices more frequently than others.Based on the answers to Q 5 , we derived three user categories that we use in our further analysis.
1. Frequent users: They use connected devices several times a day, 2. Average users: They use connected devices at most once a day or less, 3. Non users: They do not use any connected devices.
One of the questions we asked the participants using a 5-point Likert scale 3was to indicate their degree of agreement regarding the statement: "In a few years, I believe that it will be difficult to live without using smart objects" (Q 11 , n Q11 = 208).About 87% of the participants agreed that it will be difficult to live without smart objects.A majority appreciated the potential advantages offered by smart objects (Q 12 ), while only 20% of the sample stated that there are no advantages offered by smart objects.The seven most frequently mentioned advantages can be summarized as follows: Facilitating to fulfill routine tasks, high comfort and convenience, low error rates, setting adjustments according to lifestyle, recording interesting personal information, outline the optimization potentials and specific things are automatically done.

Collection, Disclosure, and Privacy
A large majority (93%) of our participants believe that smart objects collect information about themselves and their environments (Q 6 , n Q6 = 200).However, only 58% agreed with the statement:"I believe that I know the information collected by smart objects."(Q7 , n Q7 = 193).Most cited answers were location (29%) and health (25%) followed by browsing (24%) and personal data (19%), like bank details etc. (Q 8 ).With regard to the derived user profiles in Sec.4.2, frequent and average users appear to be more aware of the data collection than the non users (Mann-Whitney test frequent users vs. non users: p − value = 0.003 < 0.05, r = 0.248, average users vs. non users: p−value = 0.048 < 0.05, r = 0.195).The boxplots in Fig. 1 confirm the above mentioned results.The outliers present the divergent answers from the frequently mentioned answers by most users and each number presents the data set of the correspondent anonymous respondent.Additionally, only 24% of the sample believe in knowing the third parties, who receive the data collected by smart objects (Q 9 , n Q9 = 209: "I believe that I know the parties who have access to collected data and receive the collected data from my smart objects (Parties can be: hospital, doctors, insurance companies, institutes using data for statistics, etc.)").As expected, the majority (72%) indicated that they do not know the third parties who get access to their collected data.Note that few participants mentioned some of the third parties.The mentioned parties can be clustered as follows: retail companies (like Amazon, Apple, etc.), service providers (like Google), cyber security firms, social media companies (such as Facebook, etc.), several smart object/telco providers, institutes/companies using data for statistics and analyses, (health) insurance companies, hospitals, doctors, manufacturers of the heating systems/cars, banks and government departments.We further asked the participants to mention potential privacy issues and privacy risks in the context of IoT in a free text box (Q 14 , n Q14 =209).About 55% of the participants filled it.To sum up their statements, they mentioned that the smart objects on the one hand make their lives and every day routines easier, but on the other hand that those objects collect a vast amount of data and transfer those data to third parties, which are used for personalized services or offers, to create (more or less) detailed personal profiles of the users and to manipulate the smart object owners.Additionally, the participants also indicated that today they actually do not have any means to protect those data, before sharing it with third parties and that there is a lack of strict regulations regarding privacy aspects in smart environments.Moreover, approx.93% of the participants agreed to the statement: "I believe that smart objects can endanger my privacy."(Q 15 , n Q15 = 205).The results of the Fisher's Exact test outline that there is no dependency between the participants' gender and their answers regarding Q 15 .While 38% indicated that they take special measures to protect their privacy when using smart objects, 48% denied to do so (Q 10 , n Q10 = 209: "I take special measures (such as switching off some services etc.) to protect my privacy when using smart objects.").The mentioned measures are switching off the objects to avoid the data collection (35%), disuse of cloud connection, using local servers (6%), and checking all the privacy settings and disabling smart objects or features, which are not necessary (57%).One participant mentioned that s/he actually does not know any measures that really help to protect privacy (2%).

Information and Control Willingness
In the next step, respondents had to rate the following statements on a 5 point Likert scale.Based on the results regarding the statements, we investigate to which degree participants are willing to exercise control over the data collected and shared by smart objects (Q 16 ).The statements and the distribution of the values regarding those statements are presented in Tab. 2 and in Fig. 2 (nQ16.8=206)Q16.9I would like to be able to determine who is able to access my data.(nQ16.9=206)Q16.10I would like to be able to determine which information is used for which purpose.(nQ16.10=206)Q16.11I would be willing to spend time to audit the data collected about myself in a smart home environment.(nQ16.11=205)Q16.12I would prefer having an automated system taking privacy decisions for me after learning about my privacy risk awareness.(nQ16.12=206)Q16.13I would like to have clear policies with the provider regarding the collected data from my own smart home environment.(nQ16.13=205)Table 1.Submitted statements in the Q16: "Please enter your answer regarding the following statements." The outliers present the divergent answers from the frequently mentioned answers of the participants and each number presents the data set of the correspondent anonymous respondent.About 94% of the participants indicated that they want to have more information about the data collected by smart objects about themselves in a smart home environment (Q 16.1 ).96% also precised that they want to have an overview of all the information collected by used smart objects (Q 16.2 ).About 94% of the participants would like to see a summary of the collected data over a given period, such as daily, weekly, monthly (Q 16.3 ).Additionally, about 84% of the consumers want to have more information about collected data in their own smart home environments in real-time (Q 16.4 ).In addition, for more transparency approx.92% of our sample want to have more information about the associated risks to their privacy resulting from sharing the collected data (Q 16.5 ).About 87% of the participants also want to have more information about the associated personal and social advantages by sharing the collected data of their own smart home environment (Q 16.6 ).Further analysis shows that there is a positive correlation between statements Q 16.5 and Q 16.6 (r = 0.608, significant at the 0.01 level -2-tailed).This confirms that the users, who want to have information about associated risks to their privacy by data sharing, at the same time also want to have information about the associated personal and social advantages resulting from data sharing.Almost all participants (97%) indicated that they would like to have control about the data collected and shared by smart objects (Q 16.7 and Q 16.8 ).Note that there are no statistically significant differences between the answers given by participants belonging to different user profiles (Q 5 , Mann-Whitney test, p − values > 0.05) and users applying special measures to protect their privacy (Q 10 ), as shown by a multiple linear regression test (p − values > 0.05).
Additionally, a large majority would like to determine which third parties are able to access their collected data (95% for Q 16.9 ) and for which purpose (95% for Q 16.10 ).To exercise this control, only 86% of the participants are willing to spend time on auditing the collected data (Q 16.11 ).An automated system taking privacy decisions would be supported by 74% of the participants (Q 16.12 ).About 96% of the participants also mentioned that they are willing to have clear policies with the data provider regarding the data collection in smart home environments (Q 16.13 ).We finally asked the participants to indicate their motivating factors to use smart home objects while having the control on the data collected and shared (Q 17 , n Q17 = 209) and most cited reasons were: "Having control about the usage of collected data about me" (32%) followed by "feeling myself secured and protected" (29%) as well as "avoiding to draw a digital biography" (22%) and "having information about the data consumer of my data" (15%).Two participants wrote in the free text box that nothing motivates them to use smart home objects while having the control on the data collected.Two further participants also mentioned that they are not going to use any smart objects because they believe that there is no security while using those objects.One participant explicitly indicated that s/he never wants to waste any time on validating or examining the collected data.Derived Hypotheses: The analysis of participants' answers regarding Q 16 make it obvious, that the majority of the participants want to have more transparency and associated data sharing information.It is still to be verified whether they want to have these information in order to consider this input while controlling the data sharing process.For this purpose, we derived and tested five hypotheses to verify, whether there is a significant dependency regarding the fact that the users want to have more transparency and associated data sharing information in order to consider this input while controlling the data sharing process.Fisher's Exact tests confirm the all five hypotheses with p = 0.00 < 0.05.This means that users want to control the information collected by smart objects (H 1 ) and are willing to have an overview of those information (H 3 ).The results also confirm that the users are willing to get information regarding the privacy risks arising from the publication of data (H 2 ).Similarly, the test results also confirm that the users want to determine who is able to access the shared data (H 4 ) and for which purpose the data are used (H 5 ), while controlling the data shared with third parties.

Derived Requirements for User-Centric-Privacy-Preserving solutions
We leverage the results of the survey to derive requirements in form of control mechanisms for user-centric-privacy-preserving solutions in what follows.We define the identified control mechanisms as User-Centric-Control-Points (UCCP).
Data object tagging: Considering the results of the whole survey, we can derive that it will be useful to allow the user to tag his/her different smart objects as sensitive or non-sensitive object depending on the data the objects collect.For example, in one case a smart table mat could be non-sensitive, because it just collects information whether something is on the mat or not, while in another case smart fridge or calory scanner could be tagged as sensitive, because those objects collect data regarding the users' eating and living habits.The users can consider these tagging when they make their decision whether they want to share the data while considering the associated privacy risks and advantages arising from sharing the collected data.These considerations allow us to derive the UCCP 1: Allowing the user to tag the smart object as a sensitive or nonsensitive object.
Data minimization: Our results in Sec.4.3 and 4.4 show that the participants do not have transparency and vast experience regarding the data collection and disclosure process in smart home environments.Participants' answers also outline that they want to have more information regarding the data collection process in smart home environments.Furthermore, the results underline that the participants want to control which information are collected in their smart home environment.These results help us to derive the following UCCP 2: Allowing the user to select which information are collected by the used smart objects in his environment.
Data granularity: The results in Sec.4.4 let us conclude that (1) the participants want to have an overview of all collected information and (2) that they want to review the collected data over a preferred period, such as weekly, monthly, and thus to determine the granularity of data collection.Based on these results, we can derive our next UCCP 3: Allowing the user to set in which granularity the data are collected for users' review.
Data sharing: The participants' answers in Sec 4.4 also outline that they want to have the opportunity to get more information regarding associated privacy risks, personal and social associated advantages resulting from sharing the collected data.This leads us to derive our next UCCP 4: Allowing the user to view the associated risks and social or personal advantages arising by sharing the collected context-data.
Data disclosure limitations: The results in Sec.4.4 show that the users want to control the data shared.In this context, it is to be mentioned that the GDPR also demands to obtain consent for the processing of the personal data in understandable and simply accessible form from the users [1].These results help us to derive another UCCP 5: Allowing the user to control the data sharing.This UCCP must include at least the following two options: Share the data or delete the data without any third parties getting access to the data.

Data access limitations:
The results in Sec.4.4 show that the participants want to have the control on who is able to access their data and for which purpose in case of data sharing.This leads us to derive the next UCCP 6: Allowing the users to determine who is able to access the data and for which purpose the data are used.This UCCP should also allow the users to set the settings, how the data are disclosed, anonymized or non-anonymized.
As listed above, the results of our survey allowed us to derive six UCCPs as requirements for end user-centric-privacy-preserving solutions for smart home environments.Furthermore, the derived UCCPs can also be categorized into three categories.These categories are transparency of data collection, data implications and data access.In the first category, UCCPs are summarized, which allow users to gain more transparency regarding data collection.The second category includes UCCPs, which provide the data sharing information for users.
The third category comprises UCCPs, which allow users to control the data sharing process.Allowing the user to control the data sharing: Share the data or delete data without any third party getting access to the data (Q16.8)UCCP 6: Data access limitations Allowing the users to determine who is able to access the data and for which purpose the data are used and how the data are disclosed, as anonymised or non-anonymised data (Q16.9,Q16.10) Table 2. Derived UCCPs for user-centric-privacy-preserving solutions based on the results

Category
In future work, the privacy-preserving solutions with integrated UCCPs must be investigated in terms of their usability and applicability in everyday life.

Discussion
The answers to the questions on information collection and disclosure (Q 6,7,9 ) represent an interesting aspect.Regarding the results of Q 6 a majority (93%) of the participants are aware about the data collection in smart environments, but only 58% agreed in Q 7 that they know the information collected by smart objects.The comparison of the user profiles shows that the frequent and average users are more aware of the data collection than the non users.Furthermore, only 24% of the participants indicated in Q 9 that they know the third parties, who receive the data collected by smart objects.By considering these answers, it becomes obvious that the users have a lack of knowledge regarding the sensitive data collected by the smart objects and the third parties receiving those sensitive data without users' consent.This might have two reasons: (1) users have less transparency about the collected data and/or (2) users put less effort in finding out which information are collected, because they do not receive such information in an understandable way.Although approx.93% indicated in Q 15 that they "...believe that smart objects can endanger my privacy", only 55% in Q 14 mentioned potential privacy risks in IoT-context and only 38% mentioned in Q 10 that they are taking special measures to protect their own privacy.Regardless of the derived user profiles and users applying special privacy preserving measures, later in Q 16 a majority indicated that they want to have control over data collection and disclosure in their smart home environment.This might mean that the missing transparency about collected as well as disclosed data and missing opportunities for the users to control the data collection and disclosure process give only limited permission for the users to be responsible for their own privacy protection.Additionally, it is not clear whether the 38% of the respondents (Q 10 ) apply those measures regularly or just once in a while.If the measures are applied regularly, then it is clear that those participants actively protect their privacy.Furthermore, there were also few participants, who mentioned that they do not have any motivation to deal with user-centric-privacy-preserving solutions, because they believe that there is no privacy in today's data-driven world.
Additionally, testing the five hypotheses (presented at the end of Sec.4.4) helps us to conclude that users want to have more transparency and information regarding data collection and disclosure process in their smart home environment in order to consciously control the disclosure of the collected data.The results of Q 16.11 also provide the insight that the users want to be involved in their privacy protection while living in smart home environments.These results are not surprising and further emphasize that efficient user-centric-privacy-preserving solutions for data control are necessary.Consequently, the majority of our participants mentioned in Q 17 that they are motivated to live in smart home environments while having control over the data collected and shared.In contrast, few participants pointed out that they will not use such devices due to privacy issues.Furthermore, based on the results regarding Q 16 we were able to derive six UCCPs as requirements for user-centric-privacy-preserving solutions for smart home environments, explained in Sec 5.The derived UCCPs underline the aspects of GDPR [1] and can only provide added value if they are considered in the whole lifecycle of the personal data processing in smart home environments.Furthermore, the presented technical approaches in the second category in Sec. 2 can be considered in the implementation of the derived UCCPs, for instance RBAC mechanisms in the implementation of UCCP 6.The derived UCCPs based on users' answers represent their stated opinion and must be evaluated in a real smart home environment scenario.This will help us to find out whether the users accept to spend their time with such solutions in their everyday lives in order to protect their own privacy, as mentioned in Q 16.11 .
Finally, our questionnaire-based survey has few limitations: As already preluded, the answers of the participants represent their opinion, but not necessarily their actual behavior.The participants may also be biased and not representative of the whole population.Indeed, the fact that they voluntarily answered the questionnaire, which was published on several Internet platforms and invitations sent by emails, may indicate that they may be more altruistic or that they are strongly willing to live or to deal with smart objects and environments than those who have not answered it.Ultimately, our findings mainly reflect the views of participants, who have access to the Internet.

Conclusions and Outlook
Within the scope of this paper, we have investigated based on the questionnairebased survey (1) requirements for end user-centric privacy-preserving solutions and (2) users' readiness to be involved in their own privacy protection.Overall, our participants have indicated that they would like to have more transparency regarding data collection and more control over data collection and disclosure in smart home environments.Based on their answers, we have developed a set of requirements called UCCPs for privacy-preserving solutions in smart home environments that would allow users to exercise a control over their personal data.Our findings also underline that the participants want to be involved in their own privacy protection.In future work, we plan to conduct user studies to investigate possible discrepancies between users' real behavior and stated opinion regarding the utilization of privacy-preserving solution with integrated UCCPs in smart home environments.We further plan to investigate the usability aspects of such solutions.Finally, further research work is needed to develop clear policy frameworks regarding the personal data processing in smart home environments, which have to be taken into account by the smart objects' providers.
A Appendix -Survey questions Possible answers: more than 20 times per day / less than 20 times per day / once per day / very rare / other options: free text box for participants / I do not use any smart objects / I prefer not to answer this question Q 6 : When using smart objects, I believe that those objects collect information about myself and my environment.5-level Likert scale: 1 strongly disagree / 2 disagree / 3 partly agree / 4 agree / 5 strongly agree / Don't know / Prefer not to answer Q 7 : I believe that I know the information collected by smart objects.5-level Likert scale: 1 strongly disagree / 2 disagree / 3 partly agree / 4 agree / 5 strongly agree / Don't know / Prefer not to answer Q 8 : Please indicate which kind of information you believe the smart objects collect about you.(multiple choice possible) Possible answers: location data / browsing data / data about your health, such as weight, movements, food purchase / personal data, e.g. bank details, relationships from voice control, finger prints from door locks etc. / other information: free text box for participants / I prefer not to answer this question Q 9 : I believe that I know the parties who have access to collected data and receive the collected data from my smart objects.(Parties can be: hospital, doctors, insurance companies, institutes using data for statistics, etc.) Possible answers: I know / If you know, please mention in short key points the parties / I do not know / I prefer not to answer this question Q 10 : I take special measures (such as switching off some services etc.) to protect my privacy when using smart objects.Possible answers: Yes / If yes, please indicate the measures you usually take and the conditions / No / I prefer not to answer this question Q 11 : In a few years, I believe that it will be difficult to live without using smart objects.5-level Likert scale: 1 strongly disagree / 2 disagree / 3 partly agree / 4 agree / 5 strongly agree / Don't know / Prefer not to answer Q 12 : What do you think about the advantages you have by using smart home objects?(Participants had the possibility to rate on each statement by using the following Likert Scale.)5-level Likert scale: 1 strongly disagree / 2 disagree / 3 partly agree / 4 agree / 5 strongly agree / Don't know / Prefer not to answer facilitating to fulfill the everyday and routine tasks.
high comfort and convenience low error rates (humans make mistakes more easily and frequently than machines) automatic adjustments of settings regarding my current lifestyle the smart objects record interesting information about myself and my surroundings.smart objects outline the optimization potentials regarding my everyday work or my health plan etc. specific things are automatically done by smart objects and releasing you from these tasks so you can spend time for more important things.no advantages -Others: free text box for participants Q 13 : Please enter the answer for the following question to make sure, that you are not a robot: 150 + (2x2) = Q 14 : What do you know about privacy issues in the context of Internet of Things, specifically, to what extent do you understand potential privacy risks?(such as third parties get access to your data / to your house or to your bank account etc.).Possible answers: Please enter your answer here / I prefer not to answer this question Q 15 : I believe that smart objects can endanger my privacy.5-level Likert scale: 1 strongly disagree / 2 disagree / 3 partly agree / 4 agree / 5 strongly agree / Don't know / Prefer not to answer Q 16 : Please enter your answer regarding the following statements.(Participants had the possibility to rate on each statement by using the following Likert Scale.)5-level Likert scale: 1 strongly disagree / 2 disagree / 3 partly agree / 4 agree / 5 strongly agree / Don't know / Prefer not to answer -Q 16.9 : I would like to be able to determine which information is used for which purpose.-Q 16.10 : I would like to be able to determine who is able to access my data.
-Q 16.11 : I would be willing to spend time to audit the data collected about myself in a smart home environment.-Q 16.12 : I would prefer having an automated system taking privacy decisions for me after learning about my privacy risk awareness.-Q 16.13 : I would like to have clear policies with the provider regarding the collected data from my own smart home environment. Q

Fig. 1 .
Fig. 1.Boxplots regarding "I believe that I know the information collected by smart objects."(Q7)clustered by user profiles, derived based on the results of Q5 (1 = strong disagreement, while 5 = strong agreement)

Fig. 2 .
Fig. 2. Boxplots for submitted statements in the Q16 (1 = strong disagreement, while 5 = strong agreement) object tagging Allowing the user to tag the smart object as a sensitive or non-sensitive object UCCP 2: Data minimization Allowing the user to set which information are collected by the used smart objects in his environment(Q7, Q8, Q9, Q16.1, Q16.7) UCCP 3: Data granularity Allowing the user to set in which granularity the data are collected and saved for users' review (Q16.2,Q16.3)Data implication UCCP 4: Data sharing Allowing the user to view the associated risks and social or personal advantages arising by sharing the collected context-data (Q16.5, Q16.6)Data access UCCP 5: Data disclosure limitations

-Q 16 . 1 :
I would like to have more information about the data collected by smart objects about me in a smart home environment.-Q 16.2 : I would like to have an overview of all the information collected by my smart objects.-Q 16.3 : I would like to be able to control which information is collected about myself in a smart home environment.-Q 16.4 : I would like to know in real-time about the data collected in my smart home environment.-Q 16.5 : I would like to have a summary of the collected data over a given period, e.g.daily, weekly, monthly, etc. -Q 16.6 : I would like to have more information about the associated risks to my privacy by sharing the collected data.-Q 16.7 : I would like to have more information about the associated personal and social advantages by sharing the collected data from my smart home environment.-Q 16.8 : I would like to be able to control the data shared by my smart objects.
, respectively.I would like to have more information about the data collected by smart objects about me in a smart home environment.(nQ16.1=206)Q16.2I would like to have an overview of all the information collected by my smart objects.(nQ16.2=206)Q16.3I would like to have a summary of the collected data over a given period, e.g.daily, weekly, monthly, etc. (nQ16.3=206)Q16.4I would like to know in real-time about the data collected in my smart home environment.(nQ16.4=205)Q16.5 I would like to have more information about the associated risks to my privacy by sharing the collected data.(nQ16.5=205)Q16.6 I would like to have more information about the associated personal and social advantages by sharing the collected data from my smart home environment.(nQ16.6=206)Q16.7 I would like to be able to control which information is collected about myself in a smart home environment.(nQ16.7=206)Q16.8I would like to be able to control the data shared by my smart objects.
Have you heard about the Internet of Things (IoT)?Possible answers: Yes / No / I prefer not to answer this question Q 2 : If yes, in which context have you heard about IoT? Possible answers: smart home / Industry 4.0 / smart factory / smart city / smart things / Others: free text box for participants / I prefer not to answer this question Q 3 : Indicate the smart objects or applications (apps) that you know or use in your everyday life?(multiple choice possible) Possible answers: smart fridge / controlling home technology apps / smart grid apps / smart bulbs / smart alarm clock / smart toothbrush / smart washing machine / smart voice control objects, such as Amazon echo / augmented/virtual reality glasses / smart scale / smart health devices / smart door/window locks / smartphone / Others: free text box for participants / I do not utilize smart objects / I prefer not to answer this question Q 4 : If you already use smart objects, how do you get access to the collected data from your smart objects, through an app or web interface?(multiple choice possible and please click on respective smart object to choose the option between app and web interface) Possible answers: smart fridge / controlling home technology apps / smart grid apps / smart bulbs / smart alarm clock / smart toothbrush / smart washing machine / smart voice control objects, such as Amazon echo / augmented/virtual reality glasses / smart scale / smart health devices / smart door/window locks / smartphone / I prefer not to answer this question Q 5 : How frequently do you use a device connected to the Internet, such as smart scale, fridge, wearables, watch, etc.? (smartphone, computer, smart TV does not count as smart devices in this question).
17 : Indicate the factors that motivate you to use smart home objects while having the control about the data collected.Possible answers: Feeling myself secured and protected / It is not possible for third party data consumers to draw a digital biography from my daily routine / Having control about the usage of collected data about me / Others: free text box for participants / I prefer not to answer this question Q 18 : How old are you?Q 19 : What is your gender?Possible answers: Male / female / I prefer not to answer this question Q 20 : What is your nationality?Q 21 : What is your annual income range?(Euro values or equivalent in local currency)?Possible answers: Less than 25.000 Euro / 25.000 Euro -40.000Euro / 40.000Euro -75.000Euro / 75.000Euro -100.000Euro / More than 100.000Euro / I prefer not to answer this question