{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T15:24:36Z","timestamp":1759332276259,"version":"3.41.0"},"reference-count":63,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,4,23]],"date-time":"2024-04-23T00:00:00Z","timestamp":1713830400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Things"],"published-print":{"date-parts":[[2024,5,31]]},"abstract":"<jats:p>Internet of Things (IoT) applications (apps) are challenging to design because of the heterogeneous systems on which they are deployed. IoT devices and apps may collect and analyse sensitive personal data, which is often protected by data privacy laws, some within highly regulated domains such as healthcare. Privacy-by-design (PbD) schemes can be used by developers to consider data privacy at the design stage. However, software developers are not widely adopting these approaches due to difficulties in understanding and interpreting them. There are currently a limited number of tools available for developers to use in this context. We believe that a successful PbD tool should be able to (i) assist developers in addressing privacy requirements in less regulated domains, as well as (ii) help them learn about privacy as they use the tool. The findings of two controlled lab studies are presented, involving 42 developers. We discuss how such a PbD tool can help novice IoT developers comply with privacy laws (e.g., GDPR) and follow privacy guidelines (e.g., privacy patterns). Based on our findings, such tools can help raise awareness of data privacy requirements at design. This increases the likelihood that subsequent designs will be more aware of data privacy requirements.<\/jats:p>","DOI":"10.1145\/3648480","type":"journal-article","created":{"date-parts":[[2024,2,15]],"date-time":"2024-02-15T11:55:33Z","timestamp":1707998133000},"page":"1-32","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Designing Privacy-Aware IoT Applications for Unregulated Domains"],"prefix":"10.1145","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8751-1000","authenticated-orcid":false,"given":"Nada","family":"Alhirabi","sequence":"first","affiliation":[{"name":"King Saud University, Riyadh, Saudi Arabia and Cardiff University, Cardiff, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9626-9471","authenticated-orcid":false,"given":"Stephanie","family":"Beaumont","sequence":"additional","affiliation":[{"name":"My Data Fix Ltd., London, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3597-2646","authenticated-orcid":false,"given":"Omer","family":"Rana","sequence":"additional","affiliation":[{"name":"Cardiff University, Cardiff, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0190-3346","authenticated-orcid":false,"given":"Charith","family":"Perera","sequence":"additional","affiliation":[{"name":"Cardiff University, Cardiff, UK"}]}],"member":"320","published-online":{"date-parts":[[2024,4,23]]},"reference":[{"key":"e_1_3_4_2_2","doi-asserted-by":"crossref","first-page":"102122","DOI":"10.1016\/j.cose.2020.102122","article-title":"How can organizations develop situation awareness for incident response: A case study of management practice","volume":"101","author":"Ahmad Atif","year":"2021","unstructured":"Atif Ahmad, Sean B. Maynard, Kevin C. Desouza, James Kotsias, Monica T. Whitty, and Richard L. Baskerville. 2021. How can organizations develop situation awareness for incident response: A case study of management practice. Computers and Security 101 (2021), 102122.","journal-title":"Computers and Security"},{"issue":"11","key":"e_1_3_4_3_2","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1109\/MCOM.2017.1700871","article-title":"Advertising in the IoT era: Vision and challenges","volume":"56","author":"Aksu Hidayet","year":"2018","unstructured":"Hidayet Aksu, Leonardo Babun, Mauro Conti, Gabriele Tolomei, and A. Selcuk Uluagac. 2018. Advertising in the IoT era: Vision and challenges. IEEE Communications Magazine 56, 11 (2018), 138\u2013144.","journal-title":"IEEE Communications Magazine"},{"key":"e_1_3_4_4_2","article-title":"Interactive privacy management: Toward enhancing privacy awareness and control in Internet of Things","author":"Muhander Bayan Al","year":"2023","unstructured":"Bayan Al Muhander, Jason Wiese, Omer Rana, and Charith Perera. 2023. Interactive privacy management: Toward enhancing privacy awareness and control in Internet of Things. ACM Transactions on Internet of Things 4, 3 (2023), Article 18, 34 pages.","journal-title":"ACM Transactions on Internet of Things"},{"issue":"1","key":"e_1_3_4_5_2","article-title":"PARROT: Interactive privacy-aware Internet of Things application design tool","volume":"7","author":"Alhirabi Nada","year":"2023","unstructured":"Nada Alhirabi, Stephanie Beaumont, Jose Tomas Llanos, Dulani Meedeniya, Omer Rana, and Charith Perera.2023. PARROT: Interactive privacy-aware Internet of Things application design tool. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 7, 1 (2023), Article 1, 37 pages.","journal-title":"Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"},{"key":"e_1_3_4_6_2","first-page":"37","article-title":"Security and privacy requirements for the Internet of Things: A survey","volume":"2","author":"Alhirabi Nada","year":"2021","unstructured":"Nada Alhirabi, Omer Rana, and Charith Perera. 2021. Security and privacy requirements for the Internet of Things: A survey. ACM Transactions on Internet of Things 2, 1 (2021), Article 6, 37 pages.","journal-title":"ACM Transactions on Internet of Things"},{"key":"e_1_3_4_7_2","first-page":"107","volume-title":"Proceedings of the 2022 IEEE\/ACM 7th International Conference on Internet-of-Things Design and Implementation (IoTDI \u201922)","author":"Alhirabi Nada","year":"2022","unstructured":"Nada Alhirabi, Omer Rana, and Charith Perera. 2022. Demo abstract: PARROT: Privacy by design tool for Internet of Things. In Proceedings of the 2022 IEEE\/ACM 7th International Conference on Internet-of-Things Design and Implementation (IoTDI \u201922). 107\u2013108."},{"key":"e_1_3_4_8_2","volume-title":"Adjunct Proceedings of the 2022 Nordic Human-Computer Interaction Conference (NordiCHI \u201922)","author":"Almeida Teresa","year":"2022","unstructured":"Teresa Almeida, Laura Shipp, Maryam Mehrnezhad, and Ehsan Toreini. 2022. Bodies like yours: Enquiring data privacy in FemTech. In Adjunct Proceedings of the 2022 Nordic Human-Computer Interaction Conference (NordiCHI \u201922). Article 54, 5 pages."},{"key":"e_1_3_4_9_2","first-page":"23","article-title":"Discovering smart home Internet of Things privacy norms using contextual integrity","volume":"2","author":"Apthorpe Noah","year":"2018","unstructured":"Noah Apthorpe, Yan Shvartzshnaider, Arunesh Mathur, Dillon Reisman, and Nick Feamster. 2018. Discovering smart home Internet of Things privacy norms using contextual integrity. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, 2 (2018), Article 59, 23 pages.","journal-title":"Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"},{"key":"e_1_3_4_10_2","doi-asserted-by":"crossref","DOI":"10.1145\/2501604.2501616","article-title":"Little brothers watching you: Raising awareness of data leaks on smartphones","author":"Balebako Rebecca","year":"2013","unstructured":"Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, and Carolyn Nguyen. 2013. Little brothers watching you: Raising awareness of data leaks on smartphones. In Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS \u201913).","journal-title":"Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS \u201913)."},{"issue":"7","key":"e_1_3_4_11_2","doi-asserted-by":"crossref","first-page":"4808","DOI":"10.1109\/TII.2021.3100152","article-title":"Privacy-aware cloud auditing for GDPR compliance verification in online healthcare","volume":"18","author":"Barati Masoud","year":"2021","unstructured":"Masoud Barati, Gagangeet Singh Aujla, Jose Tomas Llanos, Kwabena Adu Duodu, Omer F. Rana, Madeline Carr, and Rajiv Ranjan. 2021. Privacy-aware cloud auditing for GDPR compliance verification in online healthcare. IEEE Transactions on Industrial Informatics 18, 7 (2021), 4808\u20134819.","journal-title":"IEEE Transactions on Industrial Informatics"},{"issue":"7","key":"e_1_3_4_12_2","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1089\/cyber.2018.0670","article-title":"Social profiling: A review, taxonomy, and challenges","volume":"22","author":"Bilal Muhammad","year":"2019","unstructured":"Muhammad Bilal, Abdullah Gani, Muhammad Ikram Ullah Lali, Mohsen Marjani, and Nadia Malik. 2019. Social profiling: A review, taxonomy, and challenges. Cyberpsychology, Behavior, and Social Networking 22, 7 (2019), 433\u2013450.","journal-title":"Cyberpsychology, Behavior, and Social Networking"},{"issue":"1","key":"e_1_3_4_13_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/21670811.2018.1556314","article-title":"Fake news, real money: Ad tech platforms, profit-driven hoaxes, and the business of journalism","volume":"7","author":"Braun Joshua A.","year":"2019","unstructured":"Joshua A. Braun and Jessica L. Eklund. 2019. Fake news, real money: Ad tech platforms, profit-driven hoaxes, and the business of journalism. Digital Journalism 7, 1 (2019), 1\u201321.","journal-title":"Digital Journalism"},{"issue":"2","key":"e_1_3_4_14_2","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using thematic analysis in psychology","volume":"3","author":"Braun Virginia","year":"2006","unstructured":"Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2 (2006), 77\u2013101.","journal-title":"Qualitative Research in Psychology"},{"issue":"2","key":"e_1_3_4_15_2","doi-asserted-by":"crossref","first-page":"105","DOI":"10.18261\/issn.2387-3299-2017-02-03","article-title":"Data protection by design and by default: Deciphering the EU\u2019s legislative requirements","volume":"4","author":"Bygrave Lee A.","year":"2017","unstructured":"Lee A. Bygrave. 2017. Data protection by design and by default: Deciphering the EU\u2019s legislative requirements. Oslo Law Review 4, 2 (2017), 105\u2013120.","journal-title":"Oslo Law Review"},{"key":"e_1_3_4_16_2","first-page":"12","article-title":"Privacy by design: The 7 foundational principles","volume":"5","author":"Cavoukian Ann","year":"2009","unstructured":"Ann Cavoukian. 2009. Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009), 12.","journal-title":"Information and Privacy Commissioner of Ontario, Canada"},{"key":"e_1_3_4_17_2","first-page":"1687","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security \u201918)","author":"Celik Z. Berkay","year":"2018","unstructured":"Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the 27th USENIX Security Symposium (USENIX Security \u201918). 1687\u20131704."},{"issue":"1","key":"e_1_3_4_18_2","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1145\/2031331.2031335","article-title":"Trajectory privacy in location-based services and data publication","volume":"13","author":"Chow Chi-Yin","year":"2011","unstructured":"Chi-Yin Chow and Mohamed F. Mokbel. 2011. Trajectory privacy in location-based services and data publication. ACM SIGKDD Explorations Newsletter 13, 1 (2011), 19\u201329.","journal-title":"ACM SIGKDD Explorations Newsletter"},{"key":"e_1_3_4_19_2","article-title":"Development and evaluation of emerging design patterns for ubiquitous computing","author":"Chung Eric S.","year":"2004","unstructured":"Eric S. Chung, Jason I. Hong, Lin James, Madhu K. Prabaker, James A. Landay, and Alan L. Liu. 2004. Development and evaluation of emerging design patterns for ubiquitous computing. In Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques (DIS \u201904). 233\u2013242.","journal-title":"Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques (DIS \u201904)."},{"key":"e_1_3_4_20_2","first-page":"321","volume-title":"Proceedings of the 12th ACM International Conference on Ubiquitous Computing (UbiComp \u201910)","author":"Consolvo Sunny","year":"2010","unstructured":"Sunny Consolvo, Jaeyeon Jung, Ben Greenstein, Pauline Powledge, Gabriel Maganis, and Daniel Avrahami. 2010. The Wi-Fi privacy ticker: Improving awareness and control of personal information exposure on Wi-Fi. In Proceedings of the 12th ACM International Conference on Ubiquitous Computing (UbiComp \u201910). 321\u2013330."},{"issue":"2","key":"e_1_3_4_21_2","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1145\/1165734.1165735","article-title":"User interfaces for privacy agents","volume":"13","author":"Cranor Lorrie Faith","year":"2006","unstructured":"Lorrie Faith Cranor, Praveen Guduru, and Manjula Arjula. 2006. User interfaces for privacy agents. ACM Transactions on Computer-Human Interaction 13, 2 (2006), 135\u2013178.","journal-title":"ACM Transactions on Computer-Human Interaction"},{"issue":"1","key":"e_1_3_4_22_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","article-title":"A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements","volume":"16","author":"Deng Mina","year":"2011","unstructured":"Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3\u201332.","journal-title":"Requirements Engineering"},{"key":"e_1_3_4_23_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-58469-0_33","article-title":"Supporting privacy by design using privacy process patterns","author":"Diamantopoulou Vasiliki","year":"2017","unstructured":"Vasiliki Diamantopoulou, Christos Kalloniatis, Stefanos Gritzalis, and Haralambos Mouratidis. 2017. Supporting privacy by design using privacy process patterns. In ICT Systems Security and Privacy Protection. IFIP Advances in Information and Communication Technology, Vol. 502. Springer, 491\u2013505.","journal-title":"IFIP Advances in Information and Communication Technology, Vol. 502. Springer,"},{"key":"e_1_3_4_24_2","unstructured":"Nick Doty and Mohit Gupta. 2013. Privacy design patterns and anti-patterns: Patterns misapplied and unintended consequences."},{"key":"e_1_3_4_25_2","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1109\/SP40000.2020.00043","volume-title":"Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP \u201920)","author":"Emami-Naeini Pardis","year":"2020","unstructured":"Pardis Emami-Naeini, Yuvraj Agarwal, Lorrie Faith Cranor, and Hanan Hibshi. 2020. Ask the experts: What should be on an IoT privacy and security label? In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP \u201920). 447\u2013464."},{"key":"e_1_3_4_26_2","volume-title":"Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI \u201921)","author":"Feng Yuanyuan","year":"2021","unstructured":"Yuanyuan Feng, Yaxing Yao, and Norman Sadeh. 2021. A design space for privacy choices: Towards meaningful privacy control in the Internet of Things. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI \u201921). Article 64, 16 pages."},{"issue":"3","key":"e_1_3_4_27_2","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1136\/eb-2013-101382","article-title":"Blinding: An essential component in decreasing risk of bias in experimental designs","volume":"16","author":"Forbes Dorothy","year":"2013","unstructured":"Dorothy Forbes. 2013. Blinding: An essential component in decreasing risk of bias in experimental designs. Evidence-Based Nursing 16, 3 (2013), 70\u201371.","journal-title":"Evidence-Based Nursing"},{"issue":"1","key":"e_1_3_4_28_2","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1080\/17441056.2020.1848059","article-title":"GDPR Myopia: How a well-intended regulation ended up favouring large online platforms-the case of ad tech","volume":"17","author":"Geradin Damien","year":"2021","unstructured":"Damien Geradin, Theano Karanikioti, and Dimitrios Katsifis. 2021. GDPR Myopia: How a well-intended regulation ended up favouring large online platforms-the case of ad tech. European Competition Journal 17, 1 (2021), 47\u201392.","journal-title":"European Competition Journal"},{"key":"e_1_3_4_29_2","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1145\/3167996.3167999","volume-title":"Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust (STAST \u201917)","author":"Gerber Nina","year":"2018","unstructured":"Nina Gerber, Paul Gerber, Hannah Drews, Elisa Kirchner, Noah Schlegel, Tim Schmidt, and Lena Scholz. 2018. FoxIT: Enhancing mobile users\u2019 privacy behavior by increasing knowledge and awareness. In Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust (STAST \u201917). 53\u201363."},{"key":"e_1_3_4_30_2","article-title":"A pattern collection for privacy enhancing technology","author":"Graf Cornelia","year":"2010","unstructured":"Cornelia Graf, Peter Wolkerstorfer, Arjan Geven, and Manfred Tscheligi. 2010. A pattern collection for privacy enhancing technology. Proceedings of the 2nd International Conferences on Pervasive Patterns and Applications (Patterns \u201910). 72\u201377.","journal-title":"Proceedings of the 2nd International Conferences on Pervasive Patterns and Applications (Patterns \u201910)."},{"key":"e_1_3_4_31_2","article-title":"Poli-see: An interactive tool for visualizing privacy policies","author":"Guo Wentao","year":"2020","unstructured":"Wentao Guo, Jay Rodolitz, and Eleanor Birrell. 2020. Poli-see: An interactive tool for visualizing privacy policies. In Proceedings of the 19th Workshop on Privacy in the Electronic Society (WPES \u201920). 57\u201371.","journal-title":"Proceedings of the 19th Workshop on Privacy in the Electronic Society (WPES \u201920)."},{"issue":"3","key":"e_1_3_4_32_2","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1023\/A:1026586415054","article-title":"Using students as subjects\u2014A comparative study of students and professionals in lead-time impact assessment","volume":"5","author":"H\u00f6st Martin","year":"2000","unstructured":"Martin H\u00f6st, Bj\u00f6rn Regnell, and Claes Wohlin. 2000. Using students as subjects\u2014A comparative study of students and professionals in lead-time impact assessment. Empirical Software Engineering 5, 3 (2000), 201\u2013214.","journal-title":"Empirical Software Engineering"},{"key":"e_1_3_4_33_2","unstructured":"ICO. 2021. ICO Calls on Google and Other Companies to Eliminate Existing Privacy Risks Posed by Adtech Industry. ICO."},{"key":"e_1_3_4_34_2","unstructured":"Information Commissioner\u2019s Office. 2014. Data Controllers and Data Processors: What the Difference Is and What the Governance Implications Are. Information Commisioner\u2019s Office."},{"key":"e_1_3_4_35_2","article-title":"Your echos are heard: Tracking, profiling, and ad targeting in the amazon smart speaker ecosystem","author":"Iqbal Umar","year":"2022","unstructured":"Umar Iqbal, Pouneh Nikkhah Bahrami, Rahmadi Trimananda, Hao Cui, Alexander Gamero-Garrido, Daniel Dubois, David Choffnes, Athina Markopoulou, Franziska Roesner, and Zubair Shafiq. 2022. Your echos are heard: Tracking, profiling, and ad targeting in the amazon smart speaker ecosystem. arXiv preprint arXiv:2204.10920 (2022).","journal-title":"arXiv preprint arXiv:2204.10920"},{"key":"e_1_3_4_36_2","article-title":"Privacy concerns raised by pervasive user data collection from cyberspace and their countermeasures","author":"Jiang Yinhao","year":"2022","unstructured":"Yinhao Jiang, Ba Dung Le, Tanveer Zia, and Praveen Gauravaram. 2022. Privacy concerns raised by pervasive user data collection from cyberspace and their countermeasures. arXiv preprint arXiv:2202.04313 (2022).","journal-title":"arXiv preprint arXiv:2202.04313"},{"key":"e_1_3_4_37_2","volume-title":"Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI \u201922)","author":"Jin Haojian","year":"2022","unstructured":"Haojian Jin, Boyuan Guo, Rituparna Roychoudhury, Yaxing Yao, Swarun Kumar, Yuvraj Agarwal, and Jason I. Hong. 2022. Exploring the needs of users for supporting privacy-protective behaviors in smart homes. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI \u201922). Article 449, 19 pages."},{"key":"e_1_3_4_38_2","article-title":"\u201cMy data just goes everywhere:\u201d User mental models of the Internet and implications for privacy and security","author":"Kang Ruogu","year":"2019","unstructured":"Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2019. \u201cMy data just goes everywhere:\u201d User mental models of the Internet and implications for privacy and security. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS \u201915). 39\u201352.","journal-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS \u201915)."},{"key":"e_1_3_4_39_2","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/j.procs.2016.02.002","article-title":"User profiling for university recommender system using automatic information retrieval","author":"Kanoje Sumitkumar","year":"2016","unstructured":"Sumitkumar Kanoje, Debajyoti Mukhopadhyay, and Sheetal Girase. 2016. User profiling for university recommender system using automatic information retrieval. Procedia Computer Science 78 (2016), 5\u201312.","journal-title":"Procedia Computer Science"},{"key":"e_1_3_4_40_2","unstructured":"Barbara A. Kitchenham and Tore Dyb\u00e5. 2004. Evidence-based software engineering. In Proceedings of the 26th International Conference on Software Engineering."},{"issue":"3","key":"e_1_3_4_41_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3310276","article-title":"Enact: Reducing designer\u2013developer breakdowns when prototyping custom interactions","volume":"26","year":"2019","unstructured":"Germ\u00e1n Leiva, Nolwenn Maudet, Wendy Mackay, and Michel Beaudouin-Lafon. 2019. Enact: Reducing designer\u2013developer breakdowns when prototyping custom interactions. ACM Transactions on Computer-Human Interaction 26, 3 (2019), 1\u201348.","journal-title":"ACM Transactions on Computer-Human Interaction"},{"key":"e_1_3_4_42_2","first-page":"35","article-title":"Coconut: An IDE plugin for developing privacy-friendly apps","volume":"2","author":"Li Tianshi","year":"2018","unstructured":"Tianshi Li, Yuvraj Agarwal, and Jason I. Hong. 2018. Coconut: An IDE plugin for developing privacy-friendly apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, 4 (Dec. 2018), Article 178, 35 pages.","journal-title":"Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"},{"key":"e_1_3_4_43_2","first-page":"501","volume-title":"Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp \u201912)","author":"Lin Jialiu","year":"2012","unstructured":"Jialiu Lin, Shahriyar Amini, Jason I. Hong, Norman Sadeh, Janne Lindqvist, and Joy Zhang. 2012. Expectation and purpose: Understanding users\u2019 mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp \u201912). 501\u2013510."},{"key":"e_1_3_4_44_2","doi-asserted-by":"crossref","DOI":"10.1109\/SocialCom.2013.15","article-title":"How increased awareness can impact attitudes and behaviors toward online privacy protection","author":"Malandrino Delfina","year":"2013","unstructured":"Delfina Malandrino, Vittorio Scarano, and Raffaele Spinelli. 2013. How increased awareness can impact attitudes and behaviors toward online privacy protection. In Proceedings of the 2013 International Conference on Social Computing. 57\u201362.","journal-title":"Proceedings of the 2013 International Conference on Social Computing."},{"key":"e_1_3_4_45_2","volume-title":"Qualitative Data Analysis: A Methods Sourcebook","author":"Miles Matthew B.","year":"2018","unstructured":"Matthew B. Miles, A. Michael Huberman, and Johnny Salda\u00f1a. 2018. Qualitative Data Analysis: A Methods Sourcebook. SAGE Publications."},{"key":"e_1_3_4_46_2","doi-asserted-by":"crossref","first-page":"592","DOI":"10.1109\/ARES.2015.80","volume-title":"Proceedings of the 10th International Conference on Availability, Reliability, and Security (ARES \u201915)","author":"Petkos Georgios","year":"2015","unstructured":"Georgios Petkos, Symeon Papadopoulos, and Yiannis Kompatsiaris. 2015. PScore: A framework for enhancing privacy awareness in online social networks. In Proceedings of the 10th International Conference on Availability, Reliability, and Security (ARES \u201915). IEEE, 592\u2013600."},{"key":"e_1_3_4_47_2","first-page":"226","volume-title":"IFIP Summer School on the Future of Identity in the Information Society","author":"P\u00f6tzsch Stefanie","year":"2008","unstructured":"Stefanie P\u00f6tzsch. 2008. Privacy awareness: A means to solve the privacy paradox? In IFIP Summer School on the Future of Identity in the Information Society. Springer, 226\u2013236."},{"key":"e_1_3_4_48_2","volume-title":"Introduction to Social Research: Quantitative and Qualitative Approaches","author":"Punch Keith F.","year":"2013","unstructured":"Keith F. Punch. 2013. Introduction to Social Research: Quantitative and Qualitative Approaches. SAGE Publications."},{"key":"e_1_3_4_49_2","volume-title":"Handling Qualitative Data: A Practical Guide","author":"Richards Lyn","year":"2020","unstructured":"Lyn Richards. 2020. Handling Qualitative Data: A Practical Guide. SAGE Publications."},{"key":"e_1_3_4_50_2","first-page":"1","volume-title":"Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP \u201906)","author":"Romanosky Sasha","year":"2006","unstructured":"Sasha Romanosky, Alessandro Acquisti, Jason Hong, Lorrie Faith Cranor, and Batya Friedman. 2006. Privacy patterns for online interactions. In Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP \u201906). 1\u20139."},{"issue":"4","key":"e_1_3_4_51_2","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1007\/S40037-019-00530-X","article-title":"Limited by our limitations","volume":"8","author":"Ross Paula T.","year":"2019","unstructured":"Paula T. Ross and Nikki L. Bibler Zaidi. 2019. Limited by our limitations. Perspectives on Medical Education 8, 4 (2019), 261\u2013264.","journal-title":"Perspectives on Medical Education"},{"key":"e_1_3_4_52_2","doi-asserted-by":"crossref","unstructured":"A. Sadeghi C. Wachsmann and M. Waidner. 2015. Security and privacy challenges in Industrial Internet of Things. In Proceedings of the 2015 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC \u201915). 1\u20136.","DOI":"10.1145\/2744769.2747942"},{"key":"e_1_3_4_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/3539736"},{"key":"e_1_3_4_54_2","doi-asserted-by":"crossref","DOI":"10.1109\/SPW54247.2022.9833858","article-title":"Measuring developers\u2019 web security awareness from attack and defense perspectives","author":"Sahin Merve","year":"2022","unstructured":"Merve Sahin, Tolga Unlu, Cedric Hebert, Lynsay A. Shepherd, Natalie Coull, and Colin Mc Lean. 2022. Measuring developers\u2019 web security awareness from attack and defense perspectives. In Proceedings of the 43rd IEEE Symposium on Security and Privacy Workshops (SPW \u201922). 31\u201343.","journal-title":"Proceedings of the 43rd IEEE Symposium on Security and Privacy Workshops (SPW \u201922)."},{"key":"e_1_3_4_55_2","article-title":"Internet Security Glossary, Version 2","author":"Shirey Robert W.","year":"2007","unstructured":"Robert W. Shirey. 2007. Internet Security Glossary, Version 2. RFC 4949. RFC Editor.","journal-title":"RFC 4949"},{"key":"e_1_3_4_56_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-84800-044-5","volume-title":"Guide to Advanced Empirical Software Engineering","author":"Shull Forrest","year":"2008","unstructured":"Forrest Shull, Janice Singer, and Dag I. K. Sj\u00f8berg. 2008. Guide to Advanced Empirical Software Engineering. Springer."},{"key":"e_1_3_4_57_2","doi-asserted-by":"crossref","first-page":"106750","DOI":"10.1016\/j.chb.2021.106750","article-title":"No to cookies: Empowering impact of technical and legal knowledge on rejecting tracking cookies","volume":"120","author":"Strycharz Joanna","year":"2021","unstructured":"Joanna Strycharz, Edith Smit, Natali Helberger, and Guda van Noort. 2021. No to cookies: Empowering impact of technical and legal knowledge on rejecting tracking cookies. Computers in Human Behavior 120 (2021), 106750.","journal-title":"Computers in Human Behavior"},{"key":"e_1_3_4_58_2","doi-asserted-by":"crossref","unstructured":"Mohammad Tahaei Alisa Frik and Kami Vaniea. 2021. Privacy champions in software teams: Understanding their motivations strategies and challenges. In Proceedings of the Conference on Human Factors in Computing Systems (CHI \u201921).","DOI":"10.1145\/3411764.3445768"},{"key":"e_1_3_4_59_2","volume-title":"Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS \u201912)","author":"Ur Blase","year":"2012","unstructured":"Blase Ur, Pedro Giovanni Leon, Lorrie Faith Cranor, Richard Shay, and Yang Wang. 2012. Smart, useful, scary, creepy: Perceptions of online behavioral advertising. In Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS \u201912). Article 4, 15 pages."},{"key":"e_1_3_4_60_2","doi-asserted-by":"crossref","unstructured":"Michael Veale and Frederik Zuiderveen Borgesius. 2022. Adtech and real-time bidding under European data protection law. Cambridge Law Journal 23 2 (2022) 226\u2013256.","DOI":"10.1017\/glj.2022.18"},{"key":"e_1_3_4_61_2","unstructured":"Wirewheel. 2021. Data Privacy Laws in 2022: What You Need to know. Retrieved February 24 2024 from https:\/\/wirewheel.io\/blog\/data-privacy-laws-guide\/"},{"key":"e_1_3_4_62_2","volume-title":"Case Study Research and Applications","author":"Yin Robert K.","year":"2018","unstructured":"Robert K. Yin. 2018. Case Study Research and Applications. SAGE."},{"key":"e_1_3_4_63_2","first-page":"31","article-title":"Architectural patterns for enabling application security","volume":"51","author":"Yoder Joseph W. J. W.","year":"1998","unstructured":"Joseph W. J. W. Yoder and Jeffrey Barcalow. 1998. Architectural patterns for enabling application security. Proceedings of PLoP 1997 51 (1998), 31.","journal-title":"Proceedings of PLoP 1997"},{"key":"e_1_3_4_64_2","volume-title":"Proceedings of the 7th International Workshop on Data Mining for Online Advertising (ADKDD \u201913)","author":"Yuan Shuai","year":"2013","unstructured":"Shuai Yuan, Jun Wang, and Xiaoxue Zhao. 2013. Real-time bidding for online advertising. In Proceedings of the 7th International Workshop on Data Mining for Online Advertising (ADKDD \u201913). Article 3, 8 pages."}],"container-title":["ACM Transactions on Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3648480","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3648480","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:50:19Z","timestamp":1750287019000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3648480"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,23]]},"references-count":63,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,5,31]]}},"alternative-id":["10.1145\/3648480"],"URL":"https:\/\/doi.org\/10.1145\/3648480","relation":{},"ISSN":["2691-1914","2577-6207"],"issn-type":[{"type":"print","value":"2691-1914"},{"type":"electronic","value":"2577-6207"}],"subject":[],"published":{"date-parts":[[2024,4,23]]},"assertion":[{"value":"2023-05-03","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-01-20","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-04-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}