Personalization at websites can be at odds with privacy since personalization necessitates the collection of considerable amounts of personal data. Numerous consumer surveys revealed that computer users are very concerned about their privacy online. The collection of personal data is also subject to legal regulations in many countries and states.
This talk presents work in the area of Privacy-Enhanced Personalization that aims at reconciling personalization with privacy through suitable human-computer interaction strategies and privacy-enhancing technologies. We present a dynamic user modeling framework that supports compliance with users’ personal privacy preferences and the privacy laws and regulations that apply to them. The framework is based on a software product line architecture and dynamically selects personalization methods during runtime that meet these privacy constraints.
A performance evaluation with four implementations of our system demonstrates that our approach is technically feasible with comparatively modest additional resources, even for web sites with the highest traffic today. A controlled user experiment to gauge user reactions to the privacy controls that our framework enables showed that users who are able to specify privacy preferences and view the resulting effects on employed personalization methods deemed it useful, and had fewer privacy concerns as measured by higher disclosure of their personal data and by increased sales.