This project involves a group of researchers working in five academic disciplines (Computer Science, Tourism and Hospitality Management, Psychology, Business, Law) at three UK universities (University of Kent, University of Surrey, University of Warwick). The project is led by Prof Shujun Li of Kent Interdisciplinary Research Centre in Cyber Security (KirCCS), the University of Kent. It has an overall budget of £~1.4m, with 80% (£~1.1m) funding from Engineering and Physical Sciences Research Council (EPSRC). It is part of 11 granted projects following EPSRC's 2017 call on "Trust, Identity, Privacy and Security in the Digital Economy 2.0" (EPSRC news release). It will start in October 2018 and will last for 36 months until September 2021. Below please find the public summary of the project as published by EPSRC on its Grants on the Web website.
The consumption of a seamless travel experience requires travellers to share their personal data with numerous individual travel and tourism service providers. There is a general lack of guidelines on how travellers should manage their data sharing activities while travelling, which lead to two unwanted situations:
- travellers simply share their data without understanding the privacy and security risks and consequences;
- travellers become over-worried about such risks so that they stop sharing data, which reduce their overall travel experience and prevent organisations to provide better (more personalised) services.
The wide spectrum of data sharing with many entities including on social media, instant messaging and other online social platforms makes the situations worse as travellers often cannot see a big picture of how they have shared their data in the past to adapt their data sharing behaviour.
PriVELT will address the two-sided challenges associated with offering a seamless and highly personalised end-to-end travel experience while balancing the privacy and security needs of leisure travellers. On the one hand, travel service providers need to identify effective ways to incentivise travellers to share personal data in exchange of tangible benefits such as higher quality service, personalised offers, discounts, or add-on services. On the other hand, travellers need to better manage the sharing of their personal data to minimise privacy-related risks while optimising value from a seamless travel experience. Therefore, PriVELT aims to develop an innovative user-centric and privacy-aware digital platform that will empower leisure travellers to better manage the sharing of their personal data with travel service providers and other entities and foster new business opportunities for the travel and tourism industry through encouraging better (more transparent and effective) usage of travellers' data.
PriVELT will develop the user-centric platform based on a holistic socio-technical framework of privacy-related traveller behaviour. The framework will provide intervention points to effectively nudge travellers to share their personal data more responsibly. PriVELT draws from theories in social sciences, including consumer psychology and behavioural economics, to better explain how consumers make decisions to disclose personal information in exchange for values. PriVELT also considers travellers' psychological limitation, such as limited understanding of privacy risks, which may induce irrational behaviour in privacy-related decision-making process while traveling.
In order to achieve its aim, PriVELT's research will be interdisciplinary, co-created, theory-informed, evidence-based, user-centric, and real world-facing. PriVELT will combine both social and technical methods to collect and analyse data, integrating focus groups and interviews with relevant stakeholders, a panel survey, lab-based user studies, and field studies with real domestic and international travellers (end users) to identify and apply an array of effective nudging strategies to inform travellers with risks and consequences of sharing personal data while traveling.
One of the key outcomes will be a digital platform that will be used for:
- monitoring travellers' data sharing activities;
- enhancing situational awareness of privacy risks related to data shared;
- providing an innovative way of achieving dynamic consent management for participants, allowing dynamic updating of the consent while travelling;
- providing better recommendations for travellers to adapt their data sharing behaviours.
The digital platform will be composed of three main components:
- tools at the traveller (user/client) side in the form of a mobile app,
- an infrastructure and tools at the server side for anonymised data aggregation and analytics purposes, and
- the API and user interfaces for consumers of data shared by travellers.