Ruizhe Wang (University of Waterloo), Roberta De Viti (MPI-SWS), Aarushi Dubey (University of Washington), Elissa M. Redmiles (Georgetown University)
While voluntary donation of private health information enables valuable research, privacy concerns often deter potential donors. Privacy Enhancing Technologies (PETs) aim to address these concerns, yet their effectiveness in encouraging data sharing remains unclear. This study conducts a vignette survey (N = 494) with participants recruited from Prolific to examine the willingness of US-based people to donate medical data for developing new treatments. It investigates four general guarantees offered across PETs: data expiration, anonymization, purpose restriction, and access control and two mechanisms for verifying these guarantees: self-auditing and expert auditing. This study also controls for the impact of confounds, including demographics and two types of data collectors: for-profit and non-profit institutions.
Our findings reveal that respondents hold such high expectations of privacy from non-profit entities a priori that explicitly outlining privacy protections has little impact on their overall perceptions. In contrast, offering privacy guarantees elevates respondents’ expectations of privacy for for-profit entities, bringing them nearly in line with those for non-profit organizations. Further, while the technical community has suggested audits as a mechanism to increase trust in PET guarantees, we observe limited effect from transparency about such audits. We emphasize the risks associated with these findings and underscore the critical need for future interdisciplinary research efforts to bridge the gap between the technical community’s and end-users’ perceptions regarding the effectiveness of auditing PETs.