Tech Report
On the Privacy Implications of Releasing Consumer-Activity Data
There is growing awareness among web users that online organisations are collecting vast amounts of information about them and their activities. With this awareness is an implicit expectation that such data, generally called consumer data, should also be made accessible to the users themselves, and for their own benefit. Generally, it is considered not only fair that such data is not kept locked and out of user's reach, but also that it would lead to greater transparency and accountability of the organisations collecting them. As with any process which publishes data, there is a strong expectation that eventually it would lead to potentially complex privacy issues. In this paper, we focus on what we believe is significant and yet the least explored data type: consumer-activity data, i.e., data (Web access logs) generated by an organisation which tracks the usage and interactions of its online services and resources. We conducted a qualitative study with the goal to investigate the consequences of making such consumer-activity data available to the users who generated them, especially on the privacy challenges that might emerge, both from the organisation's point of the view and that of the individuals who were being tracked. This was achieved by exposing a group of 12 users to a prototype personal analytics dashboard, giving them access to information about their own usage and interactions with the online systems of a large educational organisation (The Open University in the UK). Although, the findings of the study showed that there are potential benefits for the users, it also identified several privacy risks and challenges which needs to be addressed.