This thesis contributes to our Delft Design for Value project.
The recently introduced General Data Protection Regulation (GDPR) allows universities to use WiFi Access data for their research activities. The richness, ubiquity, and scalability of WiFi tracking make it an extremely relevant resource for studying the behavior and mobility patterns of groups and social systems. However, it is also a sensitive attribute and can pose serious privacy harms to data subjects, who often are unaware of the collection of this data and its usage. There are some voices in the academia asking for a more ethical approach when processing opportunistic sensor data, one that uses the consent of the data subject as a necessary foundation for enabling the analysis of personal information. In this regard, there are some alternatives proposed in the literature from which the dataBox stands out. This concept, developed by Mortier and colleagues for the smart-household, is repurposed in the Thesis to the context of scientific research. The dataBox can become the data subject’s portal for the future research data platform from TU Delft, currently being developed by several researchers from the University. This interface enables data subjects to support data-driven research by giving their informed consent to the researcher’s data requests. The thesis addresses the question of how to design the user experience of such dataBox transparently and trustworthily, equipping the University population with the control and knowledge needed to share their data in the degree they feel comfortable with. The research conducted demonstrates the adequacy of the dataBox concept to satisfy the data subject’s concerns and expectations about the data collections conducted by researchers from the University. Furthermore, it stresses the need for an onboarding phase previous to the negotiation and follow-up phases proposed by Mortier. The onboarding has been demonstrated necessary to enable data subject’s informed consent when facing participation requests since without it are likely to misinterpret the risks entangled. The UX design of such an onboarding phase is detailed through a list of guidelines, which have been validated over three dimensions: Perceived control, trustworthiness, and transparency.The research also brings clarity over the different perspectives towards sharing data in the University, which differs from the more general classification found in the literature about consumer data privacy. Three novel categories are formulated, based on the results of a Research Through Design process. These categorizations extend the literature about privacy perception in the context of scientific research. This knowledge feeds the design of the proposed UX and is useful to segment the analysis of future features. Additional work is required to detail the UX of the negotiation and follow-up phases since the guidelines presented focus on the onboarding phase.