by Patrick Jost (NTNU), Gisela Böhm (University of Bergen), Monica Divitini (NTNU) and Ingvar Tjostheim (Norwegian Computing Center)

Data is being collected everywhere, and people are often unaware of what information they share, with whom and what it is used for. Games have the potential to increase people’s awareness about privacy and, at the same time, help researchers to better understand decision-making processes around data sharing. This is the challenge addressed by ALerT, a multi-disciplinary project aiming at developing serious games and research tools for privacy awareness.

ALerT aims to develop serious games to promote privacy awareness. For citizens, the games are used for practising and learning. For researchers, the games are a tool for studying how to evoke users’ awareness and for understanding choices involving the use of personal data.

In order to address the complexity of the problem, the games do not aim at providing simulations of specific situations. Rather, the objective is to let players explore different scenarios, creating awareness of the risks and tradeoffs connected with the use of personal data. This will be done in serious games by promoting understanding and reflection. The ALerT approach recognises the importance of reflection in the form of, for example, debriefing sessions after the game or reflection triggers in the game. Reflective learning theories will be used to inform the design of the ALerT games. In addition, the project will explore different game dynamics to promote learning and engagement, including individual and collaborative game dynamics. ALerT will also investigate different modalities of interaction, including traditional desktop games, but also mobile games and hybrid board games to promote richer learning experiences.

The games aim to trigger System 2 modes of thinking, i.e., helping players to move from an automatic reaction when sharing data to consciously reflecting on the current problem, and deliberately anticipating potential future effects of their behaviour. The design of the games will be based on the dual-process model proposed in [1], providing cues on the consequences of sharing private information as well as provoking moral evaluation of the conduct of mobile apps, internet and software companies.

The first game has been developed using chatbot technology. The game is intended to help students to learn about the privacy challenges that are connected to data sharing in the context of smart cities [2]. Initial evaluation of the game showed that the learning benefits perceived by students are higher for older students (15-18 years old) and for students who report less time spent playing video games.

Figure 1: Modular game framework “Conquest of Shareadise”.
Figure 1: Modular game framework “Conquest of Shareadise”.

We are currently developing a modular game framework called Conquest of Shareadise (Figure 1, left) that can be used by researchers to explore unobtrusive strategies of assessing and improving privacy choices following psychological theories [3]. The framework is designed to mediate a variety of privacy-related scenarios to citizens/players while presenting an engaging and enjoyable experience. Conquest of Shareadise is developed to run on web browsers as well as mobile devices for reaching a broad audience. First privacy challenges created with the quest-oriented game frame demonstrated the potential for investigating privacy decisions while maintaining an engaging game flow. Significant differences between experienced lecturers and high school students could be observed when reflecting about sharing private data and spreading potential fake news. Students showed low awareness when sharing false information which underlines the importance of data sharing education. An accompanying workshop is under development for the co-creation of modular game scenarios with participating students and researchers (Figure 1, right). The toolset will provide scientists and educators with a research-oriented approach for ideating balanced game experiences while integrating evaluation and reflection concepts.

While the project is national, it keeps a European perspective on privacy behaviour and personal data sharing. The workshop concept and tools will be refined with gameplay and creation sessions at several European universities involving researchers and students from multiple disciplines including Game Design, Human Factors Computing and Psychology.


[1] G. Böhm, H.-R. Pfister: “The perceiver’s social role and a risk’s causal structure as determinants of environmental risk evaluation,” J. Risk Res., vol. 20, no. 6, pp. 732–759, 2017.
[2] E. Berger et al.: “PrivaCity - A Chatbot Game to Raise Privacy Awareness Among Teenagers”, in LNCS 11913, Springer, 2019, 293–304
[3] A. Acquisti: “Nudging privacy: The behavioral economics of personal information”, IEEE Security and Privacy, 7(6):82–85, 2009.

Please contact:
Monica Divitini, NTNU, Norway
+47 91897790
This email address is being protected from spambots. You need JavaScript enabled to view it.

Next issue: October 2024
Special theme:
Software Security
Call for the next issue
Image ERCIM News 121 epub
This issue in ePub format

Get the latest issue to your desktop
RSS Feed