Chat rooms and digital meetings in the home office: the boundary between the professional and private worlds is becoming increasingly blurred, and privacy is being called into question by digital technology. Instead of banning technology, researchers at the University of Kassel are using "nudges" to encourage smart behavior as part of the Nudger research project. 

Workers are to be "nudged" to make better decisions for data protection. That's the idea behind the "Nud­went Pri­va­cy in the di­gi­ta­li­sier­ten Ar­beits­world" project. "People often behave irrationally," explains project leader Dr. Andreas Janson from the Department of Information Systems at the University of Kassel. "Even though we know exactly how much data we give out every day, we don't do anything about it on our own."

The researchers developed a building block of potential nudge solutions for digital enterprise tools. "The solutions are often simple, their technical implementation straightforward, but the impact of such design options can be enormous," Janson explains. For example, privacy-compliant settings can be marked with signal colors, or video conferencing can be preset so that a person's background is hidden by default.

Similar systems already exist. Probably the best known is the consent to cookies, which is requested when a page is visited. "Cookie banners often have color elements that make the 'accept all cookies' option stand out. However, in our opinion, reject should be highlighted or at least given equal prominence. The default settings should be such that all cookies are initially disabled and would have to be actively selected," explains project participant Sabrina Schomberg from the Department of Public Law, IT Law and Environmental Law at the University of Kassel. Janson adds, "If something is preset, users often simply nod this off. We use this behavior for positive purposes and to protect privacy."

In addition to technical issues, the project also addressed ethical and legal ones. "Everyone is allowed to make bad decisions, too, and so we dealt with the problem of paternalism," Schomberg said. "However, Article 25 (2) of the GDPR obliges data protection-friendly default settings. In this respect, we help with the implementation. It is important to us that users still have the option of changing their settings.

The project was funded by the BMBF with approximately 1.23 million euros. It was implemented by the University of Kassel, represented by the coordinating Department of Information Systems(Prof. Dr. Jan Marco Leimeister) and the Department of Public Law, IT Law and Environmental Law(Prof. Dr. Gerrit Hornung), Lyncronize GmbH (Dr. Philipp Bitzer, Dr. René Wegener), and the Fraunhofer Institute for Industrial Engineering IAO and Future Work Lab (Sven Schuler).