managed, and their use was not discretionary. The terminology used to describe privacy reflects this perspective as well. Data subjects were protected through data protection mechanisms, which were centrally administered and verified by a data controller or data owner (the organization managing the data). Trust originated in the government and in the accountability of data owners. HCI in the 1970s also reflected carefully planned, structured process modeling of non-discretionary applications . Computer-related work tasks were modeled and evaluated to improve performance, usability, and effectiveness using techniques such as GOMS .
This picture began to change with advances in personal computing. Discretionary use became the predominant mode for many applications, even in office settings, and HCI started to concentrate more on ease-of-use, learning curves, and pleasurable interaction. Users enjoyed increasing discretion of what applications and services to employ. At the same time, the collection of personal data expanded with advances in storage and processing power, making trust a fundamental component in the provisioning of IT services. This increased choice and shift of approaches is reflected in data protection legislation in the 1980s, where the original concepts of use limitation gives way to the more far-reaching concept of Informational Self-Determination .
Finally, the 1990s saw the emergence of the Internet, which enabled new kinds of applications and forms of communication. Regulators and industry started developing more flexible and comprehensive legislation to support the greatly increased amounts of personal information that was being shared and used. Privacy research followed these changes, acknowledging the use of IT for communication purposes and the increasing fluidity of personal information collected and used by individuals, businesses, and governments. The development of privacy-enhancing technologies like machine-readable privacy policies , of concepts such as Multilateral Security , and of technology supporting anonymous transactions (e.g., mail encryption tools, mix networks, anonymizing web services) are manifestations of the complexity of the IT landscape.
At the same time, HCI research and practices began to focus on the use of IT to enable interpersonal communications and support social and work groups, first in small environments such as offices, later in society at large. Example domains studied by HCI researchers at this time include remote collaboration, telecommunications, and organizations. Following these developments, interpersonal relations became an important domain of the privacy discourse, and research started to focus on interpersonal privacy within office environments [118, 215] and in everyday interactions and communications (e.g., instant messaging, email).
Today, the combination of wireless networking, sensors, and computing devices of all form factors has spurred the development of new kinds of mobile and ubiquitous computing applications. Many of these new applications operate in non-traditional settings, such as the home or groups of friends, which lead to new challenges for HCI and privacy [191, 267]. For example, the implicit nature of interaction with these systems requires developers to re-think both Norman’s seven steps of interaction  and established tenets of privacy such as informed consent . Furthermore, the type, quantity and quality of information collected from ubicomp environments significantly heighten risks of misuse.
end-user-privacy-in-human-computer-interaction-v57.docPage 13 of 85