protection , the relation between legislation and technology , identity , data mining , and employee privacy . As one specific example, Strahilevitz outlines a methodology for helping courts decide on whether an individual has a reasonable expectation of privacy based on the social networking literature . As another example, Murphy discusses whether or not the default privacy rule should allow disclosure or protection of personal information .
Privacy research is closely intertwined with security research. However, we will not reference HCI work in the security field. Instead, we direct readers to the books Security and Usability  and Multilateral Security in Communications  for more information.
We also only tangentially mention IT management. Management is becoming increasingly important in connection to privacy, especially after the enactment of data protection legislation . However, academia largely ignores these issues and industry does not publish on these topics because specialists perceive knowledge in this area as a strategic and confidential asset. Governments occasionally publish reports on privacy management. However, the reader should be aware that there is much unpublished knowledge in the privacy management field, especially in CSCW and e-commerce contexts.
This survey paper also focuses primarily on end-users who employ personal applications, such as those used in telecommunications and e-commerce. We only partially consider applications in workplaces. However, perceived control of information is one of the elements of acceptance models such as Venkatesh et al.’s extension  of the Technology Acceptance Model . Kraut et al. discuss similar acceptance issues in a CSCW context , pointing out that in addition to usefulness, critical mass and social influences affect the adoption of novel technologies.
2 The Privacy Landscape
In this section, we introduce often-cited foundations of the privacy discourse. We then discuss two perspectives on privacy that provide useful characterizations of research and design efforts, perspectives that affect how we bring to bear the notions of law and architecture on the issue of privacy. These perspectives are (1) the grounding of privacy on principled views as opposed to on common interest, (2) the differences between informational self-determination and personal privacy. Finally, we provide a historical outlook on 30 years of privacy HCI research and on how privacy expectations co-evolved with technology.
2.1 Often-Cited Legal Foundations
In this section, we describe a set of legal resources often cited by privacy researchers. In our opinion, HCI researchers working in the field of privacy should be familiar with all these texts because they show how to approach many privacy issues from a social and legal standpoint, while uncovering areas where legislation may be lacking.
end-user-privacy-in-human-computer-interaction-v57.docPage 7 of 85