**3. Examining privacy in gamified services**

Although privacy is an aspect that should be considered during the design phase of each type of service, it has been identified that few researchers have been focused on its relation with gamification. According to the literature, privacy satisfaction is based on the analyzation and elicitation of privacy requirements on the systems [50]. Many relevant engineering methodologies have been published which describe these requirements and explain how they can be analyzed within the systems [13, 17, 18, 50–58]. In [58], all requirements that were mentioned and used in [27] for the conduction of the results are described. These requirements are presented in **Table 2** along with their aim. An in-depth combination between gamification and this aspect, focusing on the peculiarity of gamified services related to the privacy requirements is provided in [27]. This relation has been examined, paying particular attention to the impact of gamification on privacy domain. Specifically, they recorded all game elements reported in the literature and identified which of them may harm users' privacy. This identification was based on the concept and the scope of each game element. Based on their findings, specific elements are identified whose concept is harmful for privacy requirements. In **Figure 1**, the

**83**

*The Role of Gamification in Privacy Protection and User Engagement*

**Aim**

Anonymity The identity cannot be compromised

Unlinkability The actions and identities cannot be linked Udetectability The existence of a component cannot be detected

Pseudonymity The use of a pseudonymous to ensure identity's anonymity

The actions between identities cannot be observed

categorization among harmful and nonharmful game elements is presented. For instance, when using a service which records users' personal information (HGE11), location (HGE6), and his/her interaction with other users (HGE2, HGE3, HGE4, and HGE10), then user's privacy cannot be protected. On the other hand, the selection of points (nHGE8) in order to pass levels (nHGE7) or the rules (nHGE10) and time constraints (nHGE1) are not harmful game elements, as, for instance, user's

*Harmful and nonharmful game elements for privacy. HGE, harmful game element; nHGE, non-harmful* 

Afterwards, a more detailed analysis has been published in [26], where authors presented their findings by designing a metamodel. In detail, after the first investigation of the relation between game elements and privacy requirements [27], authors selected some existent gamified services and recorded the used elements in order to examine their findings on real environments. According to the results [27], the game elements that have been implemented in these gamified services may harm users' privacy by violating the privacy requirements. The findings are illustrated in a metamodel which presents how each element is in conflict with the privacy requirements [26]. This conflict arises from the identified disadvantages of the game elements in [27]. Expanding previous work and according to this way of examination, in **Table 3**, the relation between game elements and privacy

information or actions are not recorded due to the constraint of time.

*DOI: http://dx.doi.org/10.5772/intechopen.91159*

Unobservability The actions

**Privacy requirements**

**Table 2.**

**Figure 1.**

*game element.*

*Privacy requirements.*

*The Role of Gamification in Privacy Protection and User Engagement DOI: http://dx.doi.org/10.5772/intechopen.91159*


### **Table 2.**

*Security and Privacy From a Legal, Ethical, and Technical Perspective*

the discussed works [8].

The role of gamification in health domain is quite crucial [23, 45–47]. The aim of the most gamified healthcare services is to educate users and engage users on protecting their health. A variety of such services can be found either for children or for adults. Some of them provide the opportunity of interaction between doctors and consultants, where, as an example, doctors can monitor the patients' progress on taking their medication [40]. Most of them notify users every time they have to take their prescription [40]. The gamified principle in such services can be the collection of points after responding to doctors' advices and prescriptions, resulting, sometimes, in the win of gifts. Therefore, users can protect their health through a more entertaining process. Beyond the above sectors, gamified services have been developed for cultural [11, 25] or touristic purposes [10, 48] offering benefits, such as cultural education and tourism's expansion, respectively. Furthermore, some studies tried to combine gamification with software engineering, indicating the state of the art on this field and the research gaps [49], while others elaborated research on gamification and education on software engineering in order to identify

To a lesser extent, studies which concern on gamification and security have been

According to the literature [22, 26], gamifying a service is a useful process for many reasons, discussed above. Since it consists of a method that has been introduced in ICTs the last years, more research is needed to be conducted concerning its

Although privacy is an aspect that should be considered during the design phase of each type of service, it has been identified that few researchers have been focused on its relation with gamification. According to the literature, privacy satisfaction is based on the analyzation and elicitation of privacy requirements on the systems [50]. Many relevant engineering methodologies have been published which describe these requirements and explain how they can be analyzed within the systems [13, 17, 18, 50–58]. In [58], all requirements that were mentioned and used in [27] for the conduction of the results are described. These requirements are presented in **Table 2** along with their aim. An in-depth combination between gamification and this aspect, focusing on the peculiarity of gamified services related to the privacy requirements is provided in [27]. This relation has been examined, paying particular attention to the impact of gamification on privacy domain. Specifically, they recorded all game elements reported in the literature and identified which of them may harm users' privacy. This identification was based on the concept and the scope of each game element. Based on their findings, specific elements are identified whose concept is harmful for privacy requirements. In **Figure 1**, the

recorded [13, 14], aiming to highlight the important role of security in services. Apart from the importance of gamification in security, it is also crucial to educate users on privacy issues, since by using these services, users' information is often disclosed. However, few research attempts have been identified, which combine gamification and privacy [19]. A more detailed analysis regarding gamification and privacy has been provided by [17], who focused on the software aspect of gamified applications regarding users' privacy. They identified that gamification is a method, whose principles may harm privacy requirements. Especially, in [26], a metamodel has been published, aiming to point out how privacy violation can be achieved by the core of gamification, in particular, the game elements. However, studies regarding the importance of users' awareness on privacy issues, as in the security area,

have not been recorded yet, which is a crucial research gap.

relationship with other sectors, such as privacy and security.

**3. Examining privacy in gamified services**

**82**

*Privacy requirements.*

### **Figure 1.**

*Harmful and nonharmful game elements for privacy. HGE, harmful game element; nHGE, non-harmful game element.*

categorization among harmful and nonharmful game elements is presented. For instance, when using a service which records users' personal information (HGE11), location (HGE6), and his/her interaction with other users (HGE2, HGE3, HGE4, and HGE10), then user's privacy cannot be protected. On the other hand, the selection of points (nHGE8) in order to pass levels (nHGE7) or the rules (nHGE10) and time constraints (nHGE1) are not harmful game elements, as, for instance, user's information or actions are not recorded due to the constraint of time.

Afterwards, a more detailed analysis has been published in [26], where authors presented their findings by designing a metamodel. In detail, after the first investigation of the relation between game elements and privacy requirements [27], authors selected some existent gamified services and recorded the used elements in order to examine their findings on real environments. According to the results [27], the game elements that have been implemented in these gamified services may harm users' privacy by violating the privacy requirements. The findings are illustrated in a metamodel which presents how each element is in conflict with the privacy requirements [26]. This conflict arises from the identified disadvantages of the game elements in [27]. Expanding previous work and according to this way of examination, in **Table 3**, the relation between game elements and privacy


### **Table 3.**

*The relation of game elements and privacy requirements.*

requirements is presented. In particular, the game elements, presented in the metamodel have some advantages, which it is noted that at the same time are turned into disadvantages and consist the reason of their conflict with requirements. The disadvantages of the elements concern on the violation of (a) users' anonymity and (b) pseudonymity, due to the record of personal characteristics, preferences, and information, (c) the unlinkability and (d) undetectability of actions and identities, as actions are recorded and monitored in parallel to the identities, and (d) the unobservability, since by recognizing the identity and the actions, a third party can monitor them. For instance, even if "avatars" is an element which provides an animated representation of the user, the technique which is implemented to achieve that is the one of the face recognitions. In case, users' faces, that is, users' characteristics, are recorded, their identity can be compromised, so their anonymity can be violated, as the actions can be linked to this identity.

Based on the results published in [26, 27], gamification is a method which should be considered in parallel with privacy issues during the design of systems, since several game elements are harmful for privacy requirements. Despite the adequate number of published privacy engineering methodologies, it would be useful to combine the concept of them with the principles of gamification, so that privacy is protected in gamified services. Thus, a more comprehensive analysis regarding the recommended steps of these methodologies in relation to the game elements would be useful, in order to identify if and how they can be implemented on gamification processes. In addition, focusing on the privacy aspect, in [59], privacy patterns have been published which present how privacy requirements can be protected when developing a system. Such software patterns are important to be developed in relation to game elements in order for the software developers to implement them

**85**

aspect in order to address them.

*The Role of Gamification in Privacy Protection and User Engagement*

will be aware of how they can protect their privacy on their own.

evaluation are recommended for future improvement of the program.

Likewise, for the security issues, it is also important for users to be aware on privacy issues, so as to protect their personal information and actions. In order for a user to achieve his/her own protection, he/she has to be aware of some issues, such as if other users know their information, by whom, how, why, and which of the information can be distributed [62]. Users' privacy protection is ethically, legally, technically, and socially very important, for the sake of addressing any social harmfulness, deriving from privacy violation. For instance, cyberbullying, related to the disclosure of personal information, is a social phenomenon observed mostly in young people and concerns on users' harassment and unauthorized use of their personal information [63]. In accordance to this example, several respective phenomena arise by violating privacy, and therefore, privacy awareness is a crucial

According to the findings of [26, 27], described above, there are game elements which harm privacy requirements. Thus, between privacy and gamification, the conflict concerns only the harmful game elements, as presented in **Figure 2**. By designing educational gamified systems, which provably [7, 12] engage users, with their concept to be on privacy issues, users will be able to protect their selves. In this figure, the major entities of privacy and gamification are illustrated, where on privacy domain the analyzation of privacy requirements in systems is needed to protect users' privacy, while in gamification, the design of gameful environments is crucial for the engagement of users. The relationship among entities is indicated and represented by directional bows that lead on the educational role of gamification in order for users to be aware of privacy issues. By adopting the harmful relation of these two entities [26, 27], which concerns on the harmful elements for privacy requirements, users can be trained on this, so that they will be educated (a) on the importance of

during the design of gamified systems. The design of privacy-friendly gamified systems is crucial, likewise the education of users on privacy issues. By this way, users will be able to use systems which protect their privacy, while in parallel, users'

Although it is important to provide gamified services which respect users' security and privacy, the crucial role of privacy and security awareness is undisputed. Especially, under the GDPR regulation, it is very important for users to know in which processes and why they give their permissions while using all ICTs. Information control is recognized as a key element in the perception and assumption of privacy risks [60]. Since, during the last years, many users use several types of ICTs to support their habits, the need of their awareness in order to protect their safety and personal information is increased even more. In [61], authors have published processes for the development of security awareness and training programs (SAT programs). The aim of these programs is the comprehension of security rules and the acquisition of skills regarding security, so as users avoid security violations that harm both themselves and the systems. For the development of SAT programs, four phases are recommended in [61]. The "Design phase" is the first step, where the budget, the target group, the needs of this group, and the program schedule have to be identified. The "Development phase" includes the determination of the concept and the issues that users should be aware of, for example, the protection of users' passwords and threats related to users' vulnerabilities. The third phase is the "Implementation phase", where the SAT program has to be implemented. In this step, it is important to explain the program to users in order for its purpose to be understandable. The "Post-Implementation phase" aims to record the use of the program for possible needed improvements, vulnerabilities, and advantages of it. Through a system, the results of its use should be recorded, so as the administrators of the program are able to monitor it during its implementation. Questionnaires, interviews, and other methods of

*DOI: http://dx.doi.org/10.5772/intechopen.91159*

### *The Role of Gamification in Privacy Protection and User Engagement DOI: http://dx.doi.org/10.5772/intechopen.91159*

*Security and Privacy From a Legal, Ethical, and Technical Perspective*

Avatar Recognition and recording of user's

Communication with other

Team tournaments, group tasks, collaboration

*The relation of game elements and privacy requirements.*

players

**Table 3.**

characteristics

Challenge Recognition of the opponent's information and

Competition Recognition of personal information and

Leaderboards Recognition and recording of the opponent's information

Notification Recording user's actions depending on his reaction

Roles Recognition of the user's preferences and

Profiles Recording of user's personal information and

*R1, anonymity; R2, pseudonymity; R3, unlinkability; R4, undetectability; R5, unobservability.*

**Game elements Reason of violation Violated privacy** 

Recognition of the user's characteristics and

connection between identities

interaction between identities

connection between identities

Quiz Recording of user's awareness and information R1, R2, R3

behavioral characteristics

interaction and information

Location Recording of user's location R1, R2, R3, R4, R5

Recording and recognition of the user's

connection with their actions and preferences

**requirements**

R1, R3

R1, R2, R3, R4, R5

R1, R2, R3, R4, R5

R1, R2, R3, R4, R5

R1, R2, R3, R4, R5

R1, R2, R3, R4, R5

R1, R2, R3, R4, R5

R1, R2, R3, R4, R5

R1, R2, R3

requirements is presented. In particular, the game elements, presented in the metamodel have some advantages, which it is noted that at the same time are turned into disadvantages and consist the reason of their conflict with requirements. The disadvantages of the elements concern on the violation of (a) users' anonymity and (b) pseudonymity, due to the record of personal characteristics, preferences, and information, (c) the unlinkability and (d) undetectability of actions and identities, as actions are recorded and monitored in parallel to the identities, and (d) the unobservability, since by recognizing the identity and the actions, a third party can monitor them. For instance, even if "avatars" is an element which provides an animated representation of the user, the technique which is implemented to achieve that is the one of the face recognitions. In case, users' faces, that is, users' characteristics, are recorded, their identity can be compromised, so their anonymity can be

Based on the results published in [26, 27], gamification is a method which should

be considered in parallel with privacy issues during the design of systems, since several game elements are harmful for privacy requirements. Despite the adequate number of published privacy engineering methodologies, it would be useful to combine the concept of them with the principles of gamification, so that privacy is protected in gamified services. Thus, a more comprehensive analysis regarding the recommended steps of these methodologies in relation to the game elements would be useful, in order to identify if and how they can be implemented on gamification processes. In addition, focusing on the privacy aspect, in [59], privacy patterns have been published which present how privacy requirements can be protected when developing a system. Such software patterns are important to be developed in relation to game elements in order for the software developers to implement them

violated, as the actions can be linked to this identity.

**84**

during the design of gamified systems. The design of privacy-friendly gamified systems is crucial, likewise the education of users on privacy issues. By this way, users will be able to use systems which protect their privacy, while in parallel, users' will be aware of how they can protect their privacy on their own.

Although it is important to provide gamified services which respect users' security and privacy, the crucial role of privacy and security awareness is undisputed. Especially, under the GDPR regulation, it is very important for users to know in which processes and why they give their permissions while using all ICTs. Information control is recognized as a key element in the perception and assumption of privacy risks [60]. Since, during the last years, many users use several types of ICTs to support their habits, the need of their awareness in order to protect their safety and personal information is increased even more. In [61], authors have published processes for the development of security awareness and training programs (SAT programs). The aim of these programs is the comprehension of security rules and the acquisition of skills regarding security, so as users avoid security violations that harm both themselves and the systems. For the development of SAT programs, four phases are recommended in [61]. The "Design phase" is the first step, where the budget, the target group, the needs of this group, and the program schedule have to be identified. The "Development phase" includes the determination of the concept and the issues that users should be aware of, for example, the protection of users' passwords and threats related to users' vulnerabilities. The third phase is the "Implementation phase", where the SAT program has to be implemented. In this step, it is important to explain the program to users in order for its purpose to be understandable. The "Post-Implementation phase" aims to record the use of the program for possible needed improvements, vulnerabilities, and advantages of it. Through a system, the results of its use should be recorded, so as the administrators of the program are able to monitor it during its implementation. Questionnaires, interviews, and other methods of evaluation are recommended for future improvement of the program.

Likewise, for the security issues, it is also important for users to be aware on privacy issues, so as to protect their personal information and actions. In order for a user to achieve his/her own protection, he/she has to be aware of some issues, such as if other users know their information, by whom, how, why, and which of the information can be distributed [62]. Users' privacy protection is ethically, legally, technically, and socially very important, for the sake of addressing any social harmfulness, deriving from privacy violation. For instance, cyberbullying, related to the disclosure of personal information, is a social phenomenon observed mostly in young people and concerns on users' harassment and unauthorized use of their personal information [63]. In accordance to this example, several respective phenomena arise by violating privacy, and therefore, privacy awareness is a crucial aspect in order to address them.

According to the findings of [26, 27], described above, there are game elements which harm privacy requirements. Thus, between privacy and gamification, the conflict concerns only the harmful game elements, as presented in **Figure 2**. By designing educational gamified systems, which provably [7, 12] engage users, with their concept to be on privacy issues, users will be able to protect their selves. In this figure, the major entities of privacy and gamification are illustrated, where on privacy domain the analyzation of privacy requirements in systems is needed to protect users' privacy, while in gamification, the design of gameful environments is crucial for the engagement of users. The relationship among entities is indicated and represented by directional bows that lead on the educational role of gamification in order for users to be aware of privacy issues. By adopting the harmful relation of these two entities [26, 27], which concerns on the harmful elements for privacy requirements, users can be trained on this, so that they will be educated (a) on the importance of

**Figure 2.** *Privacy protection by harmful game elements.*

protecting the privacy requirements, (b) on recognizing the harmful game elements, (c) on how to protect their privacy while using these elements, and (d) on the consequences of their privacy violation if these elements carry on harming privacy requirements. The result of this process concerns the existence of awareness of users on privacy issues. Such educational programs, aiming to enhance users' privacy awareness level, are therefore significant in achieving a balance between users' need for the protection of their personal information during using gamified services and their need for using game elements within them that are harmful for their privacy.

Thus, in order to spread awareness to users through more entertaining processes, gamification can be considered, while developing privacy awareness services as well. Some examples have been recorded regarding security awareness [64, 65], but gamified attempts are also needed as far as privacy awareness concerns. The contribution of gamification in these services concerns on the engagement of users on using them, resulting on the effective education of users.
