My doctoral research was carried out at the multidisciplinary Horizon Centre for Doctoral Training and Mixed Reality Lab, School of Computer Science, University of Nottingham. It was submitted on time in September 2016 and my supervisors were Professors Tom Rodden and Lilian Edwards. It was awarded after my viva in March 2017 with no corrections (except typographical), after being examined by Professors Burkhard Schafer and Derek McAuley. The PhD is titled: Towards User-Centric Regulation: Exploring the Interface between Information Technology Law and Human Computer Interaction. It is now available online here and the abstract is at the bottom of the page.

As part of this RCUK/EPSRC multidisciplinary 4-year PhD programme, I also completed a quasi MSc programme of modules in year 1, studying 180 credits in a range of subjects across the University of Nottingham. I passed with  68% average with training the following areas:

  • Innovation and Society’ (Science & Technology Studies/Sociology – 85%),
  • ‘Ubiquitous Computing’ (Computer Science – 73%),
  • ‘Introduction to Computer Programming’ – Java (Computer Science – 65%),
  • Human Computer Systems (Human Factors Engineering – 64%),
  • Studying Human Performance (Human Factors Engineering/Psychology – 62%),
  • Geospatial Information Services (Geography/Computer Science – 60%),
  • ‘Innovation and Technology Transfer’ (Business Studies & Entrepreneurship – 60%);
  • Practice Led Project (Horizon – 68%);
  • Research and Professional Skills (Horizon – 65%);
  • Interdisciplinary Group Project (Horizon – 65%);
  • UoN Graduate School Modules on managing your research; using Posters to Communicate Research; Art of Brilliant Leadership; Time Management; Nature of the Doctorate.

During the PhD I also attended a large number of summer and winter doctoral schools.

  • RCUK Digital Economy Summer School, Web Science and Big Data Analytics, University of Southampton, 12th-15th July 2015
  • ACM Ubicomp 2014 Doctoral Consortium, Seattle, 11th September 2014
  • Microsoft Research Cambridge 2014 Summer School (Invite only) – 30th June – 5th July 2014 – poster presentation
  • RCUK Digital Revolutions/Doctoral School in Healthcare Innovation, Digital Economy Summer School, University of Oxford, 9-10th July 2013
  • COST Action – Living in Surveillance Societies (LiSS) & Centre for Research Information, Surveillance and Privacy (CRISP) Winter Doctoral Training School, University of Stirling, 3rd-8th February 2013
  • Socio-Legal Scholars Association Postgraduate Training Conference, University of Leicester, 2013

PhD Abstract: Towards User Centric Regulation

The thesis investigates the role of technology designers in regulation. Emerging information technologies are complex to regulate. They require new strategies to support traditional approaches. We focus on the use of technology design as a regulatory tool. Whilst this solution has significant conceptual traction, what it means in practice is not clear. Deeper investigation of the role of the design community in regulation is necessary to move these strategies from theory into practice. We structure our analysis by asking: how can we understand the role of designers in the regulation of emerging technologies?

We answer this question from four primary perspectives: conceptual, legal, practical and design. We situate our investigation within the context of the domestic internet of things and information privacy by design. We adopt an overtly multidisciplinary approach, critically assessing how to bring together the human-computer interaction and information technology law communities. To do this, we utilise a range of qualitative methods, including case studies, documental and legal analysis, semi-structured expert interviews, questionnaires, focus groups, workshops, and development, testing and evaluation of a design tool. Our contributions are as follows:

Conceptually, we provide a critical investigation of the role of technology designers in regulation by consolidating, evaluating and aligning a range of theoretical perspectives from human-computer interaction (HCI) and information technology (IT) law. We draw these together through the concept of user-centric regulation. This concept advocates a user focused, interaction led approach to position the role of designers in regulation. It draws on the turn to human values and societal issues in HCI, and the increasing reliance within IT law on design for regulation of emerging technologies.

Legally, we present two detailed case studies of emerging technologies (domestic internet of things and smart metering) mapping the emerging legal landscape and challenges therein. We situate the role of designers, as regulators, within this space, and show how they can respond accordingly through their user-centric focus.

Practically, we analyse experiences from leading experts in technology design and regulation to understand the challenges of doing information privacy by design (PbD) for the IoT. We present our findings within the framing of technological, business and regulatory perspectives.

Lastly, we present a design tool, ‘information privacy by design cards’, to support designers in doing PbD. This tool has been designed, tested and refined, providing us with a practical approach to doing user-centric regulation. Based on our findings from using the cards, we provide the concept of regulatory literacy to clearly conceptualise the role of designers in regulation.

Keywords: User Centric Regulation; Information Technology Law; Human Computer Interaction; Privacy by Design; Internet of Things; Smart Homes.