The recorded game elements.
The interaction between users and several technologies has rapidly increased. In people’s daily habits, the use of several applications for different reasons has been introduced. The provision of attractive services is an important aspect that it should be considered during their design. The implementation of gamification supports this, while game elements create a more entertaining and appealing environment. At the same time, due to the collection and record of users’ information within them, security and privacy are needed to be considered as well, in order for these technologies to ensure a minimum level of security and protection of users’ information. Users, on the other hand, should be aware of their security and privacy, so as to recognize how they can be protected, while using gamified services. In this work, the relation between privacy and gamified applications, regarding both the software developers and the users, is discussed, leading to the necessity not only of designing privacy-friendly systems but also of educating users through gamification on privacy issues.
- privacy requirements
- privacy awareness
- game elements
Due to the digitalization of information, the use of several technologies has been introduced in people’s habits, which, consequently, signifies the prevalence of applications utilization, pertaining to many sectors . The Information and Communication Technologies (ICTs) may have different scopes and concepts based on the preferences and the aim of their developers. A variety of such technologies [2, 3] have been provided, aiming at educating users on specific topics, for example, by educational platforms for students and teachers, at endorsing products for marketing purposes, or other reasons, depending on the concept of each application.
Specific techniques or methods have been developed in order to improve the provision of their concept, such as a more appealing and interactive environment . By achieving to gain this benefit, a service will be more interesting, and its use will be increased. Consequently, the aim of its developer will be satisfied, as for instance in marketing domain, this will support the company’s profits. An example of such methods is gamification , the use of game elements in applications that are not games. Many game elements have been recorded in the literature and have been implemented in gamified services [5, 6, 7, 8, 9, 10, 11] in order to support several domains [7, 8, 12, 13, 14, 15, 16]. The benefits, provided by the implementation of the game elements, differ based on the concept of each service. The singularity of this method concerns on the increased engagement of users with gamified environments .
According to the above, it is clear that these technologies consist of a basic activity for users, and some of them may be helpful for their lives, for example, educational platforms. However, there are some issues that arise, namely security and privacy issues. While using all these ICTs, users’ information is stored, and their activities are recorded [17, 18, 19]. As a consequence, users’ personal information may be harmed. Thus, it is crucial to consider the protection of users’ security and privacy while designing services. Regarding the relation between gamification and these two important aspects, some studies have been published [13, 14, 20, 21], in which the harmful side of gamification, focusing on users’ security and privacy, is presented. Besides the importance of designing privacy-friendly and secure gamified services, it is also crucial for a user to be able to protect his/her own security and privacy. If a user becomes aware of this, then, several ethical and social issues will be addressed. So, on the one hand, it is important for developers to design security and privacy-friendly gamified services and on the other hand, users should be security- and privacy-aware. Adding to this point, in this work, the importance of users’ privacy awareness on protecting their privacy through gamification is discussed, and some preliminary results are presented.
The rest of the chapter is organized as follows. In Section 2, gamification is described, providing its benefits and implementation on several sectors. In Section 3, the relation between gamification and privacy is presented. Additionally, the importance of security and privacy awareness regarding gamification is highlighted and the contribution of gamification on educating users on privacy is discussed. Finally, Section 4 concludes the work, providing steps for future work.
2. Gamification in ICTs
Around 2010, the method of gamification has been introduced in ICTs, aiming to engage users on using technologies and to increase their interest . By implementing this method and especially by introducing game elements, the main principle of gamification, namely a more gameful interaction environment, can be developed . The definition, which is highly cited in previous research, was published in 2011 by , who defined gamification as the use of game elements in nongame contexts. Many game elements have been presented in the literature and their choice depends on the developers’ scope, the concept, and the structure of the gamified service. Each study mentions and describes an amount of game elements [24, 25, 26]. In , all mentioned game elements have been presented by conducting a review that recorded all game elements and introduced them in the relevant literature. In Table 1, the amount of game elements is presented along with the explanation of their concept. Additionally, some examples of gamified applications in several sectors are given out with the respective elements that have been assigned to them. In this work , the connection among elements can be identified. For instance, in order for a user to win badges, levels have to be passed or points have to be collected . So, with the intention of an application to be gamified, it is usual to include many game elements.
|Game elements||Explanation||Examples of studies or gamified services|
|Alternative activities||Many provided choices and tasks to users||[28, 29]|
|Achievements||The accomplishment of a task||[29, 30, 31]|
|Avatars||Users’ representation through animated processes||[31, 32]|
|Badges||After winning or accomplishing a task, badges are given||[12, 22, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38]|
|Challenges||The ability of a user to challenge a friend in order to compete||[5, 12, 22, 28, 31, 33, 39, 40, 41]|
|Communication with other players||Users’ communication through respective platforms||[12, 28, 30, 32]|
|Competition||Users’ competition on some steps||[12, 29, 31, 32, 34, 39, 42]|
|Content unlocking||Steps that have to be passed in order to unlock the next phase|||
|Feedback and progressive information||Provided information to help users for their status and recommendations||[22, 28, 30, 31, 32, 33, 39, 42]|
|Leaderboards||Users’ status on the service regarding their points or level||[12, 22, 28, 29, 31, 33, 34, 35, 39, 42, 43]|
|Levels||Phases that have to be passed||[12, 22, 28, 29, 30, 31, 32, 35, 39, 42]|
|Location||The connection with users’ location||[28, 32]|
|Notification||Users are notified to accomplish actions||[28, 32, 39, 40]|
|Points||The result of finishing a task can be illustrated by the collection of points||[5, 22, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39, 40, 41, 42]|
|Profiles||Each user has his own profile on the service||[28, 32, 39, 40, 42]|
|Quiz||Questions on a specific topic||[29, 32, 40, 42]|
|Rewards||The result for winning an opponent or effectively completing a task||[5, 12, 22, 29, 39, 40, 41, 42]|
|Roles||The character that a user wants to have||[28, 29]|
|Rules||The dos and don’ts that users have to follow||[28, 29, 31, 32, 39]|
|Scoring systems||Systems which record users’ score and status||[12, 28]|
|Team tournaments, group tasks and collaboration||Tasks where users have to collaborate||[28, 29, 31, 32, 39, 40, 42]|
|Time constraints||Actions that have to be completed during a specific time period||[12, 28, 29]|
The gamification method has been implemented in several sectors. Starting from the sector of education, many gamified services provide a more entertaining environment, which automatically gains users’ engagement. Therefore, users can be educated on different topics, without having in mind the literal sense of the education process. In some educational services, users can be either teachers or students, where teachers provide feedback and communicate with students. Communication can be also achieved among students, while having the opportunity to compete with each other . In this way, apart from the knowledge benefits, it is also important that users’ sociability can be expanded. In marketing domain [10, 12, 44], the aim of this method is to raise each company’s selling. By providing applications, where users collect points after buying a product with the deal to win a gift card or a product, the application can be further used. Gamification in this domain is a smart idea so as to engage users and sell more products. Additionally, in some cases, the interaction among users is enhanced, either through competition or collaboration, leading to users’ amiability.
The role of gamification in health domain is quite crucial [23, 45, 46, 47]. The aim of the most gamified healthcare services is to educate users and engage users on protecting their health. A variety of such services can be found either for children or for adults. Some of them provide the opportunity of interaction between doctors and consultants, where, as an example, doctors can monitor the patients’ progress on taking their medication . Most of them notify users every time they have to take their prescription . The gamified principle in such services can be the collection of points after responding to doctors’ advices and prescriptions, resulting, sometimes, in the win of gifts. Therefore, users can protect their health through a more entertaining process. Beyond the above sectors, gamified services have been developed for cultural [11, 25] or touristic purposes [10, 48] offering benefits, such as cultural education and tourism’s expansion, respectively. Furthermore, some studies tried to combine gamification with software engineering, indicating the state of the art on this field and the research gaps , while others elaborated research on gamification and education on software engineering in order to identify the discussed works .
To a lesser extent, studies which concern on gamification and security have been recorded [13, 14], aiming to highlight the important role of security in services. Apart from the importance of gamification in security, it is also crucial to educate users on privacy issues, since by using these services, users’ information is often disclosed. However, few research attempts have been identified, which combine gamification and privacy . A more detailed analysis regarding gamification and privacy has been provided by , who focused on the software aspect of gamified applications regarding users’ privacy. They identified that gamification is a method, whose principles may harm privacy requirements. Especially, in , a metamodel has been published, aiming to point out how privacy violation can be achieved by the core of gamification, in particular, the game elements. However, studies regarding the importance of users’ awareness on privacy issues, as in the security area, have not been recorded yet, which is a crucial research gap.
According to the literature [22, 26], gamifying a service is a useful process for many reasons, discussed above. Since it consists of a method that has been introduced in ICTs the last years, more research is needed to be conducted concerning its relationship with other sectors, such as privacy and security.
3. Examining privacy in gamified services
Although privacy is an aspect that should be considered during the design phase of each type of service, it has been identified that few researchers have been focused on its relation with gamification. According to the literature, privacy satisfaction is based on the analyzation and elicitation of privacy requirements on the systems . Many relevant engineering methodologies have been published which describe these requirements and explain how they can be analyzed within the systems [13, 17, 18, 50, 51, 52, 53, 54, 55, 56, 57, 58]. In , all requirements that were mentioned and used in  for the conduction of the results are described. These requirements are presented in Table 2 along with their aim. An in-depth combination between gamification and this aspect, focusing on the peculiarity of gamified services related to the privacy requirements is provided in . This relation has been examined, paying particular attention to the impact of gamification on privacy domain. Specifically, they recorded all game elements reported in the literature and identified which of them may harm users’ privacy. This identification was based on the concept and the scope of each game element. Based on their findings, specific elements are identified whose concept is harmful for privacy requirements. In Figure 1, the categorization among harmful and nonharmful game elements is presented. For instance, when using a service which records users’ personal information (HGE11), location (HGE6), and his/her interaction with other users (HGE2, HGE3, HGE4, and HGE10), then user’s privacy cannot be protected. On the other hand, the selection of points (nHGE8) in order to pass levels (nHGE7) or the rules (nHGE10) and time constraints (nHGE1) are not harmful game elements, as, for instance, user’s information or actions are not recorded due to the constraint of time.
|Anonymity||The identity cannot be compromised|
|Pseudonymity||The use of a pseudonymous to ensure identity’s anonymity|
|Unlinkability||The actions and identities cannot be linked|
|Udetectability||The existence of a component cannot be detected|
The actions between identities cannot be observed
Afterwards, a more detailed analysis has been published in , where authors presented their findings by designing a metamodel. In detail, after the first investigation of the relation between game elements and privacy requirements , authors selected some existent gamified services and recorded the used elements in order to examine their findings on real environments. According to the results , the game elements that have been implemented in these gamified services may harm users’ privacy by violating the privacy requirements. The findings are illustrated in a metamodel which presents how each element is in conflict with the privacy requirements . This conflict arises from the identified disadvantages of the game elements in . Expanding previous work and according to this way of examination, in Table 3, the relation between game elements and privacy requirements is presented. In particular, the game elements, presented in the metamodel have some advantages, which it is noted that at the same time are turned into disadvantages and consist the reason of their conflict with requirements. The disadvantages of the elements concern on the violation of (a) users’ anonymity and (b) pseudonymity, due to the record of personal characteristics, preferences, and information, (c) the unlinkability and (d) undetectability of actions and identities, as actions are recorded and monitored in parallel to the identities, and (d) the unobservability, since by recognizing the identity and the actions, a third party can monitor them. For instance, even if “avatars” is an element which provides an animated representation of the user, the technique which is implemented to achieve that is the one of the face recognitions. In case, users’ faces, that is, users’ characteristics, are recorded, their identity can be compromised, so their anonymity can be violated, as the actions can be linked to this identity.
|Game elements||Reason of violation||Violated privacy requirements|
|Avatar||Recognition and recording of user’s characteristics||R1, R2, R3, R4, R5|
|Challenge||Recognition of the opponent’s information and connection between identities||R1, R3|
|Communication with other players||Recognition of the user’s characteristics and interaction between identities||R1, R2, R3, R4, R5|
|Competition||Recognition of personal information and connection between identities||R1, R2, R3, R4, R5|
|Leaderboards||Recognition and recording of the opponent’s information||R1, R2, R3|
|Location||Recording of user’s location||R1, R2, R3, R4, R5|
|Notification||Recording user’s actions depending on his reaction||R1, R2, R3, R4, R5|
|Quiz||Recording of user’s awareness and information||R1, R2, R3|
|Roles||Recognition of the user’s preferences and behavioral characteristics||R1, R2, R3, R4, R5|
|Team tournaments, group tasks, collaboration||Recording and recognition of the user’s interaction and information||R1, R2, R3, R4, R5|
|Profiles||Recording of user’s personal information and connection with their actions and preferences||R1, R2, R3, R4, R5|
Based on the results published in [26, 27], gamification is a method which should be considered in parallel with privacy issues during the design of systems, since several game elements are harmful for privacy requirements. Despite the adequate number of published privacy engineering methodologies, it would be useful to combine the concept of them with the principles of gamification, so that privacy is protected in gamified services. Thus, a more comprehensive analysis regarding the recommended steps of these methodologies in relation to the game elements would be useful, in order to identify if and how they can be implemented on gamification processes. In addition, focusing on the privacy aspect, in , privacy patterns have been published which present how privacy requirements can be protected when developing a system. Such software patterns are important to be developed in relation to game elements in order for the software developers to implement them during the design of gamified systems. The design of privacy-friendly gamified systems is crucial, likewise the education of users on privacy issues. By this way, users will be able to use systems which protect their privacy, while in parallel, users’ will be aware of how they can protect their privacy on their own.
Although it is important to provide gamified services which respect users’ security and privacy, the crucial role of privacy and security awareness is undisputed. Especially, under the GDPR regulation, it is very important for users to know in which processes and why they give their permissions while using all ICTs. Information control is recognized as a key element in the perception and assumption of privacy risks . Since, during the last years, many users use several types of ICTs to support their habits, the need of their awareness in order to protect their safety and personal information is increased even more. In , authors have published processes for the development of security awareness and training programs (SAT programs). The aim of these programs is the comprehension of security rules and the acquisition of skills regarding security, so as users avoid security violations that harm both themselves and the systems. For the development of SAT programs, four phases are recommended in . The “Design phase” is the first step, where the budget, the target group, the needs of this group, and the program schedule have to be identified. The “Development phase” includes the determination of the concept and the issues that users should be aware of, for example, the protection of users’ passwords and threats related to users’ vulnerabilities. The third phase is the “Implementation phase”, where the SAT program has to be implemented. In this step, it is important to explain the program to users in order for its purpose to be understandable. The “Post-Implementation phase” aims to record the use of the program for possible needed improvements, vulnerabilities, and advantages of it. Through a system, the results of its use should be recorded, so as the administrators of the program are able to monitor it during its implementation. Questionnaires, interviews, and other methods of evaluation are recommended for future improvement of the program.
Likewise, for the security issues, it is also important for users to be aware on privacy issues, so as to protect their personal information and actions. In order for a user to achieve his/her own protection, he/she has to be aware of some issues, such as if other users know their information, by whom, how, why, and which of the information can be distributed . Users’ privacy protection is ethically, legally, technically, and socially very important, for the sake of addressing any social harmfulness, deriving from privacy violation. For instance, cyberbullying, related to the disclosure of personal information, is a social phenomenon observed mostly in young people and concerns on users’ harassment and unauthorized use of their personal information . In accordance to this example, several respective phenomena arise by violating privacy, and therefore, privacy awareness is a crucial aspect in order to address them.
According to the findings of [26, 27], described above, there are game elements which harm privacy requirements. Thus, between privacy and gamification, the conflict concerns only the harmful game elements, as presented in Figure 2. By designing educational gamified systems, which provably [7, 12] engage users, with their concept to be on privacy issues, users will be able to protect their selves. In this figure, the major entities of privacy and gamification are illustrated, where on privacy domain the analyzation of privacy requirements in systems is needed to protect users’ privacy, while in gamification, the design of gameful environments is crucial for the engagement of users. The relationship among entities is indicated and represented by directional bows that lead on the educational role of gamification in order for users to be aware of privacy issues. By adopting the harmful relation of these two entities [26, 27], which concerns on the harmful elements for privacy requirements, users can be trained on this, so that they will be educated (a) on the importance of protecting the privacy requirements, (b) on recognizing the harmful game elements, (c) on how to protect their privacy while using these elements, and (d) on the consequences of their privacy violation if these elements carry on harming privacy requirements. The result of this process concerns the existence of awareness of users on privacy issues. Such educational programs, aiming to enhance users’ privacy awareness level, are therefore significant in achieving a balance between users’ need for the protection of their personal information during using gamified services and their need for using game elements within them that are harmful for their privacy.
Thus, in order to spread awareness to users through more entertaining processes, gamification can be considered, while developing privacy awareness services as well. Some examples have been recorded regarding security awareness [64, 65], but gamified attempts are also needed as far as privacy awareness concerns. The contribution of gamification in these services concerns on the engagement of users on using them, resulting on the effective education of users.
The implementation of game elements in ICTs is undeniably an effective way to engage users on using them. Several domains utilize gamification for the achievement of their purposes and many users prefer them for their tasks. While using them, personal information and actions are recorded, and therefore, privacy is an aspect that should be considered during developing them. Several respective methods which analyze security and privacy requirements have been recorded, but few attempts which combines them with gamification have been published. In this work, the relation between privacy and gamification is discussed, where it was highlighted that privacy may be violated by gamification. However, it is equally important for users to have awareness on privacy and security, so as to be able to protect themselves. Related programs which educate users on these two aspects are needed. Their combination with gamification is important in order for the users to be trained through a more interesting way. Some attempts have been recorded. In this work, it was identified that privacy awareness can be achieved by designing gamified systems which educate users on how to protect their privacy by the harmful game elements and on the consequences of privacy requirement violation. Thus, while using gamified systems, users will be able to know as on which game elements should pay attention in order to protect their privacy as how to be protected by their harmful consequences. In future work, software patterns for designing security- and privacy-friendly software will be recommended. As far as of the users’ concern, privacy and security awareness will be studied in relation to gamification. In our purposes, the relation between gamification, security, and privacy is important to be examined as from the side of software developers as from the side of users.
The research work was supported by the Hellenic Foundation for Research and Innovation (HFRI) under the HFRI PhD Fellowship grant (Fellowship Number: 671).
Conflict of interest
The authors declare no conflict of interest.