Open access peer-reviewed chapter

The Role of Gamification in Privacy Protection and User Engagement

Written By

Aikaterini-Georgia Mavroeidi, Angeliki Kitsiou and Christos Kalloniatis

Submitted: 19 December 2019 Reviewed: 13 January 2020 Published: 12 February 2020

DOI: 10.5772/intechopen.91159

From the Edited Volume

Security and Privacy From a Legal, Ethical, and Technical Perspective

Edited by Christos Kalloniatis and Carlos Travieso-Gonzalez

Chapter metrics overview

825 Chapter Downloads

View Full Metrics


The interaction between users and several technologies has rapidly increased. In people’s daily habits, the use of several applications for different reasons has been introduced. The provision of attractive services is an important aspect that it should be considered during their design. The implementation of gamification supports this, while game elements create a more entertaining and appealing environment. At the same time, due to the collection and record of users’ information within them, security and privacy are needed to be considered as well, in order for these technologies to ensure a minimum level of security and protection of users’ information. Users, on the other hand, should be aware of their security and privacy, so as to recognize how they can be protected, while using gamified services. In this work, the relation between privacy and gamified applications, regarding both the software developers and the users, is discussed, leading to the necessity not only of designing privacy-friendly systems but also of educating users through gamification on privacy issues.


  • privacy
  • security
  • privacy requirements
  • privacy awareness
  • game elements
  • gamification

1. Introduction

Due to the digitalization of information, the use of several technologies has been introduced in people’s habits, which, consequently, signifies the prevalence of applications utilization, pertaining to many sectors [1]. The Information and Communication Technologies (ICTs) may have different scopes and concepts based on the preferences and the aim of their developers. A variety of such technologies [2, 3] have been provided, aiming at educating users on specific topics, for example, by educational platforms for students and teachers, at endorsing products for marketing purposes, or other reasons, depending on the concept of each application.

Specific techniques or methods have been developed in order to improve the provision of their concept, such as a more appealing and interactive environment [4]. By achieving to gain this benefit, a service will be more interesting, and its use will be increased. Consequently, the aim of its developer will be satisfied, as for instance in marketing domain, this will support the company’s profits. An example of such methods is gamification [4], the use of game elements in applications that are not games. Many game elements have been recorded in the literature and have been implemented in gamified services [5, 6, 7, 8, 9, 10, 11] in order to support several domains [7, 8, 12, 13, 14, 15, 16]. The benefits, provided by the implementation of the game elements, differ based on the concept of each service. The singularity of this method concerns on the increased engagement of users with gamified environments [4].

According to the above, it is clear that these technologies consist of a basic activity for users, and some of them may be helpful for their lives, for example, educational platforms. However, there are some issues that arise, namely security and privacy issues. While using all these ICTs, users’ information is stored, and their activities are recorded [17, 18, 19]. As a consequence, users’ personal information may be harmed. Thus, it is crucial to consider the protection of users’ security and privacy while designing services. Regarding the relation between gamification and these two important aspects, some studies have been published [13, 14, 20, 21], in which the harmful side of gamification, focusing on users’ security and privacy, is presented. Besides the importance of designing privacy-friendly and secure gamified services, it is also crucial for a user to be able to protect his/her own security and privacy. If a user becomes aware of this, then, several ethical and social issues will be addressed. So, on the one hand, it is important for developers to design security and privacy-friendly gamified services and on the other hand, users should be security- and privacy-aware. Adding to this point, in this work, the importance of users’ privacy awareness on protecting their privacy through gamification is discussed, and some preliminary results are presented.

The rest of the chapter is organized as follows. In Section 2, gamification is described, providing its benefits and implementation on several sectors. In Section 3, the relation between gamification and privacy is presented. Additionally, the importance of security and privacy awareness regarding gamification is highlighted and the contribution of gamification on educating users on privacy is discussed. Finally, Section 4 concludes the work, providing steps for future work.


2. Gamification in ICTs

Around 2010, the method of gamification has been introduced in ICTs, aiming to engage users on using technologies and to increase their interest [22]. By implementing this method and especially by introducing game elements, the main principle of gamification, namely a more gameful interaction environment, can be developed [23]. The definition, which is highly cited in previous research, was published in 2011 by [4], who defined gamification as the use of game elements in nongame contexts. Many game elements have been presented in the literature and their choice depends on the developers’ scope, the concept, and the structure of the gamified service. Each study mentions and describes an amount of game elements [24, 25, 26]. In [27], all mentioned game elements have been presented by conducting a review that recorded all game elements and introduced them in the relevant literature. In Table 1, the amount of game elements is presented along with the explanation of their concept. Additionally, some examples of gamified applications in several sectors are given out with the respective elements that have been assigned to them. In this work [27], the connection among elements can be identified. For instance, in order for a user to win badges, levels have to be passed or points have to be collected [39]. So, with the intention of an application to be gamified, it is usual to include many game elements.

Game elements Explanation Examples of studies or gamified services
Alternative activities Many provided choices and tasks to users [28, 29]
Achievements The accomplishment of a task [29, 30, 31]
Avatars Users’ representation through animated processes [31, 32]
Badges After winning or accomplishing a task, badges are given [12, 22, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38]
Challenges The ability of a user to challenge a friend in order to compete [5, 12, 22, 28, 31, 33, 39, 40, 41]
Communication with other players Users’ communication through respective platforms [12, 28, 30, 32]
Competition Users’ competition on some steps [12, 29, 31, 32, 34, 39, 42]
Content unlocking Steps that have to be passed in order to unlock the next phase [31]
Feedback and progressive information Provided information to help users for their status and recommendations [22, 28, 30, 31, 32, 33, 39, 42]
Leaderboards Users’ status on the service regarding their points or level [12, 22, 28, 29, 31, 33, 34, 35, 39, 42, 43]
Levels Phases that have to be passed [12, 22, 28, 29, 30, 31, 32, 35, 39, 42]
Location The connection with users’ location [28, 32]
Notification Users are notified to accomplish actions [28, 32, 39, 40]
Points The result of finishing a task can be illustrated by the collection of points [5, 22, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39, 40, 41, 42]
Profiles Each user has his own profile on the service [28, 32, 39, 40, 42]
Quiz Questions on a specific topic [29, 32, 40, 42]
Rewards The result for winning an opponent or effectively completing a task [5, 12, 22, 29, 39, 40, 41, 42]
Roles The character that a user wants to have [28, 29]
Rules The dos and don’ts that users have to follow [28, 29, 31, 32, 39]
Scoring systems Systems which record users’ score and status [12, 28]
Team tournaments, group tasks and collaboration Tasks where users have to collaborate [28, 29, 31, 32, 39, 40, 42]
Time constraints Actions that have to be completed during a specific time period [12, 28, 29]

Table 1.

The recorded game elements.

The gamification method has been implemented in several sectors. Starting from the sector of education, many gamified services provide a more entertaining environment, which automatically gains users’ engagement. Therefore, users can be educated on different topics, without having in mind the literal sense of the education process. In some educational services, users can be either teachers or students, where teachers provide feedback and communicate with students. Communication can be also achieved among students, while having the opportunity to compete with each other [42]. In this way, apart from the knowledge benefits, it is also important that users’ sociability can be expanded. In marketing domain [10, 12, 44], the aim of this method is to raise each company’s selling. By providing applications, where users collect points after buying a product with the deal to win a gift card or a product, the application can be further used. Gamification in this domain is a smart idea so as to engage users and sell more products. Additionally, in some cases, the interaction among users is enhanced, either through competition or collaboration, leading to users’ amiability.

The role of gamification in health domain is quite crucial [23, 45, 46, 47]. The aim of the most gamified healthcare services is to educate users and engage users on protecting their health. A variety of such services can be found either for children or for adults. Some of them provide the opportunity of interaction between doctors and consultants, where, as an example, doctors can monitor the patients’ progress on taking their medication [40]. Most of them notify users every time they have to take their prescription [40]. The gamified principle in such services can be the collection of points after responding to doctors’ advices and prescriptions, resulting, sometimes, in the win of gifts. Therefore, users can protect their health through a more entertaining process. Beyond the above sectors, gamified services have been developed for cultural [11, 25] or touristic purposes [10, 48] offering benefits, such as cultural education and tourism’s expansion, respectively. Furthermore, some studies tried to combine gamification with software engineering, indicating the state of the art on this field and the research gaps [49], while others elaborated research on gamification and education on software engineering in order to identify the discussed works [8].

To a lesser extent, studies which concern on gamification and security have been recorded [13, 14], aiming to highlight the important role of security in services. Apart from the importance of gamification in security, it is also crucial to educate users on privacy issues, since by using these services, users’ information is often disclosed. However, few research attempts have been identified, which combine gamification and privacy [19]. A more detailed analysis regarding gamification and privacy has been provided by [17], who focused on the software aspect of gamified applications regarding users’ privacy. They identified that gamification is a method, whose principles may harm privacy requirements. Especially, in [26], a metamodel has been published, aiming to point out how privacy violation can be achieved by the core of gamification, in particular, the game elements. However, studies regarding the importance of users’ awareness on privacy issues, as in the security area, have not been recorded yet, which is a crucial research gap.

According to the literature [22, 26], gamifying a service is a useful process for many reasons, discussed above. Since it consists of a method that has been introduced in ICTs the last years, more research is needed to be conducted concerning its relationship with other sectors, such as privacy and security.


3. Examining privacy in gamified services

Although privacy is an aspect that should be considered during the design phase of each type of service, it has been identified that few researchers have been focused on its relation with gamification. According to the literature, privacy satisfaction is based on the analyzation and elicitation of privacy requirements on the systems [50]. Many relevant engineering methodologies have been published which describe these requirements and explain how they can be analyzed within the systems [13, 17, 18, 50, 51, 52, 53, 54, 55, 56, 57, 58]. In [58], all requirements that were mentioned and used in [27] for the conduction of the results are described. These requirements are presented in Table 2 along with their aim. An in-depth combination between gamification and this aspect, focusing on the peculiarity of gamified services related to the privacy requirements is provided in [27]. This relation has been examined, paying particular attention to the impact of gamification on privacy domain. Specifically, they recorded all game elements reported in the literature and identified which of them may harm users’ privacy. This identification was based on the concept and the scope of each game element. Based on their findings, specific elements are identified whose concept is harmful for privacy requirements. In Figure 1, the categorization among harmful and nonharmful game elements is presented. For instance, when using a service which records users’ personal information (HGE11), location (HGE6), and his/her interaction with other users (HGE2, HGE3, HGE4, and HGE10), then user’s privacy cannot be protected. On the other hand, the selection of points (nHGE8) in order to pass levels (nHGE7) or the rules (nHGE10) and time constraints (nHGE1) are not harmful game elements, as, for instance, user’s information or actions are not recorded due to the constraint of time.

Privacy requirements Aim
Anonymity The identity cannot be compromised
Pseudonymity The use of a pseudonymous to ensure identity’s anonymity
Unlinkability The actions and identities cannot be linked
Udetectability The existence of a component cannot be detected
Unobservability The actions
The actions between identities cannot be observed

Table 2.

Privacy requirements.

Figure 1.

Harmful and nonharmful game elements for privacy. HGE, harmful game element; nHGE, non-harmful game element.

Afterwards, a more detailed analysis has been published in [26], where authors presented their findings by designing a metamodel. In detail, after the first investigation of the relation between game elements and privacy requirements [27], authors selected some existent gamified services and recorded the used elements in order to examine their findings on real environments. According to the results [27], the game elements that have been implemented in these gamified services may harm users’ privacy by violating the privacy requirements. The findings are illustrated in a metamodel which presents how each element is in conflict with the privacy requirements [26]. This conflict arises from the identified disadvantages of the game elements in [27]. Expanding previous work and according to this way of examination, in Table 3, the relation between game elements and privacy requirements is presented. In particular, the game elements, presented in the metamodel have some advantages, which it is noted that at the same time are turned into disadvantages and consist the reason of their conflict with requirements. The disadvantages of the elements concern on the violation of (a) users’ anonymity and (b) pseudonymity, due to the record of personal characteristics, preferences, and information, (c) the unlinkability and (d) undetectability of actions and identities, as actions are recorded and monitored in parallel to the identities, and (d) the unobservability, since by recognizing the identity and the actions, a third party can monitor them. For instance, even if “avatars” is an element which provides an animated representation of the user, the technique which is implemented to achieve that is the one of the face recognitions. In case, users’ faces, that is, users’ characteristics, are recorded, their identity can be compromised, so their anonymity can be violated, as the actions can be linked to this identity.

Game elements Reason of violation Violated privacy requirements
Avatar Recognition and recording of user’s characteristics R1, R2, R3, R4, R5
Challenge Recognition of the opponent’s information and connection between identities R1, R3
Communication with other players Recognition of the user’s characteristics and interaction between identities R1, R2, R3, R4, R5
Competition Recognition of personal information and connection between identities R1, R2, R3, R4, R5
Leaderboards Recognition and recording of the opponent’s information R1, R2, R3
Location Recording of user’s location R1, R2, R3, R4, R5
Notification Recording user’s actions depending on his reaction R1, R2, R3, R4, R5
Quiz Recording of user’s awareness and information R1, R2, R3
Roles Recognition of the user’s preferences and behavioral characteristics R1, R2, R3, R4, R5
Team tournaments, group tasks, collaboration Recording and recognition of the user’s interaction and information R1, R2, R3, R4, R5
Profiles Recording of user’s personal information and connection with their actions and preferences R1, R2, R3, R4, R5

Table 3.

The relation of game elements and privacy requirements.

R1, anonymity; R2, pseudonymity; R3, unlinkability; R4, undetectability; R5, unobservability.

Based on the results published in [26, 27], gamification is a method which should be considered in parallel with privacy issues during the design of systems, since several game elements are harmful for privacy requirements. Despite the adequate number of published privacy engineering methodologies, it would be useful to combine the concept of them with the principles of gamification, so that privacy is protected in gamified services. Thus, a more comprehensive analysis regarding the recommended steps of these methodologies in relation to the game elements would be useful, in order to identify if and how they can be implemented on gamification processes. In addition, focusing on the privacy aspect, in [59], privacy patterns have been published which present how privacy requirements can be protected when developing a system. Such software patterns are important to be developed in relation to game elements in order for the software developers to implement them during the design of gamified systems. The design of privacy-friendly gamified systems is crucial, likewise the education of users on privacy issues. By this way, users will be able to use systems which protect their privacy, while in parallel, users’ will be aware of how they can protect their privacy on their own.

Although it is important to provide gamified services which respect users’ security and privacy, the crucial role of privacy and security awareness is undisputed. Especially, under the GDPR regulation, it is very important for users to know in which processes and why they give their permissions while using all ICTs. Information control is recognized as a key element in the perception and assumption of privacy risks [60]. Since, during the last years, many users use several types of ICTs to support their habits, the need of their awareness in order to protect their safety and personal information is increased even more. In [61], authors have published processes for the development of security awareness and training programs (SAT programs). The aim of these programs is the comprehension of security rules and the acquisition of skills regarding security, so as users avoid security violations that harm both themselves and the systems. For the development of SAT programs, four phases are recommended in [61]. The “Design phase” is the first step, where the budget, the target group, the needs of this group, and the program schedule have to be identified. The “Development phase” includes the determination of the concept and the issues that users should be aware of, for example, the protection of users’ passwords and threats related to users’ vulnerabilities. The third phase is the “Implementation phase”, where the SAT program has to be implemented. In this step, it is important to explain the program to users in order for its purpose to be understandable. The “Post-Implementation phase” aims to record the use of the program for possible needed improvements, vulnerabilities, and advantages of it. Through a system, the results of its use should be recorded, so as the administrators of the program are able to monitor it during its implementation. Questionnaires, interviews, and other methods of evaluation are recommended for future improvement of the program.

Likewise, for the security issues, it is also important for users to be aware on privacy issues, so as to protect their personal information and actions. In order for a user to achieve his/her own protection, he/she has to be aware of some issues, such as if other users know their information, by whom, how, why, and which of the information can be distributed [62]. Users’ privacy protection is ethically, legally, technically, and socially very important, for the sake of addressing any social harmfulness, deriving from privacy violation. For instance, cyberbullying, related to the disclosure of personal information, is a social phenomenon observed mostly in young people and concerns on users’ harassment and unauthorized use of their personal information [63]. In accordance to this example, several respective phenomena arise by violating privacy, and therefore, privacy awareness is a crucial aspect in order to address them.

According to the findings of [26, 27], described above, there are game elements which harm privacy requirements. Thus, between privacy and gamification, the conflict concerns only the harmful game elements, as presented in Figure 2. By designing educational gamified systems, which provably [7, 12] engage users, with their concept to be on privacy issues, users will be able to protect their selves. In this figure, the major entities of privacy and gamification are illustrated, where on privacy domain the analyzation of privacy requirements in systems is needed to protect users’ privacy, while in gamification, the design of gameful environments is crucial for the engagement of users. The relationship among entities is indicated and represented by directional bows that lead on the educational role of gamification in order for users to be aware of privacy issues. By adopting the harmful relation of these two entities [26, 27], which concerns on the harmful elements for privacy requirements, users can be trained on this, so that they will be educated (a) on the importance of protecting the privacy requirements, (b) on recognizing the harmful game elements, (c) on how to protect their privacy while using these elements, and (d) on the consequences of their privacy violation if these elements carry on harming privacy requirements. The result of this process concerns the existence of awareness of users on privacy issues. Such educational programs, aiming to enhance users’ privacy awareness level, are therefore significant in achieving a balance between users’ need for the protection of their personal information during using gamified services and their need for using game elements within them that are harmful for their privacy.

Figure 2.

Privacy protection by harmful game elements.

Thus, in order to spread awareness to users through more entertaining processes, gamification can be considered, while developing privacy awareness services as well. Some examples have been recorded regarding security awareness [64, 65], but gamified attempts are also needed as far as privacy awareness concerns. The contribution of gamification in these services concerns on the engagement of users on using them, resulting on the effective education of users.


4. Conclusion

The implementation of game elements in ICTs is undeniably an effective way to engage users on using them. Several domains utilize gamification for the achievement of their purposes and many users prefer them for their tasks. While using them, personal information and actions are recorded, and therefore, privacy is an aspect that should be considered during developing them. Several respective methods which analyze security and privacy requirements have been recorded, but few attempts which combines them with gamification have been published. In this work, the relation between privacy and gamification is discussed, where it was highlighted that privacy may be violated by gamification. However, it is equally important for users to have awareness on privacy and security, so as to be able to protect themselves. Related programs which educate users on these two aspects are needed. Their combination with gamification is important in order for the users to be trained through a more interesting way. Some attempts have been recorded. In this work, it was identified that privacy awareness can be achieved by designing gamified systems which educate users on how to protect their privacy by the harmful game elements and on the consequences of privacy requirement violation. Thus, while using gamified systems, users will be able to know as on which game elements should pay attention in order to protect their privacy as how to be protected by their harmful consequences. In future work, software patterns for designing security- and privacy-friendly software will be recommended. As far as of the users’ concern, privacy and security awareness will be studied in relation to gamification. In our purposes, the relation between gamification, security, and privacy is important to be examined as from the side of software developers as from the side of users.



The research work was supported by the Hellenic Foundation for Research and Innovation (HFRI) under the HFRI PhD Fellowship grant (Fellowship Number: 671).


Conflict of interest

The authors declare no conflict of interest.


  1. 1. Conole G, Dyke M. What are the affordances of information and communication technologies? Research in Learning Technology. 2004;12(2):113-124
  2. 2. Seth A, Vance JM, Oliver JH. Virtual reality for assembly methods prototyping: A review. Virtual Reality. 2011;15(1):5-20
  3. 3. Azum AR. A survey of augmented reality. Presence. 1997;6(4):355-385
  4. 4. Deterding S, Dixon D, Khaled R, Nacke L. From game design elements to gamefulness: Defining ‘gamification’. 2011. pp. 9-15
  5. 5. Ahtinen A et al. Mobile mental wellness training for stress management: Feasibility and design implications based on a one-month field study. JMIR mHealth and uHealth. 2013;1(2):e11
  6. 6. Cafazzo JA, Casselman M, Hamming N, Katzman DK, Palmert MR. Design of an mHealth app for the self-management of adolescent type 1 diabetes: A pilot study. Journal of Medical Internet Research. 2012;14(3):e70
  7. 7. Huotari K, Hamari J. Defining gamification: A service marketing perspective. In: Proceeding of the 16th International Academic MindTrek Conference on—MindTrek ‘12; Tampere, Finland; 2012. pp. 17-22
  8. 8. Alhammad MM, Moreno AM. Gamification in software engineering education: A systematic mapping. Journal of Systems and Software. 2018;141:131-150
  9. 9. Dubois DJ, Tamburrelli G. Understanding gamification mechanisms for software development. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering—ESEC/FSE 2013; Saint Petersburg, Russia; 2013. pp. 659-662
  10. 10. Sever NS, Sever GN, Kuhzady S. The evaluation of potentials of gamification in tourism marketing communication. International Journal of Academic Research in Business and Social Sciences. 2015;5(10):188-202
  11. 11. Almaliki M, Jiang N, Ali R, Dalpiaz F. Gamified culture-aware feedback acquisition. In: 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing; London, United Kingdom; 2014. pp. 624-625
  12. 12. Lucassen G, Jansen S. Gamification in consumer marketing—Future or fallacy? Procedia - Social and Behavioral Sciences. 2014;148:194-202
  13. 13. Yonemura K et al. Effect of security education using KIPS and gamification theory at KOSEN. In: 2018 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE); Penang; 2018. pp. 255-258
  14. 14. Yonemura K, Yajima K, Komura R, Sato J, Takeichi Y. Practical security education on operational technology using gamification method. In: 2017 7th IEEE International Conference on Control System, Computing and Engineering (ICCSCE); Penang; 2017. pp. 284-288
  15. 15. Helf C, Zwickl P, Hlavacs H, Reichl P. mHealth stakeholder integration: A gamification-based framework-approach towards behavioural change. In: Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia—MoMM 2015; Brussels, Belgium; 2015. pp. 268-274
  16. 16. Nevin CR et al. Gamification as a tool for enhancing graduate medical education. Postgraduate Medical Journal. 2014;90(1070):685-693
  17. 17. He Q , Ant AI. A Framework for Modeling Privacy Requirements in Role Engineering. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ’03); 2003
  18. 18. Miyazaki S, Mead N, Zhan J. Computer-aided privacy requirements elicitation technique. In: 2008 IEEE Asia-Pacific Services Computing Conference; Yilan, Taiwan; 2008. pp. 367-372
  19. 19. Rottondi C, Verticale G. Enabling privacy in a gaming framework for smart electricity and water grids. In: 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater); Vienna, Austria; 2016. pp. 25-30
  20. 20. Shahri A, Hosseini M, Phalp K, Taylor J, Ali R. Towards a code of ethics for gamification at enterprise. In: Frank U, Loucopoulos P, Pastor Ó, Petrounias I, editors. The Practice of Enterprise Modeling. Vol. 197. Berlin, Heidelberg: Springer; 2014. pp. 235-245
  21. 21. Herzig P, Ameling M, Schill A. A generic platform for enterprise gamification. In: 2012 Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture; Helsinki, Finland; 2012. pp. 219-223
  22. 22. Hamari J, Koivisto J, Sarsa H. Does gamification work?—A literature review of empirical studies on gamification. In: 2014 47th Hawaii International Conference on System Sciences; Waikoloa, HI; 2014. pp. 3025-3034
  23. 23. Edwards EA et al. Gamification for health promotion: Systematic review of behaviour change techniques in smartphone apps. BMJ Open. 2016;6(10):e012447
  24. 24. Feldbusch L, Winterer F, Gramsch J, Feiten L, Becker B. SMILE goes gaming: Gamification in a classroom response system for academic teaching. In: Proceedings of the 11th International Conference on Computer Supported Education; Heraklion, Crete, Greece; 2019. pp. 268-277
  25. 25. Mavroeidi A-G, Kitsiou A, Kalloniatis C, Gritzalis S. The role of gamification in cultural informatics. In: 2018 Cultural Informatics, Communication and Media Studies (CICMS) Conference; Kusadasi, Turkey. 2018. pp. 43-55
  26. 26. Mavroeidi A-G, Kitsiou A, Kalloniatis C. The interrelation of game elements and privacy requirements for the design of a system: A metamodel. In: Gritzalis S, Weippl ER, Katsikas SK, Anderst-Kotsis G, Tjoa AM, Khalil I, editors. Trust, Privacy and Security in Digital Business. Vol. 11711. Cham: Springer International Publishing; 2019. pp. 110-125
  27. 27. Mavroeidi A-G, Kitsiou A, Kalloniatis C, Gritzalis S. Gamification vs. privacy: Identifying and analysing the major concerns. Future Internet. 2019;11(3):67-83
  28. 28. Seaborn K, Fels DI. Gamification in theory and action: A survey. International Journal of Human-Computer Studies. 2015;74:14-31
  29. 29. Morford ZH, Witts BN, Killingsworth KJ, Alavosius MP. Gamification: The intersection between behavior analysis and game design technologies. Behavior Analyst. 2014;37(1):25-40
  30. 30. Gåsland MM. Game mechanic based E-learning—A case study [MSc. dissertation]. Norway: Norwegian University of Science and Technology; 2011
  31. 31. Werbach K, Hunter D. For the Win: How Game Thinking Can Revolutionize your Business. Philadelphia: Wharton Digital Press; 2012
  32. 32. Merino de Paz B. Gamification: A tool to improve sustainability efforts [Ph.D. dissertation]. England: University of Manchester; 2013
  33. 33. Morschheuser B, Hamari J, Werder K, Abe J. How to gamify? A method for designing gamification. In: Presented at the Hawaii International Conference on System Sciences; 2017. pp. 1298-1307
  34. 34. Chen Y, Pu P. HealthyTogether: Exploring social incentives for mobile fitness applications. In: Proceedings of the Second International Symposium of Chinese CHI on—Chinese CHI ‘14; Toronto, Ontario, Canada; 2014. pp. 25-34
  35. 35. Cheong C, Cheong F, Filippou J. Quick quiz: A gamified approach for enhancing learning. In: 2013 Pacific Asia Conference on Information Systems; Jeju Island, Korea; 2013. pp. 1-14
  36. 36. Cramer H, Rost M, Holmquist LE. Performing a check-in: Emerging practices, norms and ‘conflicts’ in location-sharing using foursquare. In: Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services—MobileHCI ‘11; Stockholm, Sweden; 2011. pp. 57-66
  37. 37. McDaniel R, Lindgren R, Friskics J. Using badges for shaping interactions in online learning environments. In: 2012 IEEE International Professional Communication Conference; Orlando, FL, USA; 2012. pp. 1-4
  38. 38. Denny P. The effect of virtual achievements on student engagement. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems—CHI ‘13; Paris, France; 2013. pp. 763-772
  39. 39. Yu-kai Chou: Gamification & Behavioral Design. Available from: [Accessed: 10 December 2019]
  40. 40. Yu-kai Chou: Gamification & Behavioral Design. Available from: [Accessed: 10 December 2010]
  41. 41. Bista SK, Nepal S, Paris C. Engagement and cooperation in social networks: Do benefits and rewards help? In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications; Liverpool, United Kingdom; 2012. pp. 1405-1410
  42. 42. Yu-kai Chou: Gamification & Behavioral Design. Available from: [Accessed: 10 December 2019]
  43. 43. Amo LC, Liao R, Rao HR, Walker G. Effects of leaderboards in games on consumer engagement. In: Proceedings of the 2018 ACM SIGMIS Conference on Computers and People Research—SIGMIS-CPR’18; Buffalo-Niagara Falls, NY, USA; 2018. pp. 58-59
  44. 44. Huotari K, Hamari J. ‘Gamification’ from the perspective of service marketing. In: ACM Conference on Human Factors in Computing Systems; Vancouver, Canada; 2011
  45. 45. Schmidt-Kraepelin M, Schöbel S, Thiebes S, Sunyaev A. Users’ game design element preferences in health behavior change support systems for physical activity: A best-worst-scaling approach. In: 2019 Fortieth International Conference on Information Systems; Munich, Germany. 2019. pp. 1-17
  46. 46. King D, Greaves F, Exeter C, Darzi A. ‘Gamification’: Influencing health behaviours with games. Journal of the Royal Society of Medicine. 2013;106(3):76-78
  47. 47. Johnson D, Deterding S, Kuhn K-A, Staneva A, Stoyanov S, Hides L. Gamification for health and wellbeing: A systematic review of the literature. Internet Interventions. 2016;6:89-106
  48. 48. Xu F, Weber J, Buhalis D. Gamification in tourism. In: Xiang Z, Tussyadiah I, editors. Information and Communication Technologies in Tourism 2014. Cham: Springer International Publishing; 2013. pp. 525-537
  49. 49. Pedreira O, García F, Brisaboa N, Piattini M. Gamification in software engineering—A systematic mapping. Information and Software Technology. 2015;57:157-168
  50. 50. Pattakou A, Mavroeidi A-G, Diamantopoulou V, Kalloniatis C, Gritzalis S. Towards the design of usable privacy by design methodologies. In: 2018 IEEE 5th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE); Banff, AB; 2018. pp. 1-8
  51. 51. Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W. A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering. 2011;16(1):3-32
  52. 52. Mouratidis H, Shei S, Delaney A. A security requirements modelling language for cloud computing environments. Software and Systems Modeling. 2019;287:337-345
  53. 53. Kalloniatis C, Belsis P, Gritzalis S. A soft computing approach for privacy requirements engineering: The PriS framework. Applied Soft Computing. 2011;11(7):4341-4348
  54. 54. Islam S, Mouratidis H, Kalloniatis C, Hudic A, Zechner L. Model based process to support security and privacy requirements engineering. International Journal of Secure Software Engineering. 2012;3(3):1-22
  55. 55. Liu L, Yu E, Mylopoulos J. Security and privacy requirements analysis within a social setting. In: Journal of Lightwave Technology; Monterey Bay, CA, USA; 2003. pp. 151-161
  56. 56. Pattakou A, Kalloniatis C, Gritzalis S. Security and privacy requirements engineering methods for traditional and cloud-based systems: A review in 2017 cloud computing. In: GRIDs, and Virtualization Conference; 2017. pp. 145-151
  57. 57. Jensen C, Tullio J, Potts C, Mynatt ED. STRAP: A Structured Analysis Framework for Privacy. Georgia Institute of Technology; 2005
  58. 58. Kalloniatis C, Kavakli E, Kontellis E. Pris tool: A case tool for privacy-oriented requirements engineering. In: Doukidis G, et al., editors. Mediterranean Conference on Information Systems; Athens, Greece; 2009
  59. 59. Argyropoulos N, Kalloniatis C, Mouratidis H, Fish A. Incorporating privacy patterns into semi-automatic business process derivation. In: 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS); Grenoble, France; 2016. pp. 1-12
  60. 60. Messner KT. Active-learning simulation-based approach to digital privacy awareness and security in social-media [MSc. dissertation]. 2019
  61. 61. Wilson M, Hash J. Building an information technology security awareness and training program. In: National Institute of Standards and Technology; Gaithersburg, MD; NIST SP 800-50; 2003
  62. 62. Omoronyia I, Cavallaro L, Salehie M, Pasquale L, Nuseibeh B. Engineering adaptive privacy: On the role of privacy awareness requirements. In: 2013 35th International Conference on Software Engineering (ICSE); San Francisco, CA, USA; 2013. pp. 632-641
  63. 63. Bryce J, Klang M. Young people, disclosure of personal information and online privacy: Control, choice and consequences. Information Security Technical Report. 2009;14(3):160-166
  64. 64. Gjertsen EGB. Use of gamification in security awareness and training programs [MSc. dissertation]. 2016
  65. 65. Sheng S et al. Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of the 3rd Symposium on Usable Privacy and Security—SOUPS ‘07; Pittsburgh, Pennsylvania; 2007. pp. 88-99

Written By

Aikaterini-Georgia Mavroeidi, Angeliki Kitsiou and Christos Kalloniatis

Submitted: 19 December 2019 Reviewed: 13 January 2020 Published: 12 February 2020