Open access peer-reviewed chapter

Gamification: A Necessary Element for Designing Privacy Training Programs

Written By

Aikaterini-Georgia Mavroeidi, Angeliki Kitsiou and Christos Kalloniatis

Submitted: September 15th, 2020 Reviewed: March 25th, 2021 Published: April 26th, 2021

DOI: 10.5772/intechopen.97420

Chapter metrics overview

351 Chapter Downloads

View Full Metrics


The benefits, deriving from utilizing new Information and Communication Technologies (ICTs), such as Internet of Things or cloud computing, raise at the same time several privacy risks and concerns for users. Despite the fact that users’ inability to protect their privacy has been recognized, hence users do not get involved in processes for enhancing their awareness on such issues. However, in order to protect their fundamental right of privacy and to manage it in a practical way when using ICT, privacy literacy is crucial. Users should be trained on privacy issues through appropriate educational programs. Specifically, the development of instructional simulation programs could be of great importance. Relevant methodologies for the development of such services have been recorded in previous literature. Since the concept of training is advanced by creating attractive interaction environments, the educational privacy process could be also more efficient. Towards this, the implementation of game elements serves that purpose, contributing to the design of gameful educational programs. However, despite its benefits, gamification has been noticed to be used more as a tool rather than a concept which could be included in instructional methods. Thus, in this work, gamification features are explained to highlight their importance along with the recorded in the literature educational methods and privacy awareness issues.


  • gamification
  • game elements
  • privacy
  • training program
  • instructional simulation
  • educational simulation
  • method
  • framework
  • model

1. Introduction

The established utilization of technologies in various activities, such as the use of cloud systems [1] is an accepted fact [2]. However, several challenges arise concerning privacy protection due to the storage of users’ information. Personal information is crucial to be protected while using any type of technology. Thus, privacy should be taken into consideration at the early stages of designing a system. A sequence of methods and steps have been recorded in previous literature and by following them, privacy concepts can be analyzed in systems [3, 4, 5] in order for users’ privacy to be protected. This analyzation includes the incorporation of privacy requirements in systems [3, 6]. Especially, according to the General Data Protection Regulation – GDPR [7], users’ personal data should be protected while using systems. Except this, individuals have the right to be informed about each process concerns their data. Further to this, each type of organization has to follow specific rules referred in regulations, to ensure that data is protected and to define a person who will be the Data Protection Officer (DPO). Additionally, six principles related to processing of personal data should be considered by each organization [8].

Equally crucial is for the audience to be aware on such issues in order for the privacy protection processes to be accomplished more effectively. For instance, employees should be educated on the rights that they have regarding their data, so as to be able to protect themselves. However, the complexity of such issues signifies that specific educational processes are needed, aiming at training individuals on privacy subjects. This combination could be achieved by introducing several privacy topics in educational methods, in order for a privacy awareness program to be developed. Except this, to maintain users’ interest is needed to have attractive interaction environments with elements by which the educational process will be occurred through a more engaging way. Gamification method [9] supports this purpose as the incorporation of game elements in systems creates gameful products, aiming to increase users’ engagement on using ICTs. Considering this, by implementing such elements in educational processes on privacy issues, users will have the illusion that they participate into a game but in fact they will be trained.

In spite of the benefits offered by this approach, it has been noticed that developers of instructional models have not emphasize on the consideration of its features during the development phases. Gamification has been mostly used as a tool for the development of applications [10], rather than as an approach which can be considered, so that to design a gamified instructional method. Further to this, the introduction of privacy issues into a such method would be useful for the design of products that purposing on having privacy aware users. Towards this, two main questions arise and will be addressed in this chapter, concerning the offered instructional methods and the mentioned privacy concepts on which users can be educated. The aim is to identify which features and phases have been recommended for the design of educational products and on which privacy topics would be helpful for users to be trained, so that to be able to protect their personal information. Additionally, gamification features are explained to highlight how this method is useful for creating an attractive educational process, especially, when the concept is complex for users, like privacy. These results could be useful for the development of an approach aiming on designing services on privacy awareness within a gameful environment.

To select all this information regarding the two research questions, the PRISMA review method [11] has been followed and implemented. We, first, defined our research questions and the search terms based on each question. According to our search strategy and eligibility criteria, the final results were conducted for each research question which, afterwards, were described. The rest of the paper is organized as follows. In Section 2 gamification features are described. In Section 3, the methods, implemented for the conduction of the results are described. In Section 4, the findings are presented based on the described methods. A discussion of the results is presented in Section 5. Finally, Section 6 concludes the paper.


2. The features of gamification

The provision of attractive ICTs which increase users’ engagement is needed while most of users’ activities are accomplished through technologies, e.g. e-learning [12]. Such services can be developed through gamification method, as it concerns the implementation of game elements in applications [9]. According to the literature, several models have been recorded that developers have used to design a gamified system [13, 14, 15, 16]. Despite that these methods differ respectively to their processes, their common aim is to show the steps for creating an attractive system to engage users. This approach has been used in various domains [17]. For instance, gamified services in marketing domain aim at raising each company’s selling, while customers collect points which can be used for earning gift cards or discounts in products [18]. Furthermore, the use of such services for health issues engages users on protecting their health. For example, they can be notified in order to take their prescription, while they win points or gifts each time they react [19]. Gamified services have been provided in tourism sector as well, in order for the participants to discover several places that may care to visit [20, 21]. Additionally, to increase cultural awareness, such applications are helpful, as it has been recorded in previous literature [22, 23]. Users get familiar with the cultural heritage of various countries through a more interesting process. Thus, several benefits arise by using gamification.

In our previous work, a sequence of game elements has been recorded based on several studies in the literature for the creation of gameful applications [17, 24]. Some of them support the interaction between users, so that they are engaged to participate. These elements are the communication, challenges, competition and collaboration [25]. The results of each interaction may be presented in leaderboards, which engage users on participating in several tasks against or with others. In addition, alternative activities [26], such as quizzes [12], are provided to users to select points and pass levels, so that to win badges and rewards [27]. Users have the ability while creating profiles, to select either a specific role depending on their preferences or an avatar for an animated representation [28]. Some of the gamified applications may provide feedback to users in order to know their progress or improve their actions [29]. Others include rules which have to be followed during the completion of each task or the connection with users’ location [26]. The last one has mostly noticed in applications regarding tourism domain. Additionally, notifications are presented, e.g. for reminding a specific action that should be accomplished [25].

Through these features, gamified applications can be developed in several domains. As described previously, the incorporation of game elements in instructional methods is also crucial, so that the training process to be more interesting and effective, especially, in case the education concerns difficult concepts, such as the protection of users’ privacy. However, there is a lack of such models. Two questions arise and addressed in this work, regarding the recorded instructional methods and the privacy awareness topics. These results along with the gamification features could be considered for the creation of a method aiming at training users on privacy issues through gamification.


3. Methods

In this Section, the implemented methodology for the conduction of the review results is described. This research was conducted during September 2020. The review protocol was based on the PRISMA statement [11]. First, the research questions (RQs), presented in Table 1, were addressed. The aim of the first research questions is to identify which studies refers to instructional models which can be implemented for developing programs, by using them individuals could be educated on various domains, and to record the steps that each one recommends. According to the second question, the aim is to identify the mentioned privacy topics in literature, which can be taken into consideration while designing training programs for making users to be aware of privacy issues.

Research Question 1Which instructional simulation models have been recorded?
Rationale: The aim is to record their steps.
Research Question 2Which privacy topics have been recorded in literature for increasing users’ privacy awareness?
Rationale: The aim is to identify if there are such topics and to record them.

Table 1.

Research questions.

Based on the above research questions, the next step was to define the search terms. The search string used to collect documents from sources, was constructed using the following terms and the Boolean OR was employed to link them.

  • Search terms for RQ1: (“Instructional simulation model” OR “Educational simulation model” OR “Instructional simulation method” OR “Instructional simulation framework” OR “Educational simulation method” OR “Educational simulation framework”)

  • Search terms for RQ2: (“Privacy educational topics” OR “Privacy awareness topics”)

A literature review of works, written in English, indexed in Google Scholar, Scopus, IEEExplore, ACM Digital Library, ScienceDirect and Google was conducted to explore the recorded educational methods and privacy topics. The search was applied to the titles, abstracts and keywords of journal, chapters, workshop and conference papers in order to ensure that their context is the appropriate for the purpose of this work. In addition, studies, identified in non-academic online publications, were collected. The search strategy is outlined in Table 2.

Academic databases searched
  • IEEExplore

  • Scopus

  • Science Direct

  • ACM Digital Library

Other data sources
  • Google Scholar

  • Google (only non – academic sources)

Target items
  • Journals papers

  • Workshop papers

  • Conference papers

  • Chapters

  • Non-academic online publications

Search applied to
  • Titles

  • Abstracts

  • Keywords

  • English

Publication period
  • From 2005 until today

Table 2.

Search strategy.

Due to the large number of results, returned by a general search and in order to keep the search within reasonable bounds, the number of the results was limited, by selecting publications according to the inclusion and exclusion criteria, presented in Table 3. First, academic, journal, conference, workshop studies and sites with instructional methods and privacy awareness topics were recorded. The publication date for the studies was defined since 2005, since, according to the literature, most of the studies regarding these methods are published since this year. Thus, it was also preferable to limit the search of the publication period to the last fifteen years. Furthermore, studies which do not include steps would not be considered useful for the purpose of this review. In order for the comprehension of this research to be effective, the studies had to be written in English.

Eligibility Criteria
Inclusion criteria
  • Academic journal, conference, workshop papers which include instructional or educational simulation methods

  • Studies which include privacy awareness topics

  • Papers written in English

  • Publication date: since 2005

Exclusion criteria
  • Duplicates

  • Studies without steps

  • Studies whose full-text is not accessible

  • Papers available only in the form of abstracts

Table 3.

Inclusion and exclusion criteria.


4. Results

In this Section, the conducted results based on the described strategy are presented. Especially, the total number of publications regarding each research question along with specific information about each study are described. It would be interesting to note that many studies were found, but most of them were not appropriate for this research based on the criteria, described in Table 3. For the RQ1, 390 studies were identified and after removing duplicates, 336 were screened. The total number of studies included in for this research question is ten, while 326 were excluded according to the inclusion and exclusion criteria. The study selection process is reported and in Figure 1, the results are presented based on the PRISMA model.

Figure 1.

Flow diagram for RQ1.

Specifically, based on the findings in Table 4, most of them were identified in ACM digital library and IEEExplore databases, whilst few of the results were found in ScienceDirect database. As presented in Table 5, most of the selected studies, which include steps for designing instructional programs, concern journals. On the other side, either workshop papers or non-academic publications meeting the eligibility criteria were not found. Afterwards, the publication year of each work was mentioned and according to Figure 2, half of them were published from 2010 to 2015.

Summary of target items – RQ1
Academic databases searched
ACM Digital Library185
Other data sources40
Total without duplicates336

Table 4.

Summary of target items for RQ1.

Summary of search results – RQ1
Journals papers6
Workshop papers
Conference papers1
Non-academic online publications

Table 5.

Summary of search results for RQ1.

Figure 2.

Number of instructional design studies by year.

For the second research question, our search identified 2.821 studies. After removing duplicates, 1.976 works remained. Many of them, i.e. 1.968, did not pass the inclusion and exclusion criteria. Eight final eligible studies were selected for this research question. These results are presented in Figure 3. In Table 6, the amount of the identified records is presented, where it is noted that, in contrast to the RQ1, most of them were identified in Scopus and ScienceDirect databases. The included records are eight and most of them were found in non-academic publications, as illustrated in Table 7.

Figure 3.

Flow diagram for RQ2.

Summary of target items – RQ2
Academic databases searched
ACM Digital Library800
Other data sources32
Total without duplicates1.976

Table 6.

Summary of target items for RQ2.

Summary of search results – RQ2
Journals papers1
Workshop papers
Conference papers
Non-academic online publications7

Table 7.

Summary of search results for RQ2.

Based on the conducted results of this Section, it was noticed that the number of the final studies were included in this review regarding the second research question is greater than this of the RQ1 which concern the educational design approaches. The aim of this review process was to identify the recorded instructional methods and the recommended privacy issues on which users could be educated. Both are presented and described in the next Section.


5. Discussion

The completion of several activities by using technologies may raise several privacy risks, while users’ actions and information are recorded. Thus, it is crucial to have aware users on such issues in order to be able to protect their personal information. For instance, many individuals use increasingly various social media, where the creation of a personal account is one of the requirements. Several personal information has to be provided in order to create an account, e.g. the date of birth or an email account. Such information is stored along with users’ actions, like communication history and preferences concerning posts or publications. According to this, privacy risks arise while using various social platforms [30].

The development of instructional programs aiming to train the audience on privacy issues would be a useful process to avoid privacy violations. Several instructional design methods have been recorded in the literature and can be implemented for the development of such services. Additionally, privacy awareness topics have been noticed which could be considered during designing them. The aim of this Section is to present and discuss the results of both research questions, mentioned above regarding the amount of instructional design approaches and the recommended awareness topics on privacy issues.

5.1 Instructional design approaches

According to the results of the research for the first question, ten educational models have been recorded and presented in Table 8. Dissimilar steps and processes are included in each model and two of them consist of a specific concept, e.g. the development of gamified educational programs. Nevertheless, all of them focus on designing applications, whose purpose is to engage users on educating. In [31], the ADDIE approach is described and its name is based on the included steps, i.e. Analyze, Design, Develop, Implement and Evaluate. In summarily, the aim of each step, respectively, is to a) define the context, the aim of the system and users’ needs, b) design the application, c) develop it along with the instruction for the audience, d) implement it after preparing the users, and e) evaluate based on the determined evaluation criteria. Similar to this approach, is the ARCS (Attention, Relevance, Confidence, and Satisfaction) model presented in 2010 [32], which includes the analyzation of the objectives, materials and audience motivation, the selection of tactics and the writing of instructions, the development and implementation of the materials, and the revision of the product in order to detect the expected and unexpected motivational effects.

Instructional Design Approaches
PublicationYearTargetContextType of publicationDatabase
Instructional Design: The ADDIE Approach
(Robert Maribe Branch et al.)
2009Instructional design
  1. Analyze

  2. Design

  3. Develop

  4. Implement

  5. Evaluate

Backward Design: Targeting Depth of Understanding for All Learners
(Childre Amy et al.)
2009Instructional design
  1. Identify learners

  2. Identify Curricular Priorities

  3. Design Assessment Framework

  4. Create learning activities

First principles of instruction
(David Merrill, M.)
2009Instructional design
  1. Activation

  2. Demonstration

  3. Application

  4. Integration

Motivational Design for Learning and Performance
(Keller, John M.)
2010Instructional design
  1. Define

  2. Design

  3. Develop

  4. Pilot

Bloom et al.’s taxonomy of the cognitive domain2011Instructional design
  1. Knowledge

  2. Comprehension

  3. Application

  4. Analysis

  5. Synthesis

  6. Evaluation

A model for the systematic design of instruction
(Walter Dick et al.)
2013Instructional design
  1. Instructional Goals

  2. Instructional Analysis

  3. Entry Behaviors and Learner Characteristics

  4. Performance Objectives

  5. Criterion-Referenced Test Items

  6. Instructional Strategy

  7. Instructional Materials

  8. Formative Evaluation

  9. Summative Evaluation

Enhancement of the ARCS Model for Gamification of Learning
(W. M. Amir Fazamin W. Hamzah et al.)
2014Gamification & Instructional Simulation
  1. Design

  2. Implementation

Comparative Analysis between System Approach, Kemp, Journal
(Ibrahim, Ahmad Abdullahi)
2015Instructional design
  1. instructional program identification, and goal specification of an instructional course

  2. examination of learners’ characteristics based on the instructional decisions

  3. subject content identification with task analysis related to goals and purposes

  4. instructional objective specification

  5. instructional unit in arranged, in logical sequential order of learning

  6. instructional strategies design to meet the mastery of lesson objectives

  7. plan and develop instruction

  8. evaluate instruments for measuring course objectives,

  9. resource selection for instruction and learning activities

An ASSURE-Model Instructional Design Based on Active Learning Strategies and its Effect for 1st Intermediate Student’s Higher Order Thinking Skills in Teaching Science Text Book
(Sami Hameed Kadhim Al-Khattat et al.)
2019Instructional design
  1. Analyze learners

  2. State standards and objectives

  3. Select strategies, technology, media and materials

  4. Utilize technology, media and materials.

  5. Require learner participations

  6. Evaluate and revise

Simulation Models in Education
(Hrvoje Stančić et al.)
2007Simulation Model for e-learning
  1. Formulation of the problem

  2. Collection of the information and construction of the conceptual model

  3. Checking the validity of the conceptual model

  4. Model programming

  5. Checking the validity of the programmed model

  6. Design, conduction and analysis of the simulation

Documentation and presentation of the simulation
Total number of studies10

Table 8.

Instructional design approaches.

In 2015, the ARCS+G model [33] was presented, which extends the ARCS model by incorporating gamification principles in order to provide an approach for using gamification in learning. The gamified approach of ARCS model includes the design and implementation stages in which a sequence of steps is described. Especially, the introduction of gamification principles is accomplished by including the definition of motivational design goals, the preparation of a list with the motivational tactics, which help instructors to accomplish the goals, as well as the development of learning environments with motivational elements. All these processes concern the design phase. During the implementation phase, the selection and explanation of gamification mechanisms is described. For instance, in case of implementing the “competition” element, the use of leaderboards will show the leading scorers, so that users to be motivated and compete more with others. For the implementation of each element, the motivational tactic is considered. In the case of competition, the proposed tactic is the provision of the results to engage users.

Based on [34], the main aim is to identify which the learners are and the priorities of each curriculum. Afterwards, the assessment framework should be developed, which, significantly, includes the selection of tasks, tests and quizzes. The last phase concerns the creation of the learning activities, considering that the context should engage users on educating. The ASSURE model, published in 2019 [35], named after its phases, as the ADDIE model. The described parts are the a) analyzation of learners’ characteristics b) definition of objectives, c) selection and design of learning materials and strategies d) employment of technologies and learning media e) implementation of the material and f) the evaluation and revision of the program.

In [36], similar steps with the above models, have been identified. The main difference is identified on the separation of some phases, which previously were presented as the step one. In particular, the identification of needs, the definition and documentation of the objectives, the analyzation of learners and contexts are the four distinct steps in this approach. Similarly, the development of assessment instruments, instructional strategy and materials concern the three next phases. Afterwards, the aim is to evaluate the product in order to revise it, based on the results of the evaluation and finally, to design and re-evaluate the product. The repetition of the assessment process is recommended in order to improve more the final product.

An equivalent approach has been published in 2015 by [37], where the first parts concern the identification of the instructional program, purposes, users’ needs and context of program. Next, the already defined program has to be planned and developed in order to be implemented. As it is suggested in most of the instructional models, the evaluation process is needed in order to improve it based on the assessment results. The recommended approach in 2011 [38], is relative to the first one of the above described models. This approach consists of six steps, where at first the same identifications about the users’ needs, characteristics, learning objectives and materials are included. Next, the design and application of the material, based on the previous analyzations, are described. The last step is the evaluation of the material based on the recorded feedback. In 2007 [39], Hrvoje Stančić et al. presented general steps, which should be implemented for developing the instructional simulation approaches. In this work, the first step is to identify the scope of the program and therefore, to record the needed information, e.g. development timeframe, in order to design the conceptual model of the program. The design of the program and the examination of each validity are considered as the final steps.

Based on the described models, several steps with similarities are identified. Most of them include the definition of objectives, users’ needs, concept of program and instructional materials during the first phases. Afterwards, the design phase is included where the interface and the context of the program is illustrated in order to be developed. The developed programed is implemented, where users interact with it. In order for the system to be improved, it is crucial to record users’ feedback. Thus, an evaluation stage is needed, where the evaluation criteria are specifically defined. Few differences have been recorded among the models. For instance, one difference that could be mentioned concerns the model ARCS, which focuses more on motivating users, so as to be educated. Furthermore, one of them, i.e. the ARCS+G model [33], is totally different, since its concept is not only to develop an educational product, but also to gamify it by incorporating game elements during its development.

Such approaches should be enhanced and as it was aforementioned, it could be interesting and useful to be combined with gamification attributes in order for, by implementing them, attractive training programs to be developed. Gamification has been mostly utilized as a tool for designing gamified educational programs. Various of such programs have been recorded in previous literature [40, 41] offering a more entertaining educational process and users are more engaged to be trained on several issues. Despite the usefulness of gamification in education domain, its report in educational models is missing. A correlation could be defined among these elements and the processes of instructional models, based on the concept of each element and the aim of each process. Thus, game elements will be included in each step of a model and not only in the design phases as it is customary, according to the gamification models.

5.2 Privacy awareness topics

According to the results, recorded during the search for the RQ2, several privacy topics have been identified, which could be considered during designing educational programs for increasing users’ awareness on privacy issues. Based on their concept, they were classified into four main categories, as presented in Table 9. Landau [42] recommends that users could be educated on privacy social aspects, i.e. privacy regulations and laws, psychology and economics. Specifically, regarding law issues on information privacy, it would be interesting for users to be trained on the existing privacy regulations, on how data has to be protected by each type of organization based on these regulations, and on which rights the privacy policies have been based [42].

Privacy’s social aspects
Psychology (including human–computer interaction)
Law issues on information privacy
Development of privacy within the law
Privacy law in commercial practice, health information, and communications
Privacy and data protection, including the international aspects of this
Regulatory frameworks for privacy
Technical issues on information privacy
Privacy techniques
Anonymization tools (pseudonymity, Tor, k-anonymity, and differential privacy) and attacks on and failures of those tools
Privacy threats
General issues
Why privacy?
What are the consequences of not being #PrivacyAware?
Why should I care about privacy if I have nothing to hide?
Wouldn’t we all be better off if all information was always recorded and visible?
What data needs to be protected?
How to label data
How to organize data
Protocols on sharing data
How to dispose of data no longer needed
The importance of backing up critical data
Differences between privacy and security
Rights that individuals have regarding their personal data
Organization’s responsibilities when collecting and processing personal data
The responsibilities organizations have when sharing data internally, externally, and across borders
Minimize What Data You Collect and Release
Controlling Data Access
Understand the “Privacy by Design” philosophy
How to identify the privacy issues that can arise with new products or services
What are the best tactics for educating staff about their roles in and the importance of privacy and data security?
What should organizations look out for to make sure their vendors and partners are privacy aware?

Table 9.

Privacy awareness topics.

Additionally, more technical subjects are suggested, which could be used for example in order to educate software developers on designing tools, which analyze security and privacy concepts in systems or on developing privacy and security aware services [42]. Furthermore, one subject concerns the anonymization tools, e.g. k-anonymity, while others relative to anonymity – one of the privacy requirements –, concern security issues, cryptography technique and privacy techniques. In general, for users is important to be aware on the “Privacy by Design” philosophy, since they will be able to understand either the importance of protecting their privacy or to recognize what is needed to be implemented to ensure privacy protection [43]. Privacy threats is another issue on which users would be educated, as it is useful to be aware on possible threats in order to be able to protect their personal information while using each type of technology.

Besides them, a sequence of questions has been recorded, recommended as possible topics for privacy awareness. First of all, the audience of an educational program would be interested to know what privacy means and its importance, why it should be aware on privacy issues [44] in order to be able to understand more specified issues. Such issues could be the type of data that should be protected, the way of organizing data, the importance of saving and backing up critical data and the protocols of sharing data [45]. Another privacy awareness topic could be to learn how data can be controlled in order to avoid possible attacks [46]. As, frequently, new products are provided by organizations, the education on privacy issues which arise with new services would be useful for users, as they will be able to identify them while using technologies [43].

While many organizations restore data, individuals should be informed about their rights, which data are used, by whom and the reason of each use. In a similar way, organizations should be aware on their responsibilities regarding the collection, processing and sharing of this users’ data [47]. Further to this, responsible departments of an organization could be educated on strategies regarding the training of the staff on protecting security and privacy in order the education process to be more effective [48]. Additionally, they could be trained on how to recognize that employees are aware on the taught material [48]. By satisfying such issues, trust among users and organizations can be increased. Trust would be also an important subject within educational programs in order to highlight the importance of creating a straightforward relation between entities [47].

Concluding various privacy topics could be considered while designing an educational programs. This process would be useful for individuals due to the difficulty of understanding in depth the importance of privacy and the way of protecting personal data. For instance, a combination between the results of these research questions could concern the model ARCS+G and the consequences of not being privacy-aware. The provision of an attractive interaction environment in relation to the provision of privacy violation examples could be an interesting educational process for users. Such combinations could be achieved, considering the above described results, in order to have privacy-aware users who will be able to protect themselves. Various instructional methods are offered and in their processes the identification of objectives and users’ needs are included. The protection of users’ privacy consists a crucial objective to be considered during designing such services. Concluding, these findings could be useful for experts of designing educational methods. Specifically, the provision of an instructional model whose purpose is to create privacy awareness training programs would be helpful to increase users’ awareness on such issues.


6. Conclusions

The education of users on privacy issues is crucial in order for them to be able to protect their personal information by several possible threats. Thus, privacy awareness programs need to be developed. As privacy is a complex concept for users, attractive environments would support a more effective educational process. This could be achieved by incorporating game elements into instructional methods for privacy issues. However, it has been noticed that gamification has been used more as tool for creating gamified applications on several domains than as a concept included in such methods. Thus, in this work, the gamification features are explained to highlight its importance of considering them in these methods. Further to this, all the offered instructional models recorded in previous literature are presented. Additionally, privacy awareness topics were summarized and explained. For the presentation of these results, a literature review was conducted based on two research questions. The implemented methods are explained in detail and as it is already mentioned, the PRISMA method was used. According to the search terms, many publications were resulted, but considering the eligibility criteria, many of them were excluded. Several educational frameworks were recorded with many similarities, such as the design or the evaluation phase, but some of them differ, since their concept focuses on a specific research area. For instance, one of them incorporates the gamification method in order to develop a gamified instructional model. Similarly, a sequence of privacy issues was mentioned and described, e.g. the importance of protecting personal data and be a privacy-aware user. These results could be considered either for the development of a method, whose aim is to create gamified privacy training programs or for extending one of these methods incorporating gamification features and including a privacy awareness topic. In each case, the provision of such programs is important and useful, so that users to be able to protect themselves through a more effective and engaging way, as many technologies are used for the completion of various tasks.



The research work was supported by the Hellenic Foundation for Research and Innovation (HFRI) under the HFRI PhD Fellowship grant (Fellowship Number: 671).


Conflict of interest

The authors declare no conflict of interest.


  1. 1. T. Dillon, C. Wu, and E. Chang, “Cloud computing: Issues and challenges,” Proceedings-International Conference on Advanced Information Networking and Applications, AINA, pp. 27-33, 2010, doi:10.1109/AINA.2010.187.
  2. 2. A. Valentín, P. M. Mateos, M. M. González-Tablas, L. Pérez, E. López, and I. García, “Motivation and learning strategies in the use of ICTs among university students,” Computers and Education, vol. 61, no. 1, pp. 52-58, 2013, doi:10.1016/j.compedu.2012.09.008.
  3. 3. C. Kalloniatis, P. Belsis, and S. Gritzalis, “A soft computing approach for privacy requirements engineering: The Pri S framework,” Applied Soft Computing Journal, vol. 11, no. 7, pp. 4341-4348, 2011, doi:10.1016/j.asoc.2010.10.012.
  4. 4. C. Kalloniatis, “Incorporating privacy in the design of cloud-based systems: A conceptual meta-model,” Information and Computer Security, vol. 25, no. 5, pp. 614-633, 2017, doi: 10.1108/ICS-06-2016-0044.
  5. 5. A. Pattakou and C. Kalloniatis, “Security and Privacy Requirements Engineering Methods for Traditional and Cloud-Based Systems: A Review,” Cloud Computing, no. c, p. 7, 2017.
  6. 6. L. Liu, E. Yu, and J. Mylopoulos, “Security and privacy requirements analysis within a social setting,” Proceedings of the IEEE International Conference on Requirements Engineering, vol. 2003-Janua, pp. 151-161, 2003, doi: 10.1109/ICRE.2003.1232746.
  7. 7. G. Danezis et al., Privacy and Data Protection by Design - from policy to engineering, no. December. 2015.
  8. 8. W. S. Blackmer, “EU general data protection regulation,” American Fuel and Petrochemical Manufacturers, AFPM - Labor Relations/Human Resources Conference 2018, vol. 2014, no. April, pp. 45-62, 2018.
  9. 9. S. Deterding, Dan Dixon, Rilla Khaled, and L. E. Nacke, “From Game Design Elements to Gamefulness: Defining ‘Gamification,’” Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future Media Environments, MindTrek 2011, pp. 9-15, 2011.
  10. 10. C. R. Nevin et al., “Gamification as a tool for enhancing graduate medical education,” Postgraduate Medical Journal, vol. 90, no. 1070, pp. 685-693, 2014, doi: 10.1136/postgradmedj-2013-132486.
  11. 11. D. Moher, A. Liberati, J. Tetzlaff, and D. G. Altman, “Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement,” International Journal of Surgery, vol. 8, no. 5, pp. 336-341, 2010, doi: 10.1016/j.ijsu.2010.02.007.
  12. 12. M. M. Gåsland, “Game mechanic based e-learning: a case study,” Science And Technology, Master Thesis (June 2011). …, no. June, p. 77, 2011.
  13. 13. B. Morschheuser, L. Hassan, K. Werder, and J. Hamari, “How to design gamification? A method for engineering gamified software,” Information and Software Technology, vol. 95, pp. 219-237, Mar. 2018, doi: 10.1016/j.infsof.2017.10.015.
  14. 14. K. Yonemura, K. Yajima, R. Komura, J. Sato, and Y. Takeichi, “Practical security education on operational technology using gamification method,” in 2017 7th IEEE International Conference on Control System, Computing and Engineering (ICCSCE), Penang, Nov. 2017, pp. 284-288, doi: 10.1109/ICCSCE.2017.8284420.
  15. 15. K. Werbach and D. Hunter, For the win: how game thinking can revolutionize your business. Philadelphia: Wharton Digital Press, 2012.
  16. 16. O. Pedreira, F. García, N. Brisaboa, and M. Piattini, “Gamification in software engineering – A systematic mapping,” Information and Software Technology, vol. 57, pp. 157-168, Jan. 2015, doi: 10.1016/j.infsof.2014.08.007.
  17. 17. A. G. Mavroeidi, A. Kitsiou, C. Kalloniatis, and S. Gritzalis, “Gamification vs. privacy: Identifying and analysing the major concerns,” Future Internet, vol. 11, no. 3, 2019, doi: 10.3390/fi11030067.
  18. 18. K. Huotari, “Defining Gamification - A Service Marketing Perspective,” pp. 17-22, 2012.
  19. 19. D. Johnson, S. Deterding, K. A. Kuhn, A. Staneva, S. Stoyanov, and L. Hides, “Gamification for health and wellbeing: A systematic review of the literature,” Internet Interventions, vol. 6, pp. 89-106, 2016, doi: 10.1016/j.invent.2016.10.002.
  20. 20. N. S. Sever, G. N. Sever, and S. Kuhzady, “The Evaluation of Potentials of Gamification in Tourism Marketing Communication,” IJARBSS, vol. 5, no. 10, p. Pages 188-202, Oct. 2015, doi: 10.6007/IJARBSS/v5-i10/1867.
  21. 21. A. Mehrbod, N. Mehrbod, A. Grilo, C. Vasconcelos, and J. L. Silva, “Gamification in supported geocaching tours,” in 2017 International Conference on Engineering, Technology and Innovation (ICE/ITMC), Funchal, Jun. 2017, pp. 1419-1423, doi: 10.1109/ICE.2017.8280049.
  22. 22. Y. Heryadi, A. Z. Robbany, and H. Sudarma, “User experience evaluation of virtual reality-based cultural gamification using GameFlow approach,” in 2016 1st International Conference on Game, Game Art, and Gamification (ICGGAG), Jakarta, Indonesia, Dec. 2016, pp. 1-5, doi: 10.1109/ICGGAG.2016.8052644.
  23. 23. A. Döpker, T. Brockmann, and S. Stieglitz, “Use Cases for Gamification in Virtual Museums,” p. 14.
  24. 24. A.-G. Mavroeidi, A. Kitsiou, and C. Kalloniatis, “The Interrelation of Game Elements and Privacy Requirements for the Design of a System: A Metamodel,” in Trust, Privacy and Security in Digital Business, vol. 11711, S. Gritzalis, E. R. Weippl, S. K. Katsikas, G. Anderst-Kotsis, A. M. Tjoa, and I. Khalil, Eds. Cham: Springer International Publishing, 2019, pp. 110-125.
  25. 25. K. Seaborn and D. I. Fels, “Gamification in theory and action: A survey,” International Journal of Human Computer Studies, vol. 74, pp. 14-31, 2015, doi: 10.1016/j.ijhcs.2014.09.006.
  26. 26. Z. H. Morford, B. N. Witts, K. J. Killingsworth, and M. P. Alavosius, “Gamification: The intersection between behavior analysis and game design technologies,” Behavior Analyst, vol. 37, no. 1, pp. 25-40, 2014, doi: 10.1007/s40614-014-0006-1.
  27. 27. A. Ahtinen et al., “Mobile mental wellness training for stress management: Feasibility and design implications based on a one-month field study,” Journal of Medical Internet Research, vol. 15, no. 7, pp. 1-13, 2013, doi: 10.2196/mhealth.2596.
  28. 28. M. Andrew, Game Thinking. 2015.
  29. 29. B. Morschheuser, L. Hassan, K. Werder, and J. Hamari, “How to design gamification? A method for engineering gamified software,” Information and Software Technology, vol. 95, no. January, pp. 219-237, 2018, doi: 10.1016/j.infsof.2017.10.015.
  30. 30. G. Beigi and H. Liu, “Privacy in social media: identification, mitigation and applications,” arXiv, vol. 9, no. 4, pp. 1-36, 2018.
  31. 31. R. M. Branch, Approach, Instructional Design: The ADDIE, vol. 53, no. 9. 2009.
  32. 32. J. M. Keller, Motivational Design for Learning and Performance. 2010.
  33. 33. T. Ramadani Arjo, R. Yulius, and M. Fajri Amirul Nasrullah, “Enhancing learning engagement on minangkabau traditional food through gamified mobile quiz,” Journal of Physics: Conference Series, vol. 1196, no. 1, 2019, doi: 10.1088/1742-6596/1196/1/012027.
  34. 34. A. Childre, J. Sands, and S. T. Pope, “Backward Design: Targeting Depth of Understanding for All Learners,” TEACHING Exceptional Children, vol. 41, no. 5, pp. 6-14, 2009, doi: 10.1177/004005990904100501.
  35. 35. S. H. K. Al-Khattat, R. R. Habeeb, and A. R. Mohammed, “An ASSURE-Model Instructional Design Based on Active Learning Strategies and its Effect for 1st Intermediate Student’s Higher Order Thinking Skills in Teaching …,” Psihologija, no. March, 2019.
  36. 36. W. Dick, “A model for the systematic design of instruction,” Instructional Design: International Perspectives: Theory, Research, and Models, vol. 1, pp. 361-370, 2013.
  37. 37. A. A. Ibrahim, “Comparative Analysis between System Approach, Kemp, Journal,” vol. 3, no. 12, pp. 261-270, 2015.
  38. 38. W. Huitt, “Bloom et al.’s taxonomy of the cognitive domain,” Educational Psychology Interactive, 2011.
  39. 39. M. David Merrill, “First principles of instruction,” Instructional-Design Theories and Models, vol. 3, no. 3, pp. 41-56, 2009, doi: 10.4324/9780203872130.
  40. 40. C. Cheong and J. Filippou, “Quick Quiz : A Gamified Approach for Enhancing Learning,” 2013.
  41. 41. L. Feldbusch, F. Winterer, J. Gramsch, L. Feiten, and B. Becker, “SMILE Goes Gaming : Gamification in a Classroom Response System for Academic Teaching,” no. Csedu, pp. 268-277, 2019, doi: 10.5220/0007695102680277.
  42. 42. S. Landau, “Educating engineers: Teaching privacy in a world of open doors,” IEEE Security and Privacy, vol. 12, no. 3, pp. 66-70, 2014, doi: 10.1109/MSP.2014.43.
  43. 43. TeachPrivacy, “Privacy Awareness Training-Privacy by Design.”
  44. 44. Cipher, “Integrate These 10 Topics into Your Data Protection Training,” 2020.
  45. 45. Jordan Stokes, “9 Topics to Cover in Your Privacy Awareness Training Program,” MediaPRO, 2019.
  46. 46. S. Morrow, “5 Methods for Data Privacy Enhancement,” 2017.
  47. 47. TeachPrivacy, “Global Privacy and Data Protection,” 2020.
  48. 48. CSIAC, “Data Privacy Day – Fostering a Culture of Privacy Awareness at Work.”

Written By

Aikaterini-Georgia Mavroeidi, Angeliki Kitsiou and Christos Kalloniatis

Submitted: September 15th, 2020 Reviewed: March 25th, 2021 Published: April 26th, 2021