Gamification: A Necessary Element for Designing Privacy Training Programs

The benefits, deriving from utilizing new Information and Communication Technologies (ICTs), such as Internet of Things or cloud computing, raise at the same time several privacy risks and concerns for users. Despite the fact that users’ inability to protect their privacy has been recognized, hence users do not get involved in processes for enhancing their awareness on such issues. However, in order to protect their fundamental right of privacy and to manage it in a practical way when using ICT, privacy literacy is crucial. Users should be trained on privacy issues through appropriate educational programs. Specifically, the development of instructional simulation programs could be of great importance. Relevant methodologies for the development of such services have been recorded in previous literature. Since the concept of training is advanced by creating attractive interaction environments, the educational privacy process could be also more efficient. Towards this, the implementation of game elements serves that purpose, contribut-ing to the design of gameful educational programs. However, despite its benefits, gamification has been noticed to be used more as a tool rather than a concept which could be included in instructional methods. Thus, in this work, gamification features are explained to highlight their importance along with the recorded in the literature educational methods and privacy awareness issues.


Introduction
The established utilization of technologies in various activities, such as the use of cloud systems [1] is an accepted fact [2].However, several challenges arise concerning privacy protection due to the storage of users' information.Personal information is crucial to be protected while using any type of technology.Thus, privacy should be taken into consideration at the early stages of designing a system.A sequence of methods and steps have been recorded in previous literature and by following them, privacy concepts can be analyzed in systems [3][4][5] in order for users' privacy to be protected.This analyzation includes the incorporation of privacy requirements in systems [3,6].Especially, according to the General Data Protection Regulation -GDPR [7], users' personal data should be protected while using The Role of Gamification in Software Development Lifecycle systems.Except this, individuals have the right to be informed about each process concerns their data.Further to this, each type of organization has to follow specific rules referred in regulations, to ensure that data is protected and to define a person who will be the Data Protection Officer (DPO).Additionally, six principles related to processing of personal data should be considered by each organization [8].
Equally crucial is for the audience to be aware on such issues in order for the privacy protection processes to be accomplished more effectively.For instance, employees should be educated on the rights that they have regarding their data, so as to be able to protect themselves.However, the complexity of such issues signifies that specific educational processes are needed, aiming at training individuals on privacy subjects.This combination could be achieved by introducing several privacy topics in educational methods, in order for a privacy awareness program to be developed.Except this, to maintain users' interest is needed to have attractive interaction environments with elements by which the educational process will be occurred through a more engaging way.Gamification method [9] supports this purpose as the incorporation of game elements in systems creates gameful products, aiming to increase users' engagement on using ICTs.Considering this, by implementing such elements in educational processes on privacy issues, users will have the illusion that they participate into a game but in fact they will be trained.
In spite of the benefits offered by this approach, it has been noticed that developers of instructional models have not emphasize on the consideration of its features during the development phases.Gamification has been mostly used as a tool for the development of applications [10], rather than as an approach which can be considered, so that to design a gamified instructional method.Further to this, the introduction of privacy issues into a such method would be useful for the design of products that purposing on having privacy aware users.Towards this, two main questions arise and will be addressed in this chapter, concerning the offered instructional methods and the mentioned privacy concepts on which users can be educated.The aim is to identify which features and phases have been recommended for the design of educational products and on which privacy topics would be helpful for users to be trained, so that to be able to protect their personal information.Additionally, gamification features are explained to highlight how this method is useful for creating an attractive educational process, especially, when the concept is complex for users, like privacy.These results could be useful for the development of an approach aiming on designing services on privacy awareness within a gameful environment.
To select all this information regarding the two research questions, the PRISMA review method [11] has been followed and implemented.We, first, defined our research questions and the search terms based on each question.According to our search strategy and eligibility criteria, the final results were conducted for each research question which, afterwards, were described.The rest of the paper is organized as follows.In Section 2 gamification features are described.In Section 3, the methods, implemented for the conduction of the results are described.In Section 4, the findings are presented based on the described methods.A discussion of the results is presented in Section 5. Finally, Section 6 concludes the paper.

The features of gamification
The provision of attractive ICTs which increase users' engagement is needed while most of users' activities are accomplished through technologies, e.g.e-learning [12].Such services can be developed through gamification method, as it concerns the implementation of game elements in applications [9].According to the literature, several models have been recorded that developers have used to design a gamified system [13][14][15][16].Despite that these methods differ respectively to their processes, their common aim is to show the steps for creating an attractive system to engage users.This approach has been used in various domains [17].For instance, gamified services in marketing domain aim at raising each company's selling, while customers collect points which can be used for earning gift cards or discounts in products [18].Furthermore, the use of such services for health issues engages users on protecting their health.For example, they can be notified in order to take their prescription, while they win points or gifts each time they react [19].Gamified services have been provided in tourism sector as well, in order for the participants to discover several places that may care to visit [20,21].Additionally, to increase cultural awareness, such applications are helpful, as it has been recorded in previous literature [22,23].Users get familiar with the cultural heritage of various countries through a more interesting process.Thus, several benefits arise by using gamification.
In our previous work, a sequence of game elements has been recorded based on several studies in the literature for the creation of gameful applications [17,24].Some of them support the interaction between users, so that they are engaged to participate.These elements are the communication, challenges, competition and collaboration [25].The results of each interaction may be presented in leaderboards, which engage users on participating in several tasks against or with others.In addition, alternative activities [26], such as quizzes [12], are provided to users to select points and pass levels, so that to win badges and rewards [27].Users have the ability while creating profiles, to select either a specific role depending on their preferences or an avatar for an animated representation [28].Some of the gamified applications may provide feedback to users in order to know their progress or improve their actions [29].Others include rules which have to be followed during the completion of each task or the connection with users' location [26].The last one has mostly noticed in applications regarding tourism domain.Additionally, notifications are presented, e.g. for reminding a specific action that should be accomplished [25].
Through these features, gamified applications can be developed in several domains.As described previously, the incorporation of game elements in instructional methods is also crucial, so that the training process to be more interesting and effective, especially, in case the education concerns difficult concepts, such as the protection of users' privacy.However, there is a lack of such models.Two questions arise and addressed in this work, regarding the recorded instructional methods and the privacy awareness topics.These results along with the gamification features could be considered for the creation of a method aiming at training users on privacy issues through gamification.

Methods
In this Section, the implemented methodology for the conduction of the review results is described.This research was conducted during September 2020.The review protocol was based on the PRISMA statement [11].First, the research questions (RQs), presented in Table 1, were addressed.The aim of the first research questions is to identify which studies refers to instructional models which can be implemented for developing programs, by using them individuals could be educated on various domains, and to record the steps that each one recommends.According to the second question, the aim is to identify the mentioned privacy topics in literature, which can be taken into consideration while designing training programs for making users to be aware of privacy issues.
Based on the above research questions, the next step was to define the search terms.The search string used to collect documents from sources, was constructed using the following terms and the Boolean OR was employed to link them.
• Search terms for RQ1: ("Instructional simulation model" OR "Educational simulation model" OR "Instructional simulation method" OR "Instructional simulation framework" OR "Educational simulation method" OR "Educational simulation framework") • Search terms for RQ2: ("Privacy educational topics" OR "Privacy awareness topics") A literature review of works, written in English, indexed in Google Scholar, Scopus, IEEExplore, ACM Digital Library, ScienceDirect and Google was conducted to explore the recorded educational methods and privacy topics.The search was applied to the titles, abstracts and keywords of journal, chapters, workshop and conference papers in order to ensure that their context is the appropriate for the purpose of this work.In addition, studies, identified in non-academic online publications, were collected.The search strategy is outlined in Table 2.
Due to the large number of results, returned by a general search and in order to keep the search within reasonable bounds, the number of the results was limited, by selecting publications according to the inclusion and exclusion criteria, presented in Table 3  Research Question 1 Which instructional simulation models have been recorded?
Rationale: The aim is to record their steps.
Research Question 2 Which privacy topics have been recorded in literature for increasing users' privacy awareness?
Rationale: The aim is to identify if there are such topics and to record them.instructional methods and privacy awareness topics were recorded.The publication date for the studies was defined since 2005, since, according to the literature, most of the studies regarding these methods are published since this year.Thus, it was also preferable to limit the search of the publication period to the last fifteen years.Furthermore, studies which do not include steps would not be considered useful for the purpose of this review.In order for the comprehension of this research to be effective, the studies had to be written in English.

Results
In this Section, the conducted results based on the described strategy are presented.Especially, the total number of publications regarding each research question along with specific information about each study are described.It would be interesting to note that many studies were found, but most of them were not appropriate for this research based on the criteria, described in Table 3.For the RQ1, 390 studies were identified and after removing duplicates, 336 were screened.The total number of studies included in for this research question is ten, while 326 were excluded according to the inclusion and exclusion criteria.The study selection process is reported and in Figure 1, the results are presented based on the PRISMA model.
Specifically, based on the findings in Table 4, most of them were identified in ACM digital library and IEEExplore databases, whilst few of the results were found in ScienceDirect database.As presented in Table 5, most of the selected studies, which include steps for designing instructional programs, concern journals.On the other side, either workshop papers or non-academic publications meeting the eligibility criteria were not found.Afterwards, the publication year of each work was mentioned and according to Figure 2, half of them were published from 2010 to 2015.
For the second research question, our search identified 2.821 studies.After removing duplicates, 1.976 works remained.Many of them, i.e. 1.968, did not pass the inclusion and exclusion criteria.Eight final eligible studies were selected for this research question.These results are presented in Figure 3.In Table 6, the amount of the identified records is presented, where it is noted that, in contrast to the RQ1, most of them were identified in Scopus and ScienceDirect databases.The included records are eight and most of them were found in non-academic publications, as illustrated in Table 7.
Based on the conducted results of this Section, it was noticed that the number of the final studies were included in this review regarding the second research question is greater than this of the RQ1 which concern the educational design    approaches.The aim of this review process was to identify the recorded instructional methods and the recommended privacy issues on which users could be educated.Both are presented and described in the next Section.

Discussion
The completion of several activities by using technologies may raise several privacy risks, while users' actions and information are recorded.Thus, it is crucial to have aware users on such issues in order to be able to protect their personal information.For instance, many individuals use increasingly various social media, where the creation of a personal account is one of the requirements.Several personal information has to be provided in order to create an account, e.g. the date of birth or an email account.Such information is stored along with users' actions, like communication history and preferences concerning posts or publications.According to this, privacy risks arise while using various social platforms [30].
The development of instructional programs aiming to train the audience on privacy issues would be a useful process to avoid privacy violations.Several instructional design methods have been recorded in the literature and can be implemented for the development of such services.Additionally, privacy awareness topics have been noticed which could be considered during designing them.The aim of this   Section is to present and discuss the results of both research questions, mentioned above regarding the amount of instructional design approaches and the recommended awareness topics on privacy issues.

Instructional design approaches
According to the results of the research for the first question, ten educational models have been recorded and presented in Table 8.Dissimilar steps and processes are included in each model and two of them consist of a specific concept, e.g. the development of gamified educational programs.Nevertheless, all of them focus on designing applications, whose purpose is to engage users on educating.In [31], the ADDIE approach is described and its name is based on the included steps, i.e.Analyze, Design, Develop, Implement and Evaluate.In summarily, the aim of each step, respectively, is to a) define the context, the aim of the system and users' needs, b) design the application, c) develop it along with the instruction for the audience, d) implement it after preparing the users, and e) evaluate based on the determined evaluation criteria.Similar to this approach, is the ARCS (Attention, Relevance, Confidence, and Satisfaction) model presented in 2010 [32], which includes the analyzation of the objectives, materials and audience motivation, the selection of tactics and the writing of instructions, the development and implementation of the materials, and the revision of the product in order to detect the expected and unexpected motivational effects.
In 2015, the ARCS+G model [33] was presented, which extends the ARCS model by incorporating gamification principles in order to provide an approach for using gamification in learning.The gamified approach of ARCS model includes the design and implementation stages in which a sequence of steps is described.Especially, the introduction of gamification principles is accomplished by including the definition of motivational design goals, the preparation of a list with the motivational tactics, which help instructors to accomplish the goals, as well as the development of learning environments with motivational elements.All these processes concern the design phase.During the implementation phase, the selection and explanation of gamification mechanisms is described.For instance, in case of implementing the "competition" element, the use of leaderboards will show the leading scorers, so that users to be motivated and compete more with others.For the implementation of each element, the motivational tactic is considered.In the case of competition, the proposed tactic is the provision of the results to engage users.Based on [34], the main aim is to identify which the learners are and the priorities of each curriculum.Afterwards, the assessment framework should be developed, which, significantly, includes the selection of tasks, tests and quizzes.The last phase concerns the creation of the learning activities, considering that the context should engage users on educating.The ASSURE model, published in 2019 [35], named after its phases, as the ADDIE model.The described parts are the a) analyzation of learners' characteristics b) definition of objectives, c) selection and design of learning materials and strategies d) employment of technologies and learning media e) implementation of the material and f) the evaluation and revision of the program.

Summary of target items -RQ2
In [36], similar steps with the above models, have been identified.The main difference is identified on the separation of some phases, which previously were presented as the step one.In particular, the identification of needs, the definition and documentation of the objectives, the analyzation of learners and contexts are the four distinct steps in this approach.Similarly, the development of assessment instruments, instructional strategy and materials concern the three next phases.Afterwards, the aim is to evaluate the product in order to revise it, based on the results of the evaluation and finally, to design and re-evaluate the product.The repetition of the assessment process is recommended in order to improve more the final product.
An equivalent approach has been published in 2015 by [37], where the first parts concern the identification of the instructional program, purposes, users' needs and context of program.Next, the already defined program has to be planned and developed in order to be implemented.As it is suggested in most of the instructional models, the evaluation process is needed in order to improve it based on the assessment results.The recommended approach in 2011 [38], is relative to the first one of the above described models.This approach consists of six steps, where at first the same identifications about the users' needs, characteristics, learning objectives and materials are included.Next, the design and application of the material, based on the previous analyzations, are described.The last step is the evaluation of the material based on the recorded feedback.In 2007 [39], Hrvoje Stančić et al. presented general steps, which should be implemented for developing the instructional simulation approaches.In this work, the first step is to identify the scope of the program and therefore, to record the needed information, e.g.development timeframe, in order to design the conceptual model of the program.The design of the program and the examination of each validity are considered as the final steps.
Based on the described models, several steps with similarities are identified.Most of them include the definition of objectives, users' needs, concept of program and instructional materials during the first phases.Afterwards, the design phase is included where the interface and the context of the program is illustrated in order to be developed.The developed programed is implemented, where users interact with it.In order for the system to be improved, it is crucial to record users' feedback.Thus, an evaluation stage is needed, where the evaluation criteria are specifically defined.Few differences have been recorded among the models.For instance, one difference that could be mentioned concerns the model ARCS, which focuses more on motivating users, so as to be educated.Furthermore, one of them, i.e. the ARCS+G model [33], is totally different, since its concept is not only to develop an educational product, but also to gamify it by incorporating game elements during its development.
Such approaches should be enhanced and as it was aforementioned, it could be interesting and useful to be combined with gamification attributes in order for, by implementing them, attractive training programs to be developed.Gamification has The Role of Gamification in Software Development Lifecycle been mostly utilized as a tool for designing gamified educational programs.Various of such programs have been recorded in previous literature [40,41] offering a more entertaining educational process and users are more engaged to be trained on several issues.Despite the usefulness of gamification in education domain, its report in educational models is missing.A correlation could be defined among these elements and the processes of instructional models, based on the concept of each element and the aim of each process.Thus, game elements will be included in each step of a model and not only in the design phases as it is customary, according to the gamification models.

Privacy awareness topics
According to the results, recorded during the search for the RQ2, several privacy topics have been identified, which could be considered during designing educational programs for increasing users' awareness on privacy issues.Based on their concept, they were classified into four main categories, as presented in Table 9. Landau [42] recommends that users could be educated on privacy social aspects, i.e. privacy regulations and laws, psychology and economics.Specifically, regarding law issues on information privacy, it would be interesting for users to be trained on the existing privacy regulations, on how data has to be protected by each type of organization based on these regulations, and on which rights the privacy policies have been based [42].
Additionally, more technical subjects are suggested, which could be used for example in order to educate software developers on designing tools, which analyze security and privacy concepts in systems or on developing privacy and security aware services [42].Furthermore, one subject concerns the anonymization tools, e.g.k-anonymity, while others relative to anonymity -one of the privacy requirements -, concern security issues, cryptography technique and privacy techniques.In general, for users is important to be aware on the "Privacy by Design" philosophy, since they will be able to understand either the importance of protecting their privacy or to recognize what is needed to be implemented to ensure privacy protection [43].Privacy threats is another issue on which users would be educated, as it is useful to be aware on possible threats in order to be able to protect their personal information while using each type of technology.
Besides them, a sequence of questions has been recorded, recommended as possible topics for privacy awareness.First of all, the audience of an educational program would be interested to know what privacy means and its importance, why it should be aware on privacy issues [44] in order to be able to understand more specified issues.Such issues could be the type of data that should be protected, the way of organizing data, the importance of saving and backing up critical data and the protocols of sharing data [45].Another privacy awareness topic could be to learn how data can be controlled in order to avoid possible attacks [46].As, frequently, new products are provided by organizations, the education on privacy issues which arise with new services would be useful for users, as they will be able to identify them while using technologies [43].
While many organizations restore data, individuals should be informed about their rights, which data are used, by whom and the reason of each use.In a similar way, organizations should be aware on their responsibilities regarding the collection, processing and sharing of this users' data [47].Further to this, responsible departments of an organization could be educated on strategies regarding the training of the staff on protecting security and privacy in order the education process to be more effective [48].Additionally, they could be trained on how to recognize that employees are aware on the taught material [48].By satisfying such issues, trust among users and organizations can be increased.Trust would be also an important subject within educational programs in order to highlight the importance of creating a straightforward relation between entities [47].
Concluding various privacy topics could be considered while designing an educational programs.This process would be useful for individuals due to the difficulty of understanding in depth the importance of privacy and the way of protecting personal data.For instance, a combination between the results of these research questions could concern the model ARCS+G and the consequences of not being privacy-aware.The provision of an attractive interaction environment in relation to the provision of privacy violation examples could be an interesting educational process for users.Such combinations could be achieved, considering the above described results, in order to have privacy-aware users who will be able to protect themselves.Various instructional methods are offered and in their processes the identification of objectives and users' needs are included.The protection of users' privacy consists a crucial objective to be considered during designing such services.Concluding, these findings could be useful for experts of designing educational methods.Specifically, the provision of an instructional model whose purpose is to create privacy awareness training programs would be helpful to increase users' awareness on such issues.

Conclusions
The education of users on privacy issues is crucial in order for them to be able to protect their personal information by several possible threats.Thus, privacy awareness programs need to be developed.As privacy is a complex concept for users, attractive environments would support a more effective educational process.This could be achieved by incorporating game elements into instructional methods for privacy issues.However, it has been noticed that gamification has been used more as tool for creating gamified applications on several domains than as a concept included in such methods.Thus, in this work, the gamification features are explained to highlight its importance of considering them in these methods.Further to this, all the offered instructional models recorded in previous literature are presented.Additionally, privacy awareness topics were summarized and explained.For the presentation of these results, a literature review was conducted based on two research questions.The implemented methods are explained in detail and as it is already mentioned, the PRISMA method was used.According to the search terms, many publications were resulted, but considering the eligibility criteria, many of them were excluded.Several educational frameworks were recorded with many similarities, such as the design or the evaluation phase, but some of them differ, since their concept focuses on a specific research area.For instance, one of them incorporates the gamification method in order to develop a gamified instructional model.Similarly, a sequence of privacy issues was mentioned and described, e.g. the importance of protecting personal data and be a privacy-aware user.These results could be considered either for the development of a method, whose aim is to create gamified privacy training programs or for extending one of these methods incorporating gamification features and including a privacy awareness topic.In each case, the provision of such programs is important and useful, so that users to be able to protect themselves through a more effective and engaging way, as many technologies are used for the completion of various tasks.

Figure 2 .
Figure 2. Number of instructional design studies by year.

.
First, academic, journal, conference, workshop studies and sites with

Table 3 .
Inclusion and exclusion criteria.

Table 4 .
Summary of target items for RQ1.

Table 5 .
Summary of search results for RQ1.

Table 6 .
Summary of target items for RQ2.

Table 7 .
Summary of search results for RQ2.