Serge Egelman
Janice Tsai
Lorrie Faith Cranor
Alessandro Acquisti
ABSTRACT
Many commerce websites post privacy policies to address Internet shoppers' privacy concerns. However, few users read or understand them. Iconic privacy indicators may make privacy policies more accessible and easier for users to understand: in this paper, we examine whether the timing and placement of online privacy indicators impact Internet users' browsing and purchasing decisions. We conducted a laboratory study where we controlled the placement of privacy information, the timing of its appearance, the privacy level of each website, and the price and items being purchased. We found that the timing of privacy information had a significant impact on how much of a premium users were willing to pay for privacy. We also found that timing had less impact when users were willing to examine multiple websites. Finally, we found that users paid more attention to privacy indicators when purchasing privacy-sensitive items than when purchasing items that raised minimal privacy concerns.
- Ackerman, M.S., Cranor, L.F., and Reagle, J. Privacy in e-commerce: examining user scenarios and privacy preferences. In EC '99: Proceedings of the 1st ACM conference on Electronic Commerce (New York, NY, USA, 1999), ACM, pp. 1--8. Google Scholar
Digital Library
- Adkinson, W., Eisenbach, J., and Lenard, T. Privacy online: A report on the information practices and policies of commercial web sites. Tech. rep., Progress&Freedom Foundation, 2002.Google Scholar
- Anton, A., Earp, J., He, Q., Stufflebeam, W., Bolchini, D., and Jensen, C. Financial privacy policies and the need for standardization. IEEE Security&Privacy 2, 2 (Mar-Apr 2004), 36--45. Google ScholarDigital Library
- Byers, S., Cranor, L.F., and Kormann, D. Automated Analysis of P3P-Enabled Web Sites. In Proceedings of the Fifth International Conference on Electronic Commerce (ICEC2003) (October 1-3, 2003), pp. 197--207. http://lorrie.cranor.org/pubs/icec03.html. Google ScholarDigital Library
- Cranor, L.F. Web Privacy with P3P. O'Reilly and Associates, Sebastopol, CA, 2002. Google ScholarDigital Library
- Cranor, L.F., Byers, S., Kormann, D., and McDaniel, P. Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine. In Proceedings of the 2004 Workshop on Privacy Enhancing Technologies (PET2004) (May 26-26, 2004), pp. 314--328. Google ScholarDigital Library
- Cranor, L.F., Guduru, P., and Arjula, M. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction 13, 2 (June, 2006), 135--178. Google ScholarDigital Library
- Earp, J., Anton, A., Aiman-Smith, L., and Stufflebeam, W. Examining internet privacy policies within the context of user privacy values. Engineering Management, IEEE Transactions on 52, 2 (May 2005), 227--237.Google ScholarCross Ref
- Edelman, B. Adverse selection in online 'trust' certifications. In Proceedings of the 2006 Workshop on the Economics of Information Security (WEIS'06) (Cambridge, UK, 2006).Google Scholar
- Egelman, S., Cranor, L.F., and Chowdhury, A. An analysis of p3p-enabled web sites among top-20 search results. In Proceedings of the Eighth International Conference on Electronic Commerce (August 14-16, 2006). http://lorrie.cranor.org/pubs/icec06.html. Google ScholarDigital Library
- Egelman, S., Cranor, L.F., and Hong, J. You've been warned: An empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the ACM Computer-Human Interaction Conference (New York, NY, USA, April 2008), ACM Press. Google ScholarDigital Library
- Fogg, B., Marshall, J., Laraki, O., Osipovich, A., Varma, C., Fang, N., Paul, J., Rangekar, A., Shon, J., Swani, P., and Treinen, M. What Makes Web Sites Credible? A Report on a Large Quantitative Study. In Proceedings of the ACM Computer-Human Interaction Conference (Seattle, WA, March 31 - April 4, 2001), ACM. Google ScholarDigital Library
- Gideon, J., Egelman, S., Cranor, L., and Acquisti, A. Power Strips, Prophylactics, and Privacy, Oh My! In Proceedings of the 2006 Symposium on Usable Privacy and Security (12-14, July 2006), pp. 133--144. Google ScholarDigital Library
- Good, N.S., Grossklags, J., Mulligan, D.K., and Konstan, J.A. Noticing notice: a large-scale experiment on the timing of software license agreements. In CHI '07: Proceedings of the SIGCHI conference on Human factors in computing systems (New York, NY, USA, 2007), ACM, pp. 607--616. Google ScholarDigital Library
- Hochheiser, H. The platform for privacy preference as a social protocol: An examination within the U.S. policy context. ACM Transactions on Internet Technology (TOIT) 2, 4 (2002), 276--306. Google ScholarDigital Library
- Jensen, C., Sarkar, C., Jensen, C., and Potts, C. Tracking Website Data-Collection and Privacy Practices with the iWatch Web Crawler. In Proceedings of the 2007 Symposium On Usable Privacy and Security (SOUPS) (Pittsburgh, PA, 2007), ACM Press, pp. 29--40. Google ScholarDigital Library
- Milne, G.R., and Culnan, M.J. Strategies for reducing online privacy risks: Why consumers read (or don't read) online privacy notices. Journal of Interactive Marketing 18, 3 (Summer 2004), 54--61.Google ScholarCross Ref
- Moores, T. Do consumers understand the role of privacy seals in e-commerce? Communications of the ACM 48, 3 (2005), 86--91. Google ScholarDigital Library
- Pollach, I. What's wrong with online privacy policies? Communications of the ACM 50, 9 (2007), 103--108. Google ScholarDigital Library
- Sherman, E. Privacy policies are great-for phds, September 4, 2008. http://industry.bnet.com/technology/1000391/privacy-policies-are-great-for-phds/.Google Scholar
- Sobey, J., Biddle, R., van Oorschot, P., and Patrick, A. Exploring user reactions to browser cues for extended validation certificates. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'08) (October 2008). Google ScholarDigital Library
- TRUSTE. TRUSTe Fact Sheet, 2008. http://www.truste.org/about/fact_sheet.php.Google Scholar
- Tsai, J., Egelman, S., Cranor, L., and Acquisti, A. The effect of online privacy information on purchasing behavior: An experimental study. In Proceedings of the 2007 Workshop on the Economics of Information Security (WEIS'07) (Pittsburgh, PA, USA, 2007).Google Scholar
- Whalen, T., and Inkpen, K.M. Gathering Evidence: Use of Visual Security Cues in Web Browsers. In Proceedings of the 2005 Conference on Graphics Interface (Victoria, British Columbia, 2005), pp. 137--144. Google ScholarDigital Library
- Wu, M., Miller, R.C., and Garfinkel, S.L. Do Security Toolbars Actually Prevent Phishing Attacks? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems Held in Montreal (2006), ACM Press, pp. 601--610. Google ScholarDigital Library
Index Terms
- Timing is everything?: the effects of timing and placement of online privacy indicators
Recommendations
Privacy policy disclosures of behavioural tracking on consumer health websites
ASIST '13: Proceedings of the 76th ASIS&T Annual Meeting: Beyond the Cloud: Rethinking Information BoundariesMany Internet users are seeking health information online, encountering significant privacy risks in the process. Historically, these risks are associated with personally identifiable information, but behavioural tracking presents a new and increasing ...
A Gap in Perceived Importance of Privacy Policies between Individuals and Companies
CONGRESS '09: Proceedings of the 2009 World Congress on Privacy, Security, Trust and the Management of e-BusinessAlthough several studies have examined individuals’ privacy concerns and companies’ privacy policy disclosures, only a few studies examined whether customers’ privacy concerns are adequately addressed in companies’ privacy policy disclosures. This study ...
Sleights of privacy: framing, disclosures, and the limits of transparency
SOUPS '13: Proceedings of the Ninth Symposium on Usable Privacy and SecurityIn an effort to address persistent consumer privacy concerns, policy makers and the data industry seem to have found common grounds in proposals that aim at making online privacy more "transparent." Such self-regulatory approaches rely on, among other ...
Comments