ABSTRACT
Earlier work has shown that consumers cannot effectively find information in privacy policies and that they do not enjoy using them. In our previous research we developed a standardized table format for privacy policies. We compared this standardized format, and two short variants (one tabular, one text) with the current status quo: full text natural-language policies and layered policies. We conducted an online user study of 764 participants to test if these three more-intentionally designed, standardized privacy policy formats, assisted by consumer education, can benefit consumers. Our results show that standardized privacy policy presentations can have significant positive effects on accuracy and speed of information finding and on reader enjoyment of privacy policies.
- S. Balasubramanian and C. Cole. Consumers' search and use of nutrition information: The challenge and promise of the nutrition labeling and education act. In Journal of Marketing, 2002.Google Scholar
- L.F. Cranor. Web Privacy with P3P. O'Reilly and Associates, Sebastopol, CA, 2002. Google ScholarDigital Library
- A. Drichoutis, P. Lazaridis, and R. Nayga. Consumers' use of nutritional labels. In Academy Marketing Science Review, 2006.Google Scholar
- C. Jensen and C. Potts. Privacy policies as decision-making tools: An evaluation of online privacy notices. In Proceedings of the SIGCHI conference on Human Factors in Computing Systems, pages 471--478, Vienna, Austria, 2004. Google ScholarDigital Library
- P. Kelley, L. Cesca, J. Bresee, and L. Cranor. Standardizing privacy notices: An online study of the nutrition label approach. Technical Report CMU-CyLab-09-014, Carnegie Mellon University, November 2009.Google Scholar
- P.G. Kelley, J. Bresee, L.F. Cranor, and R.W. Reeder. A "Nutrition Label" for Privacy. In Proceedings of the 2009 Symposium On Usable Privacy and Security (SOUPS), 2009. Google ScholarDigital Library
- Kleimann Communication Group Inc. Evolution of a prototype financial privacy notice., February 2006. http://www.ftc.gov/privacy/privacy initiatives/ftcfinalreport060228.pdf.Google Scholar
- A. Levy and M. Hastak. Consumer comprehension of financial privacy notices: A report on the results of the quantitative testing, 2008. http://www.ftc.gov/privacy/privacy initiatives/Levy-Hastak-Report.pdf.Google Scholar
- A. McDonald and L. Cranor. The cost of reading privacy policies. In Proceedings of the Technology Policy Research Conference, September 26-28 2008.Google Scholar
- A.M. McDonald, R.W. Reeder, P.G. Kelley, and L.F. Cranor. A comparative study of online privacy policies and formats. In Proceedings of 2009 Workshop on Privacy Enhancing Technologies. ACM, 2009. Google ScholarDigital Library
- R. Reeder, L. Cranor, P. Kelley, and A. McDonald. A user study of the expandable grid applied to p3p privacy policy visualization. In Workshop on Privacy in the Electronic Society, 2008. Google ScholarDigital Library
- The Center for Information Policy Leadership. Multi-Layered Notices Explained, 2004. http://www.hunton.com/files/tbls47Details/FileUpload265/1303/CIPLAPECNotices White Paper.pdf.Google Scholar
- The Center for Information Policy Leadership. Ten steps to develop a multilayered privacy notice, 2005. http://www.hunton.com/files/tbls47Details/FileUpload265/1405/Ten_Steps_whitepaper.pdf.Google Scholar
- United States Code. 6803. Disclosure of institution privacy policy, 2008. http://www.ftc.gov/privacy/glbact/_glbsub1.htm#6803.Google Scholar
- World Wide Web Consortium. The platform for privacy preferences 1.1 (p3p1.1) specification, 2006. http://www.w3.org/TR/P3P11/.Google Scholar
Index Terms
- Standardizing privacy notices: an online study of the nutrition label approach
Recommendations
A "nutrition label" for privacy
SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and SecurityWe used an iterative design process to develop a privacy label that presents to consumers the ways organizations collect, use, and share personal information. Many surveys have shown that consumers are concerned about online privacy, yet current ...
A Comparative Study of Privacy Mechanisms and a Novel Privacy Mechanism [Short Paper]
Information and Communications SecurityAbstractPrivacy of PII(Personally Identifiable Information) on the Internet is a major concern of a netizen. On the Internet different service providers are supposed to publish their own privacy policies but understanding of these policies is a major ...
A user study of the expandable grid applied to P3P privacy policy visualization
WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic societyDisplaying website privacy policies to consumers in ways they understand is an important part of gaining consumers' trust and informed consent, yet most website privacy policies today are presented in confusing, legalistic natural language. Moreover, ...
Comments