ABSTRACT
Studies have repeatedly shown that users are increasingly concerned about their privacy when they go online. In response to both public interest and regulatory pressures, privacy policies have become almost ubiquitous. An estimated 77% of websites now post a privacy policy. These policies differ greatly from site to site, and often address issues that are different from those that users care about. They are in most cases the users' only source of information.This paper evaluates the usability of online privacy policies, as well as the practice of posting them. We analyze 64 current privacy policies, their accessibility, writing, content and evolution over time. We examine how well these policies meet user needs and how they can be improved. We determine that significant changes need to be made to current practice to meet regulatory and usability requirements.
- Adkinson, W. F., Eisenach, J. A., and Lenard T. M. "Privacy Online: A Report on the Information Practices and Policies of Commercial Web Sites" Progress and Freedom Foundation, Washington DC. March 2002]]Google Scholar
- Anton, A. I., Earp, J. B. and Reese, A. "Analyzing Web Site Privacy Requirements Using a Privacy Goal Taxonomy", IEEE Requirements Engineering Conference (RE'02), Essen, Germany, September 2002.]] Google ScholarDigital Library
- BBBOnLine. "Third-Party Assurance Boosts Online Purchasing: BBBOnLine Privacy, Reliability Seals Increase Consumer Confidence; Privacy Remains Public's Chief Concern (survey summary)". Arlington VA, October 17, 2001.]]Google Scholar
- Bellotti, V. and Sellen. A. "Designing for Privacy in Ubiquitous Computing Environments". European Conference on Computer-Supported Cooperative Work, ECSCW '93, Milan, Italy., ACM Press. 1993]] Google ScholarDigital Library
- Culnan, M. J. and Milne, G. R. "The Culnan-Milne Survey on Consumers & Online Privacy Notices: Summary of Responses". Washington DC: FTC, December 2001.]]Google Scholar
- Dourish, P. and Bellotti., V. "Awareness and Coordination in Shared Work Spaces." Computer-Supported Cooperative Work, CSCW'92, Toronto, Canada, ACM Press. 1992]] Google ScholarDigital Library
- Flesch, M. "The Art of Readable Writing", Macmillan Publishing, 1949]]Google Scholar
- Hochhauser, M. "Lost in the Fine Print: Readability of Financial Privacy Notices." Privacy Rights Clearinghouse, July 2001.]]Google Scholar
- Jupiter Research, "Security and Privacy Data." FTC Security Workshop, May 20, 2002]]Google Scholar
- Langheinrich, M. "Privacy by Design: Principles of Privacy-Aware Ubiquitous Systems." Proceedings of Ubicomp 2001, Springer. 2001]] Google ScholarDigital Library
- National Telecommunications and Information Administration. "A Nation Online: How Americans Are Expanding Their Use of the Internet" Washington, D.C. February 2002]]Google Scholar
- Palen, L. and Dourish, P. "Unpacking 'Privacy' for a networked world" Conference on Human Factors in Computing Systems, CHI'03, Ft. Lauderdale, FL. 2003]] Google ScholarDigital Library
- U.S. Children's Online Privacy Protection Act of 1998, Public Law No. 105--277, October 21, 1998.]]Google Scholar
- U.S. Gramm-Leach-Bliley Financial Modernization Act of 1999, Public Law No. 106--102, November 1, 1999.]]Google Scholar
- U.S. Health Insurance Portability and Accountability Act of 1996, Public Law No. 104--191, August 21, 1996.]]Google Scholar
- U.S. Regulatory Fair Warning Act of 1999. H.R. 881 One Hundred Sixth Congress, June 29, 1999 478.]]Google Scholar
Index Terms
- Privacy policies as decision-making tools: an evaluation of online privacy notices
Recommendations
Large-scale readability analysis of privacy policies
WI '17: Proceedings of the International Conference on Web IntelligenceOnline privacy policies notify users of a Website how their personal information is collected, processed and stored. Against the background of rising privacy concerns, privacy policies seem to represent an influential instrument for increasing customer ...
Configuring audience-oriented privacy policies
SafeConfig '09: Proceedings of the 2nd ACM workshop on Assurable and usable security configurationA variety of applications allow users to post and share large amounts of personal information. Yet users also sometimes unintentionally expose their data to wide audiences. Users struggle to manage the sharing and protection of their personal data with ...
Web Privacy Policies in Higher Education: How Are Content and Design Used to Provide Notice (Or a Lack Thereof) to Users?
Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 8533This paper explores the content themes and provision structures of the website privacy policies of a nonrandom sample of comparable universities across the United States. Because these organizations collect, analyze, and manage personal information via ...
Comments