ABSTRACT
Online privacy policies should enable users to make informed decisions. Current text policies, however, lack usability: users often miss crucial information and consent to them without reading. Visual representation formats may increase comprehension, but are rarely used in practice. In an iterative design process we gathered qualitative feedback on typical policy contents and on existing and newly designed representation formats. We developed design guidelines and a Visual Interactive Privacy Policy based on the Privacy Policy Nutrition Label enriched with control options and further interactive elements. In an empirical evaluation, both visual representations received higher ratings of attractiveness, stimulation, novelty and transparency compared to a standard policy long text. Interactivity improved time spent with the policy. There were no effects on conversion rate, perceived control or perceived trust, efficiency and perspicuity. More research is needed, especially with regard to the cost-benefit ratio of visual privacy policies.
Supplemental Material
Available for Download
- Michiel de Jong Abdullah Diaa, Hugo. 2012. Terms of Service; Didn’t read. https://tosdr.org/Google Scholar
- Manon Arcand, Jacques Nantel, Mathieu Arles-Dufour, and Anne Vincent. 2007. The impact of reading a web site’s privacy statement on perceived control over privacy and perceived trust. Online Information Review 31, 5 (2007), 661–681.Google ScholarCross Ref
- Naveen Farag Awad and M. S. Krishnan. 2006. The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to Be Profiled Online for Personalization. MIS Quarterly 30, 1 (2006), 13–28. http://www.jstor.org/stable/25148715Google ScholarCross Ref
- John EG Bateson and Michael K Hui. 1992. The ecological validity of photographic slides and videotapes in simulating the service setting. Journal of Consumer Research 19, 2 (1992), 271–281.Google ScholarCross Ref
- Annika Baumann, Johannes Haupt, Fabian Gebert, and Stefan Lessmann. 2019. The price of privacy. Business & Information Systems Engineering 61, 4 (2019), 413–431.Google ScholarCross Ref
- Enrique P Becerra and Pradeep K Korgaonkar. 2011. Effects of trust beliefs on consumers’ online intentions. European Journal of marketing 45, 6 (2011), 936–962.Google Scholar
- Ann Blandford, Dominic Furniss, and Stephann Makri. 2016. Qualitative HCI research: Going behind the scenes. Synthesis Lectures on Human-Centered Informatics 9, 1(2016), 1–115.Google ScholarCross Ref
- Rainer Böhme and Stefan Köpsell. 2010. Trained to Accept? A Field Experiment on Consent Dialogs. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 2403–2406.Google ScholarDigital Library
- Cylab Usable Privacy and Security Lab. 2002. Privacy Bird. http://www.privacyfinder.org/Google Scholar
- Jennifer Dapko. 2012. Perceived firm transparency: Scale and model development. Ph.D. Dissertation. University of South Florida, Tampa, FL 33620, USA.Google Scholar
- Narges Delafrooz, Laily Hj Paim, and Ali Khatibi. 2010. Students’ online shopping behavior: An empirical study. Journal of American Science 6, 1 (2010), 137–147.Google Scholar
- Pouyan Esmaeilzadeh. 2019. The Impacts of the Perceived Transparency of Privacy Policies and Trust in Providers for Building Trust in Health Information Exchange: Empirical Study. JMIR medical informatics 7, 4 (2019), e14050.Google ScholarCross Ref
- Simone Fischer-Hübner, Julio Angulo, Farzaneh Karegar, and Tobias Pulls. 2016. Transparency, Privacy and Trust – Technology for Tracking and Controlling My Data Disclosures: Does This Work?. In Trust Management X, Sheikh Mahbub Habib, Julita Vassileva, Sjouke Mauw, and Max Mühlhäuser (Eds.). Springer International Publishing, Cham, 3–14.Google Scholar
- Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan. 2005. Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’05). Association for Computing Machinery, New York, NY, USA, 43–52. https://doi.org/10.1145/1073001.1073006Google ScholarDigital Library
- Donna L Hoffman, Thomas P Novak, and Marcos Peralta. 1999. Building consumer trust online. Commun. ACM 42, 4 (1999), 80–85.Google ScholarDigital Library
- [16] Hotjar.2020. https://www.hotjar.com/Google Scholar
- Yong Hu, Xin Sun, Jing Zhang, Xiangzhou Zhang, Fanghao Luo, and Lijun Huang. 2009. A University Student Behavioral Intention Model of Online Shopping. In Proceedings of the 2009 International Conference on Information Management, Innovation Management and Industrial Engineering - Volume 01(ICIII ’09). IEEE Computer Society, USA, 625–628. https://doi.org/10.1109/ICIII.2009.156Google ScholarDigital Library
- International Organization for Standardization. 2010. Human-centred design for interactive systems. https://www.iso.org/standard/52075.htmlGoogle Scholar
- Carlos Jensen and Colin Potts. 2004. Privacy Policies as Decision-Making Tools: An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vienna, Austria) (CHI ’04). Association for Computing Machinery, New York, NY, USA, 471–478. https://doi.org/10.1145/985692.985752Google ScholarDigital Library
- Matthew Kay and Michael Terry. 2010. Textured Agreements: Re-Envisioning Electronic Consent. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, USA) (SOUPS ’10). Association for Computing Machinery, New York, NY, USA, Article 13, 13 pages. https://doi.org/10.1145/1837110.1837127Google ScholarDigital Library
- Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A ”Nutrition Label” for Privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, USA) (SOUPS ’09). Association for Computing Machinery, New York, NY, USA, Article 4, 12 pages. https://doi.org/10.1145/1572532.1572538Google ScholarDigital Library
- Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 1573–1582. https://doi.org/10.1145/1753326.1753561Google ScholarDigital Library
- ABW Kennedy and HR Sankey. 1898. The thermal efficiency of steam engines. Report of the committee appointed to the council upon the subject of the definition of a standard or standards of thermal efficiency for steam engines: With an introductory note.. In Minutes of the Proceedings, Vol. 134. Thomas Telford-ICE Virtual Library, Institution of Civil Engineers, London, UK, 278–312.Google Scholar
- Bettina Laugwitz, Theo Held, and Martin Schrepp. 2008. Construction and Evaluation of a User Experience Questionnaire. In HCI and Usability for Education and Work, Andreas Holzinger (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 63–76.Google Scholar
- Matthew KO Lee and Efraim Turban. 2001. A trust model for consumer internet shopping. International Journal of electronic commerce 6, 1 (2001), 75–91.Google ScholarDigital Library
- [26] LimeSurvey 3.14.8.2020. https://www.limesurvey.org/de/Google Scholar
- Ewa Luger, Stuart Moran, and Tom Rodden. 2013. Consent for All: Revealing the Hidden Complexity of Terms and Conditions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13). Association for Computing Machinery, New York, NY, USA, 2687–2696. https://doi.org/10.1145/2470654.2481371Google ScholarDigital Library
- Fran Maier. 2010. More on The Problem with P3P. https://www.truste.com/blog/?p=879Google Scholar
- Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4(2008), 543.Google Scholar
- Aleecia M. McDonald, Robert W. Reeder, Patrick Gage Kelley, and Lorrie Faith Cranor. 2009. A Comparative Study of Online Privacy Policies and Formats. In Privacy Enhancing Technologies, Ian Goldberg and Mikhail J. Atallah (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 37–55.Google Scholar
- D Harrison McKnight, Vivek Choudhury, and Charles Kacmar. 2002. Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research 13, 3 (2002), 334–359.Google ScholarDigital Library
- Anthony D Miyazaki and Ana Fernandez. 2000. Internet privacy and security: An examination of online retailer disclosures. Journal of Public Policy & Marketing 19, 1 (2000), 54–61.Google ScholarCross Ref
- Mozilla Addons. 2019. Lightbeam 3.0. https://addons.mozilla.org/de/firefox/addon/lightbeam-3-0/Google Scholar
- Mozilla Blog. 2019. Firefox Now Available with Enhanced Tracking Protection by Default Plus Updates to Facebook Container, Firefox Monitor and Lockwise. https://blog.mozilla.org/blog/2019/06/04/firefox-now-available-with-enhanced-tracking-protection-by-default/Google Scholar
- Mozilla Support. 2019. Lightbeam extension for Firefox is no longer supported. https://support.mozilla.org/en-US/kb/lightbeam-extension-firefox-no-longer-supportedGoogle Scholar
- Jonathan A Obar and Anne Oeldorf-Hirsch. 2018. The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society 23, 1 (2018), 128–147.Google ScholarCross Ref
- Yue Pan and George M Zinkhan. 2006. Exploring the impact of online privacy disclosures on consumer trust. Journal of Retailing 82, 4 (2006), 331–338.Google ScholarCross Ref
- Ilias O Pappas. 2018. User experience in personalized online shopping: A fuzzy-set analysis. European Journal of Marketing 52, 7/8 (2018), 1679–1703.Google ScholarCross Ref
- Louise E Parker and Richard H Price. 1994. Empowered managers and empowered workers: The effects of managerial support and managerial perceived control on workers’ sense of control over decision making. Human Relations 47, 8 (1994), 911–928.Google ScholarCross Ref
- Paul A Pavlou. 2003. Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model. International journal of electronic commerce 7, 3 (2003), 101–134.Google Scholar
- Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A Design Space for Effective Privacy Notices. In Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security (Ottawa, Canada) (SOUPS ’15). USENIX Association, USA, 1–17.Google ScholarDigital Library
- Paul M Schwartz and Daniel Solove. 2009. Notice & Choice. In The Second NPLAN/BMSG Meeting on Digital Media and Marketing to Children.Google Scholar
- Rachel Smith, George Deitz, Marla B Royne, John D Hansen, Marko Grünhagen, and Carl Witte. 2013. Cross-cultural examination of online shopping behavior: A comparison of Norway, Germany, and the United States. Journal of Business Research 66, 3 (2013), 328–335.Google ScholarCross Ref
- Spiegel Online. 2019. Datenschutzerklärung – So gehen wir mit Ihren Daten um. https://www.spiegel.de/datenschutz-spiegel Layout der Website und der Datenschutzerklärung hat sich seit der Durchführung der Vorstudie geändert und sie wurde um eine Opt-Out-Option ergänzt.Google Scholar
- Madiha Tabassum, Abdulmajeed Alqhatani, Marran Aldossari, and Heather Richter Lipford. 2018. Increasing User Attention with a Comic-Based Policy. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–6. https://doi.org/10.1145/3173574.3173774Google ScholarDigital Library
- Stefano Taddei and Bastianina Contena. 2013. Privacy, trust and control: Which relationships with online self-disclosure?Computers in Human Behavior 29, 3 (2013), 821–826.Google Scholar
- Terms of Service; Didn’t read Blog. 2018. Duckduckgo and ToS;DR to fuel Internet transparency. https://blog.tosdr.org/duckduckgo-and-tosdr-to-fuel-internet-transparency/Google Scholar
- Janice Y Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Information systems research 22, 2 (2011), 254–268.Google Scholar
- World Wide Web Consortium. 2002. The platform for Privacy Preferences 1.0 (P3P1.0) Specification.https://www.w3.org/TR/P3P/Google Scholar
- X. Jessie Yang, Vaibhav V. Unhelkar, Kevin Li, and Julie A. Shah. 2017. Evaluating Effects of User Experience and System Transparency on Trust in Automation. In Proceedings of the 2017 ACM/IEEE International Conference on Human-Robot Interaction (Vienna, Austria) (HRI ’17). Association for Computing Machinery, New York, NY, USA, 408–416. https://doi.org/10.1145/2909824.3020230Google ScholarDigital Library
Index Terms
- Visual Interactive Privacy Policy: The Better Choice?
Recommendations
PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies
Trust, Privacy and Security in Digital BusinessAbstractThe General Data Protection Regulation (GDPR) makes the creation of compliant privacy policies a complex process. Our goal is to support policy authors during the creation of privacy policies, by providing them feedback on the privacy policy they ...
User interfaces for privacy agents
Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P ...
Conflict and combination in privacy policy languages
WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic societyMany modern enterprises require methods for guaranteeing compliance with privacy legislation and announced privacy policies. IBM has proposed a formal language, the Enterprise Privacy Authorization Language (EPAL), for describing privacy policies ...
Comments