research-article

Visual Interactive Privacy Policy: The Better Choice?

Authors:
Daniel Reinhardt

Julius-Maximilians-Universität Würzburg, Germany

Julius-Maximilians-Universität Würzburg, Germany
View Profile

,
Johannes Borchard

Julius-Maximilians-Universität Würzburg Chair of Psychological Ergonomics, Germany

Julius-Maximilians-Universität Würzburg Chair of Psychological Ergonomics, Germany
View Profile

,
Jörn Hurtienne

Julius-Maximilians-Universität, Germany

Julius-Maximilians-Universität, Germany
View Profile

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing SystemsMay 2021Article No.: 66Pages 1–12https://doi.org/10.1145/3411764.3445465

Published:07 May 2021Publication History

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

Pages 1–12

ABSTRACT

Online privacy policies should enable users to make informed decisions. Current text policies, however, lack usability: users often miss crucial information and consent to them without reading. Visual representation formats may increase comprehension, but are rarely used in practice. In an iterative design process we gathered qualitative feedback on typical policy contents and on existing and newly designed representation formats. We developed design guidelines and a Visual Interactive Privacy Policy based on the Privacy Policy Nutrition Label enriched with control options and further interactive elements. In an empirical evaluation, both visual representations received higher ratings of attractiveness, stimulation, novelty and transparency compared to a standard policy long text. Interactivity improved time spent with the policy. There were no effects on conversion rate, perceived control or perceived trust, efficiency and perspicuity. More research is needed, especially with regard to the cost-benefit ratio of visual privacy policies.

Supplemental Material

Available for Download

zip

Supplementary Materials (288.7 KB)

References

Michiel de Jong Abdullah Diaa, Hugo. 2012. Terms of Service; Didn’t read. https://tosdr.org/Google Scholar
Manon Arcand, Jacques Nantel, Mathieu Arles-Dufour, and Anne Vincent. 2007. The impact of reading a web site’s privacy statement on perceived control over privacy and perceived trust. Online Information Review 31, 5 (2007), 661–681.Google ScholarCross Ref
Naveen Farag Awad and M. S. Krishnan. 2006. The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to Be Profiled Online for Personalization. MIS Quarterly 30, 1 (2006), 13–28. http://www.jstor.org/stable/25148715Google ScholarCross Ref
John EG Bateson and Michael K Hui. 1992. The ecological validity of photographic slides and videotapes in simulating the service setting. Journal of Consumer Research 19, 2 (1992), 271–281.Google ScholarCross Ref
Annika Baumann, Johannes Haupt, Fabian Gebert, and Stefan Lessmann. 2019. The price of privacy. Business & Information Systems Engineering 61, 4 (2019), 413–431.Google ScholarCross Ref
Enrique P Becerra and Pradeep K Korgaonkar. 2011. Effects of trust beliefs on consumers’ online intentions. European Journal of marketing 45, 6 (2011), 936–962.Google Scholar
Ann Blandford, Dominic Furniss, and Stephann Makri. 2016. Qualitative HCI research: Going behind the scenes. Synthesis Lectures on Human-Centered Informatics 9, 1(2016), 1–115.Google ScholarCross Ref
Rainer Böhme and Stefan Köpsell. 2010. Trained to Accept? A Field Experiment on Consent Dialogs. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 2403–2406.Google ScholarDigital Library
Cylab Usable Privacy and Security Lab. 2002. Privacy Bird. http://www.privacyfinder.org/Google Scholar
Jennifer Dapko. 2012. Perceived firm transparency: Scale and model development. Ph.D. Dissertation. University of South Florida, Tampa, FL 33620, USA.Google Scholar
Narges Delafrooz, Laily Hj Paim, and Ali Khatibi. 2010. Students’ online shopping behavior: An empirical study. Journal of American Science 6, 1 (2010), 137–147.Google Scholar
Pouyan Esmaeilzadeh. 2019. The Impacts of the Perceived Transparency of Privacy Policies and Trust in Providers for Building Trust in Health Information Exchange: Empirical Study. JMIR medical informatics 7, 4 (2019), e14050.Google ScholarCross Ref
Simone Fischer-Hübner, Julio Angulo, Farzaneh Karegar, and Tobias Pulls. 2016. Transparency, Privacy and Trust – Technology for Tracking and Controlling My Data Disclosures: Does This Work?. In Trust Management X, Sheikh Mahbub Habib, Julita Vassileva, Sjouke Mauw, and Max Mühlhäuser (Eds.). Springer International Publishing, Cham, 3–14.Google Scholar
Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan. 2005. Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’05). Association for Computing Machinery, New York, NY, USA, 43–52. https://doi.org/10.1145/1073001.1073006Google ScholarDigital Library
Donna L Hoffman, Thomas P Novak, and Marcos Peralta. 1999. Building consumer trust online. Commun. ACM 42, 4 (1999), 80–85.Google ScholarDigital Library
[16] Hotjar.2020. https://www.hotjar.com/Google Scholar
Yong Hu, Xin Sun, Jing Zhang, Xiangzhou Zhang, Fanghao Luo, and Lijun Huang. 2009. A University Student Behavioral Intention Model of Online Shopping. In Proceedings of the 2009 International Conference on Information Management, Innovation Management and Industrial Engineering - Volume 01(ICIII ’09). IEEE Computer Society, USA, 625–628. https://doi.org/10.1109/ICIII.2009.156Google ScholarDigital Library
International Organization for Standardization. 2010. Human-centred design for interactive systems. https://www.iso.org/standard/52075.htmlGoogle Scholar
Carlos Jensen and Colin Potts. 2004. Privacy Policies as Decision-Making Tools: An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vienna, Austria) (CHI ’04). Association for Computing Machinery, New York, NY, USA, 471–478. https://doi.org/10.1145/985692.985752Google ScholarDigital Library
Matthew Kay and Michael Terry. 2010. Textured Agreements: Re-Envisioning Electronic Consent. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, USA) (SOUPS ’10). Association for Computing Machinery, New York, NY, USA, Article 13, 13 pages. https://doi.org/10.1145/1837110.1837127Google ScholarDigital Library
Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A ”Nutrition Label” for Privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, USA) (SOUPS ’09). Association for Computing Machinery, New York, NY, USA, Article 4, 12 pages. https://doi.org/10.1145/1572532.1572538Google ScholarDigital Library
Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 1573–1582. https://doi.org/10.1145/1753326.1753561Google ScholarDigital Library
ABW Kennedy and HR Sankey. 1898. The thermal efficiency of steam engines. Report of the committee appointed to the council upon the subject of the definition of a standard or standards of thermal efficiency for steam engines: With an introductory note.. In Minutes of the Proceedings, Vol. 134. Thomas Telford-ICE Virtual Library, Institution of Civil Engineers, London, UK, 278–312.Google Scholar
Bettina Laugwitz, Theo Held, and Martin Schrepp. 2008. Construction and Evaluation of a User Experience Questionnaire. In HCI and Usability for Education and Work, Andreas Holzinger (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 63–76.Google Scholar
Matthew KO Lee and Efraim Turban. 2001. A trust model for consumer internet shopping. International Journal of electronic commerce 6, 1 (2001), 75–91.Google ScholarDigital Library
[26] LimeSurvey 3.14.8.2020. https://www.limesurvey.org/de/Google Scholar
Ewa Luger, Stuart Moran, and Tom Rodden. 2013. Consent for All: Revealing the Hidden Complexity of Terms and Conditions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13). Association for Computing Machinery, New York, NY, USA, 2687–2696. https://doi.org/10.1145/2470654.2481371Google ScholarDigital Library
Fran Maier. 2010. More on The Problem with P3P. https://www.truste.com/blog/?p=879Google Scholar
Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4(2008), 543.Google Scholar
Aleecia M. McDonald, Robert W. Reeder, Patrick Gage Kelley, and Lorrie Faith Cranor. 2009. A Comparative Study of Online Privacy Policies and Formats. In Privacy Enhancing Technologies, Ian Goldberg and Mikhail J. Atallah (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 37–55.Google Scholar
D Harrison McKnight, Vivek Choudhury, and Charles Kacmar. 2002. Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research 13, 3 (2002), 334–359.Google ScholarDigital Library
Anthony D Miyazaki and Ana Fernandez. 2000. Internet privacy and security: An examination of online retailer disclosures. Journal of Public Policy & Marketing 19, 1 (2000), 54–61.Google ScholarCross Ref
Mozilla Addons. 2019. Lightbeam 3.0. https://addons.mozilla.org/de/firefox/addon/lightbeam-3-0/Google Scholar
Mozilla Blog. 2019. Firefox Now Available with Enhanced Tracking Protection by Default Plus Updates to Facebook Container, Firefox Monitor and Lockwise. https://blog.mozilla.org/blog/2019/06/04/firefox-now-available-with-enhanced-tracking-protection-by-default/Google Scholar
Mozilla Support. 2019. Lightbeam extension for Firefox is no longer supported. https://support.mozilla.org/en-US/kb/lightbeam-extension-firefox-no-longer-supportedGoogle Scholar
Jonathan A Obar and Anne Oeldorf-Hirsch. 2018. The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society 23, 1 (2018), 128–147.Google ScholarCross Ref
Yue Pan and George M Zinkhan. 2006. Exploring the impact of online privacy disclosures on consumer trust. Journal of Retailing 82, 4 (2006), 331–338.Google ScholarCross Ref
Ilias O Pappas. 2018. User experience in personalized online shopping: A fuzzy-set analysis. European Journal of Marketing 52, 7/8 (2018), 1679–1703.Google ScholarCross Ref
Louise E Parker and Richard H Price. 1994. Empowered managers and empowered workers: The effects of managerial support and managerial perceived control on workers’ sense of control over decision making. Human Relations 47, 8 (1994), 911–928.Google ScholarCross Ref
Paul A Pavlou. 2003. Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model. International journal of electronic commerce 7, 3 (2003), 101–134.Google Scholar
Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A Design Space for Effective Privacy Notices. In Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security (Ottawa, Canada) (SOUPS ’15). USENIX Association, USA, 1–17.Google ScholarDigital Library
Paul M Schwartz and Daniel Solove. 2009. Notice & Choice. In The Second NPLAN/BMSG Meeting on Digital Media and Marketing to Children.Google Scholar
Rachel Smith, George Deitz, Marla B Royne, John D Hansen, Marko Grünhagen, and Carl Witte. 2013. Cross-cultural examination of online shopping behavior: A comparison of Norway, Germany, and the United States. Journal of Business Research 66, 3 (2013), 328–335.Google ScholarCross Ref
Spiegel Online. 2019. Datenschutzerklärung – So gehen wir mit Ihren Daten um. https://www.spiegel.de/datenschutz-spiegel Layout der Website und der Datenschutzerklärung hat sich seit der Durchführung der Vorstudie geändert und sie wurde um eine Opt-Out-Option ergänzt.Google Scholar
Madiha Tabassum, Abdulmajeed Alqhatani, Marran Aldossari, and Heather Richter Lipford. 2018. Increasing User Attention with a Comic-Based Policy. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–6. https://doi.org/10.1145/3173574.3173774Google ScholarDigital Library
Stefano Taddei and Bastianina Contena. 2013. Privacy, trust and control: Which relationships with online self-disclosure?Computers in Human Behavior 29, 3 (2013), 821–826.Google Scholar
Terms of Service; Didn’t read Blog. 2018. Duckduckgo and ToS;DR to fuel Internet transparency. https://blog.tosdr.org/duckduckgo-and-tosdr-to-fuel-internet-transparency/Google Scholar
Janice Y Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Information systems research 22, 2 (2011), 254–268.Google Scholar
World Wide Web Consortium. 2002. The platform for Privacy Preferences 1.0 (P3P1.0) Specification.https://www.w3.org/TR/P3P/Google Scholar
X. Jessie Yang, Vaibhav V. Unhelkar, Kevin Li, and Julie A. Shah. 2017. Evaluating Effects of User Experience and System Transparency on Trust in Automation. In Proceedings of the 2017 ACM/IEEE International Conference on Human-Robot Interaction (Vienna, Austria) (HRI ’17). Association for Computing Machinery, New York, NY, USA, 408–416. https://doi.org/10.1145/2909824.3020230Google ScholarDigital Library

Index Terms

Visual Interactive Privacy Policy: The Better Choice?
1. Human-centered computing
  1. Human computer interaction (HCI)

Index terms have been assigned to the content through auto-classification.

Recommendations

PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies
Trust, Privacy and Security in Digital Business
Abstract
The General Data Protection Regulation (GDPR) makes the creation of compliant privacy policies a complex process. Our goal is to support policy authors during the creation of privacy policies, by providing them feedback on the privacy policy they ...
Read More
User interfaces for privacy agents

Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P ...
Read More
Conflict and combination in privacy policy languages
WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society

Many modern enterprises require methods for guaranteeing compliance with privacy legislation and announced privacy policies. IBM has proposed a formal language, the Enterprise Privacy Authorization Language (EPAL), for describing privacy policies ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems
May 2021
10862 pages
ISBN:9781450380966
DOI:10.1145/3411764
General Chairs:
Yoshifumi Kitamura
Tohoku University, Japan
,
Aaron Quigley
University of New South Wales, Australia
,
Program Chairs:
Katherine Isbister
University of California Santa Cruz, USA
,
Takeo Igarashi
The University of Tokyo, Japan
,
Publications Chairs:
Pernille Bjørn
University of Copenhagen, Denmark
,
Steven Drucker
Microsoft Research, USA
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 May 2021
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Privacy
Privacy Policy
Privacy Policy Nutrition Label
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate6,199of26,314submissions,24%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 22
  Total Citations
  View Citations
- 1,206
  Total Downloads
- Downloads (Last 12 months)264
- Downloads (Last 6 weeks)36
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Visual Interactive Privacy Policy: The Better Choice?

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

ABSTRACT

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies

User interfaces for privacy agents

Conflict and combination in privacy policy languages