A Design Space for Effective Privacy Notices
نویسندگان
چکیده
Notifying users about a system’s data practices is supposed to enable users to make informed privacy decisions. Yet, current notice and choice mechanisms, such as privacy policies, are often ineffective because they are neither usable nor useful, and are therefore ignored by users. Constrained interfaces on mobile devices, wearables, and smart home devices connected in an Internet of Things exacerbate the issue. Much research has studied usability issues of privacy notices and many proposals for more usable privacy notices exist. Yet, there is little guidance for designers and developers on the design aspects that can impact the effectiveness of privacy notices. In this paper, we make multiple contributions to remedy this issue. We survey the existing literature on privacy notices and identify challenges, requirements, and best practices for privacy notice design. Further, we map out the design space for privacy notices by identifying relevant dimensions. This provides a taxonomy and consistent terminology of notice approaches to foster understanding and reasoning about notice options available in the context of specific systems. Our systemization of knowledge and the developed design space can help designers, developers, and researchers identify notice and choice requirements and develop a comprehensive notice concept for their system that addresses the needs of different audiences and considers the system’s limitations and opportunities for providing notice. This research was partially funded by NSF grants CNS-1012763 (Nudging Users Towards Privacy), CNS-1330596 (Towards Effective Web Privacy Notice & Choice: A Multi-Disciplinary Perspective), and DGE-0903659 (IGERT: Usable Privacy and Security), as well as by Facebook.
منابع مشابه
How Short Is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices
Privacy policies are often too long and difficult to understand, and are therefore ignored by users. Shorter privacy notices with clearer wording may increase users’ privacy awareness, particularly for emerging mobile and wearable devices with small screens. In this paper, we examine the potential of (1) shortening privacy notices, by removing privacy practices that a large majority of users ar...
متن کاملAddressing the Dilema Between Collaboration and Privacy in Coworking Spaces
This paper aims to inform design strategies for regulating privacy in coworking spaces. Coworking spaces are growing at a high rate, yet studies related to the social, psychological, behavioral and physical needs associated with these environments are limited. The growth of coworking spaces is in greater part facilitated by a drive towards greater interaction and collaboration among the workfor...
متن کاملComics as a Medium for Privacy Notices
Online privacy and security notices are rather ineffective: Very few people read them, and those who do find them difficult to understand and remember. How can we create privacy and security notices that are inviting, engaging, comprehensible, and memorable, even for users with dyslexia or a lower literacy level? In this paper, we propose to investigate the use of comics for privacy and securit...
متن کاملA Large-Scale Evaluation of U.S. Financial Institutions’ Standardized Privacy Notices
Although large-scale comparisons of privacy practices acrossan industry have the potential to illuminate the state ofconsumer privacy and to uncover egregious practices, thefreeform legalese of most privacy policies makes comparisonstime-consuming and expensive. Financial institutions in theUnited States are required by the Gramm-Leach-Bliley Actto provide annual privacy...
متن کاملKnowledge-based Individualized Privacy Plans (KIPPs): A Potential Tool to Improve the Effectiveness of Privacy Notices
The current approach to digital privacy in the United States does not facilitate informed consumer decision-making. In fact, the existing “notice and choice” approach often encourages blind consent, in that consumers frequently consent to privacy policies and terms of service agreements without actually knowing the significance of the terms to which they are consenting. A major source of the pr...
متن کامل