Why Users Ignore Privacy Policies – A Survey and Intention Model for Explaining User Privacy Behavior

Rudolph, Manuel; Feth, Denis; Polst, Svenja

doi:10.1007/978-3-319-91238-7_45

Cited by 23 publications

(16 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Prior work in privacy and human-computer interaction establishes the motivation for studying these documents. Although most internet users are concerned about privacy (Madden, 2017), Rudolph et al (2018) reports that a significant number do not make the effort to read privacy notices because they perceive them to be too time-consuming or too complicated (Obar and Oeldorf-Hirsch, 2018). Responding to the opaqueness of these document, Schaub et al (2015) introduced methods to ease the design of privacy notices and their integration, and Kelley et al (2010) designed and tested a "privacy nutrition label" approach to present privacy information visually.…”

Section: Related Workmentioning

confidence: 99%

Privacy at Scale: Introducing the PrivaSeer Corpus of Web Privacy Policies

Srinath¹,

Wilson²,

Giles³

2021

Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Confer

View full text Add to dashboard Cite

Organisations disclose their privacy practices by posting privacy policies on their websites. Even though internet users often care about their digital privacy, they usually do not read privacy policies, since understanding them requires a significant investment of time and effort. Natural language processing has been used to create experimental tools to interpret privacy policies, but there has been a lack of large privacy policy corpora to facilitate the creation of large-scale semi-supervised and unsupervised models to interpret and simplify privacy policies. Thus, we present the Pri-vaSeer Corpus of 1,005,380 English language website privacy policies collected from the web. The number of unique websites represented in PrivaSeer is about ten times larger than the next largest public collection of web privacy policies, and it surpasses the aggregate of unique websites represented in all other publicly available privacy policy corpora combined. We describe a corpus creation pipeline with stages that include a web crawler, language detection, document classification, duplicate and near-duplicate removal, and content extraction. We employ an unsupervised topic modelling approach to investigate the contents of policy documents in the corpus and discuss the distribution of topics in privacy policies at web scale. We further investigate the relationship between privacy policy domain PageRanks and text features of the privacy policies. Finally, we use the corpus to pretrain PrivBERT, a transformer-based privacy policy language model, and obtain state of the art results on the data practice classification and question answering tasks.

show abstract

Section: Related Workmentioning

confidence: 99%

Privacy at Scale: Introducing the PrivaSeer Corpus of Web Privacy Policies

Srinath¹,

Wilson²,

Giles³

2021

Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Confer

View full text Add to dashboard Cite

show abstract

“…From a document design perspective, there may be a lot to gain from better information about privacy risks. Given the shortcomings of current privacy statements [7]- [12], some researchers investigated whether or not textual improvements could help. An experimental study showed that merely simplifying privacy statements based on document design principles does not affect users' comprehension, attitudes, or behavior [50].…”

Section: Literature Reviewmentioning

confidence: 99%

“…IEEE 10.1109/TPC.2021.3110617 safeguarding their privacy [5], [6]. Privacy policies detail how online services handle user data, but because they are long and complex, few users try to read them, and those few face difficulties understanding them [7]- [11]. Furthermore, an analysis of privacy statements showed that such disclaimers often place little emphasis on providing users with clear-cut information designed to aid the decision-making process.…”

mentioning

confidence: 99%

Privacy Rating: A User-Centered Approach for Visualizing Data Handling Practices of Online Services

Barth

Jong

Hartel

et al. 2021

IEEE Trans. Profess. Commun.

View full text Add to dashboard Cite

Background: Many countries mandate transparency and consent when personal data are handled by online services. However, most users do not read privacy policies or cannot understand them. An important challenge for technical communicators is empowering users to manage their online privacy responsibly. Literature review: Research suggests that privacy visualizations may alleviate this problem, but existing approaches are incomplete and under-researched. Research questions: 1. How can we design a privacy rating that optimally empowers users with different levels of knowledge about and awareness of online privacy? 2. How do users react to such a privacy rating, in terms of usability, perceived usefulness, and trust in online services? Methodology: We developed Privacy Rating, a tool for mapping and visualizing the privacy of online services. The tool was subjected to user research (N = 30) focusing on usability, perceived usefulness, and effects on trust. To establish the effects on trust, participants were exposed to a website with either a positive or a negative privacy rating. Results: The Privacy Rating appeared to be usable and useful for lay users, and it had a significant effect on users' trust in the online service. Users indicated that they would like the visualization to become an established standard, preferably approved by an independent organization. Conclusions: The Privacy Rating is a user-friendly privacy visualization covering all relevant aspects of privacy. We aim to bring the tool to the market and make it a standard, ideally supported by an independent trustworthy organization.

show abstract

“…(2) Efficiency: Security measures must respect the users' resources, in particular knowledge, available time and cognitive capacity. If security measures put high burdens on the users, it is likely that users reject them [30]. (3) Transparency: Security measures must be transparent for the users (i.e., comprehensible, verifiable and assessable [29]).…”

Section: Heuristics-based Evaluationmentioning

confidence: 99%

Heuristics and Models for Evaluating the Usability of Security Measures

Feth

Polst

2019

Proceedings of Mensch Und Computer 2019

Self Cite

View full text Add to dashboard Cite

Security mechanisms are nowadays part of almost every software. At the same time, they are typically sociotechnical and require involvement of end users to be effective. The usability of security measures is thus an essential factor. Despite this importance, this aspect often does not receive the necessary attention, for example due to short resources like time, budget, or usability experts. In the worst-case, users reject or circumvent even strong security measures and technically secure systems become insecure. To tackle the problem of unusable security measures, we developed a heuristics-based usability evaluation and optimization approach for security measures. In order to make heuristics applicable also for non-usability experts, we enrich them with information from a joint model for usability and security. In particular, this approach allows developers and administrators to perform usability evaluations and thus enables an early tailoring to the user, complementary to expert or user reviews. In this paper, we present our approach, including an initial set of heuristics, a joint model for usability and security and a set of mapping rules that combine heuristics and model. We evaluated the applicability of our approach, which we present in this paper. CCS CONCEPTS • Security and Privacy → Usability in security and privacy; • Human-centered computing → HCI theory, concepts and models; Heuristic evaluations.

show abstract

Why Users Ignore Privacy Policies – A Survey and Intention Model for Explaining User Privacy Behavior

Cited by 23 publications

References 13 publications

Privacy at Scale: Introducing the PrivaSeer Corpus of Web Privacy Policies

Privacy at Scale: Introducing the PrivaSeer Corpus of Web Privacy Policies

Privacy Rating: A User-Centered Approach for Visualizing Data Handling Practices of Online Services

Heuristics and Models for Evaluating the Usability of Security Measures

Contact Info

Product

Resources

About