research-article

Visual Interactive Privacy Policy: The Better Choice?

Authors:

Daniel Reinhardt,

Johannes Borchard,

Jörn HurtienneAuthors Info & Claims

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

Article No.: 66, Pages 1 - 12

https://doi.org/10.1145/3411764.3445465

Published: 07 May 2021 Publication History

Abstract

Online privacy policies should enable users to make informed decisions. Current text policies, however, lack usability: users often miss crucial information and consent to them without reading. Visual representation formats may increase comprehension, but are rarely used in practice. In an iterative design process we gathered qualitative feedback on typical policy contents and on existing and newly designed representation formats. We developed design guidelines and a Visual Interactive Privacy Policy based on the Privacy Policy Nutrition Label enriched with control options and further interactive elements. In an empirical evaluation, both visual representations received higher ratings of attractiveness, stimulation, novelty and transparency compared to a standard policy long text. Interactivity improved time spent with the policy. There were no effects on conversion rate, perceived control or perceived trust, efficiency and perspicuity. More research is needed, especially with regard to the cost-benefit ratio of visual privacy policies.

Supplementary Material

Supplementary Materials (3411764.3445465_supplementalmaterials.zip)

Download
288.70 KB

References

[1]

Michiel de Jong Abdullah Diaa, Hugo. 2012. Terms of Service; Didn’t read. https://tosdr.org/

[2]

Manon Arcand, Jacques Nantel, Mathieu Arles-Dufour, and Anne Vincent. 2007. The impact of reading a web site’s privacy statement on perceived control over privacy and perceived trust. Online Information Review 31, 5 (2007), 661–681.

[3]

Naveen Farag Awad and M. S. Krishnan. 2006. The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to Be Profiled Online for Personalization. MIS Quarterly 30, 1 (2006), 13–28. http://www.jstor.org/stable/25148715

[4]

John EG Bateson and Michael K Hui. 1992. The ecological validity of photographic slides and videotapes in simulating the service setting. Journal of Consumer Research 19, 2 (1992), 271–281.

[5]

Annika Baumann, Johannes Haupt, Fabian Gebert, and Stefan Lessmann. 2019. The price of privacy. Business & Information Systems Engineering 61, 4 (2019), 413–431.

[6]

Enrique P Becerra and Pradeep K Korgaonkar. 2011. Effects of trust beliefs on consumers’ online intentions. European Journal of marketing 45, 6 (2011), 936–962.

[7]

Ann Blandford, Dominic Furniss, and Stephann Makri. 2016. Qualitative HCI research: Going behind the scenes. Synthesis Lectures on Human-Centered Informatics 9, 1(2016), 1–115.

[8]

Rainer Böhme and Stefan Köpsell. 2010. Trained to Accept? A Field Experiment on Consent Dialogs. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 2403–2406.

Digital Library

[9]

Cylab Usable Privacy and Security Lab. 2002. Privacy Bird. http://www.privacyfinder.org/

[10]

Jennifer Dapko. 2012. Perceived firm transparency: Scale and model development. Ph.D. Dissertation. University of South Florida, Tampa, FL 33620, USA.

[11]

Narges Delafrooz, Laily Hj Paim, and Ali Khatibi. 2010. Students’ online shopping behavior: An empirical study. Journal of American Science 6, 1 (2010), 137–147.

[12]

Pouyan Esmaeilzadeh. 2019. The Impacts of the Perceived Transparency of Privacy Policies and Trust in Providers for Building Trust in Health Information Exchange: Empirical Study. JMIR medical informatics 7, 4 (2019), e14050.

[13]

Simone Fischer-Hübner, Julio Angulo, Farzaneh Karegar, and Tobias Pulls. 2016. Transparency, Privacy and Trust – Technology for Tracking and Controlling My Data Disclosures: Does This Work?. In Trust Management X, Sheikh Mahbub Habib, Julita Vassileva, Sjouke Mauw, and Max Mühlhäuser (Eds.). Springer International Publishing, Cham, 3–14.

[14]

Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan. 2005. Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’05). Association for Computing Machinery, New York, NY, USA, 43–52. https://doi.org/10.1145/1073001.1073006

Digital Library

[15]

Donna L Hoffman, Thomas P Novak, and Marcos Peralta. 1999. Building consumer trust online. Commun. ACM 42, 4 (1999), 80–85.

Digital Library

[16]

[16] Hotjar.2020. https://www.hotjar.com/

[17]

Yong Hu, Xin Sun, Jing Zhang, Xiangzhou Zhang, Fanghao Luo, and Lijun Huang. 2009. A University Student Behavioral Intention Model of Online Shopping. In Proceedings of the 2009 International Conference on Information Management, Innovation Management and Industrial Engineering - Volume 01(ICIII ’09). IEEE Computer Society, USA, 625–628. https://doi.org/10.1109/ICIII.2009.156

Digital Library

[18]

International Organization for Standardization. 2010. Human-centred design for interactive systems. https://www.iso.org/standard/52075.html

[19]

Carlos Jensen and Colin Potts. 2004. Privacy Policies as Decision-Making Tools: An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vienna, Austria) (CHI ’04). Association for Computing Machinery, New York, NY, USA, 471–478. https://doi.org/10.1145/985692.985752

Digital Library

[20]

Matthew Kay and Michael Terry. 2010. Textured Agreements: Re-Envisioning Electronic Consent. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, USA) (SOUPS ’10). Association for Computing Machinery, New York, NY, USA, Article 13, 13 pages. https://doi.org/10.1145/1837110.1837127

Digital Library

[21]

Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A ”Nutrition Label” for Privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, USA) (SOUPS ’09). Association for Computing Machinery, New York, NY, USA, Article 4, 12 pages. https://doi.org/10.1145/1572532.1572538

Digital Library

[22]

Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 1573–1582. https://doi.org/10.1145/1753326.1753561

Digital Library

[23]

ABW Kennedy and HR Sankey. 1898. The thermal efficiency of steam engines. Report of the committee appointed to the council upon the subject of the definition of a standard or standards of thermal efficiency for steam engines: With an introductory note. In Minutes of the Proceedings, Vol. 134. Thomas Telford-ICE Virtual Library, Institution of Civil Engineers, London, UK, 278–312.

[24]

Bettina Laugwitz, Theo Held, and Martin Schrepp. 2008. Construction and Evaluation of a User Experience Questionnaire. In HCI and Usability for Education and Work, Andreas Holzinger (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 63–76.

[25]

Matthew KO Lee and Efraim Turban. 2001. A trust model for consumer internet shopping. International Journal of electronic commerce 6, 1 (2001), 75–91.

Digital Library

[26]

[26] LimeSurvey 3.14.8.2020. https://www.limesurvey.org/de/

[27]

Ewa Luger, Stuart Moran, and Tom Rodden. 2013. Consent for All: Revealing the Hidden Complexity of Terms and Conditions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13). Association for Computing Machinery, New York, NY, USA, 2687–2696. https://doi.org/10.1145/2470654.2481371

Digital Library

[28]

Fran Maier. 2010. More on The Problem with P3P. https://www.truste.com/blog/?p=879

[29]

Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4(2008), 543.

[30]

Aleecia M. McDonald, Robert W. Reeder, Patrick Gage Kelley, and Lorrie Faith Cranor. 2009. A Comparative Study of Online Privacy Policies and Formats. In Privacy Enhancing Technologies, Ian Goldberg and Mikhail J. Atallah (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 37–55.

[31]

D Harrison McKnight, Vivek Choudhury, and Charles Kacmar. 2002. Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research 13, 3 (2002), 334–359.

Digital Library

[32]

Anthony D Miyazaki and Ana Fernandez. 2000. Internet privacy and security: An examination of online retailer disclosures. Journal of Public Policy & Marketing 19, 1 (2000), 54–61.

[33]

Mozilla Addons. 2019. Lightbeam 3.0. https://addons.mozilla.org/de/firefox/addon/lightbeam-3-0/

[34]

Mozilla Blog. 2019. Firefox Now Available with Enhanced Tracking Protection by Default Plus Updates to Facebook Container, Firefox Monitor and Lockwise. https://blog.mozilla.org/blog/2019/06/04/firefox-now-available-with-enhanced-tracking-protection-by-default/

[35]

Mozilla Support. 2019. Lightbeam extension for Firefox is no longer supported. https://support.mozilla.org/en-US/kb/lightbeam-extension-firefox-no-longer-supported

[36]

Jonathan A Obar and Anne Oeldorf-Hirsch. 2018. The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society 23, 1 (2018), 128–147.

[37]

Yue Pan and George M Zinkhan. 2006. Exploring the impact of online privacy disclosures on consumer trust. Journal of Retailing 82, 4 (2006), 331–338.

[38]

Ilias O Pappas. 2018. User experience in personalized online shopping: A fuzzy-set analysis. European Journal of Marketing 52, 7/8 (2018), 1679–1703.

[39]

Louise E Parker and Richard H Price. 1994. Empowered managers and empowered workers: The effects of managerial support and managerial perceived control on workers’ sense of control over decision making. Human Relations 47, 8 (1994), 911–928.

[40]

Paul A Pavlou. 2003. Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model. International journal of electronic commerce 7, 3 (2003), 101–134.

[41]

Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A Design Space for Effective Privacy Notices. In Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security (Ottawa, Canada) (SOUPS ’15). USENIX Association, USA, 1–17.

Digital Library

[42]

Paul M Schwartz and Daniel Solove. 2009. Notice & Choice. In The Second NPLAN/BMSG Meeting on Digital Media and Marketing to Children.

[43]

Rachel Smith, George Deitz, Marla B Royne, John D Hansen, Marko Grünhagen, and Carl Witte. 2013. Cross-cultural examination of online shopping behavior: A comparison of Norway, Germany, and the United States. Journal of Business Research 66, 3 (2013), 328–335.

[44]

Spiegel Online. 2019. Datenschutzerklärung – So gehen wir mit Ihren Daten um. https://www.spiegel.de/datenschutz-spiegel Layout der Website und der Datenschutzerklärung hat sich seit der Durchführung der Vorstudie geändert und sie wurde um eine Opt-Out-Option ergänzt.

[45]

Madiha Tabassum, Abdulmajeed Alqhatani, Marran Aldossari, and Heather Richter Lipford. 2018. Increasing User Attention with a Comic-Based Policy. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–6. https://doi.org/10.1145/3173574.3173774

Digital Library

[46]

Stefano Taddei and Bastianina Contena. 2013. Privacy, trust and control: Which relationships with online self-disclosure?Computers in Human Behavior 29, 3 (2013), 821–826.

[47]

Terms of Service; Didn’t read Blog. 2018. Duckduckgo and ToS;DR to fuel Internet transparency. https://blog.tosdr.org/duckduckgo-and-tosdr-to-fuel-internet-transparency/

[48]

Janice Y Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Information systems research 22, 2 (2011), 254–268.

[49]

World Wide Web Consortium. 2002. The platform for Privacy Preferences 1.0 (P3P1.0) Specification.https://www.w3.org/TR/P3P/

[50]

X. Jessie Yang, Vaibhav V. Unhelkar, Kevin Li, and Julie A. Shah. 2017. Evaluating Effects of User Experience and System Transparency on Trust in Automation. In Proceedings of the 2017 ACM/IEEE International Conference on Human-Robot Interaction (Vienna, Austria) (HRI ’17). Association for Computing Machinery, New York, NY, USA, 408–416. https://doi.org/10.1145/2909824.3020230

Digital Library

Cited By

Shiri VXiong MCheng JGuo J(2024)Motivating Users to Attend to Privacy: A Theory-Driven Design StudyProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661544(258-275)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661544
Paudel RAl-Ameen M(2024)Priming through Persuasion: Towards Secure Password BehaviorProceedings of the ACM on Human-Computer Interaction10.1145/36373878:CSCW1(1-27)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637387
Dumaru PAtashpanjeh HAl-Ameen M(2024)"It's hard for him to make choices sometimes and he needs guidance": Re-orienting Parental Control for ChildrenProceedings of the ACM on Human-Computer Interaction10.1145/36373598:CSCW1(1-51)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637359
Show More Cited By

Index Terms

Visual Interactive Privacy Policy: The Better Choice?
1. Human-centered computing
  1. Human computer interaction (HCI)

Index terms have been assigned to the content through auto-classification.

Recommendations

PriPoCoG: Guiding Policy Authors to Define GDPR-Compliant Privacy Policies
Trust, Privacy and Security in Digital Business
Abstract
The General Data Protection Regulation (GDPR) makes the creation of compliant privacy policies a complex process. Our goal is to support policy authors during the creation of privacy policies, by providing them feedback on the privacy policy they ...
User interfaces for privacy agents

Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P ...
Privacy Policy Matters: An Empirical Investigation on the Users’ Willingness to Disclose Personal Information and Trust in a Stock Investment Mobile Application
Abstract
Stock investment mobile application often requires significant personal information disclosure. However, users might be reluctant to provide such information due to privacy. In this study, we conducted a 2 × 2 full factorial experimental design ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

May 2021

10862 pages

ISBN:9781450380966

DOI:10.1145/3411764

General Chairs:
Yoshifumi Kitamura
Tohoku University, Japan
,
Aaron Quigley
University of New South Wales, Australia
,
Program Chairs:
Katherine Isbister
University of California Santa Cruz, USA
,
Takeo Igarashi
The University of Tokyo, Japan
,
Publications Chairs:
Pernille Bjørn
University of Copenhagen, Denmark
,
Steven Drucker
Microsoft Research, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CHI '21

Sponsor:

SIGCHI

CHI '21: CHI Conference on Human Factors in Computing Systems

May 8 - 13, 2021

Yokohama, Japan

Acceptance Rates

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
1,316
Total Downloads

Downloads (Last 12 months)298
Downloads (Last 6 weeks)43

Reflects downloads up to 29 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shiri VXiong MCheng JGuo J(2024)Motivating Users to Attend to Privacy: A Theory-Driven Design StudyProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661544(258-275)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661544
Paudel RAl-Ameen M(2024)Priming through Persuasion: Towards Secure Password BehaviorProceedings of the ACM on Human-Computer Interaction10.1145/36373878:CSCW1(1-27)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637387
Dumaru PAtashpanjeh HAl-Ameen M(2024)"It's hard for him to make choices sometimes and he needs guidance": Re-orienting Parental Control for ChildrenProceedings of the ACM on Human-Computer Interaction10.1145/36373598:CSCW1(1-51)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637359
McInnis BPindus RKareem DGamboa SNebeker C(2024)Exploring the Future of Informed Consent: Applying a Service Design ApproachProceedings of the ACM on Human-Computer Interaction10.1145/36373308:CSCW1(1-31)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637330
Sun KKanchi REllo FCo LWu MGelman SRadesky JSchaub FYip J(2024)"Why is Everything in the Cloud?": Co-Designing Visual Cues Representing Data Processes with ChildrenProceedings of the 23rd Annual ACM Interaction Design and Children Conference10.1145/3628516.3655819(517-532)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3628516.3655819
Khoo YKang RReynolds TMentis H(2024)“That’s Kind of Sus(picious)”: The Comprehensiveness of Mental Health Application Users’ Privacy and Security ConcernsProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642705(1-16)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642705
Song QHernandez RKou YGui X(2024)“Our Users' Privacy is Paramount to Us”: A Discourse Analysis of How Period and Fertility Tracking App Companies Address the Roe v Wade OverturnProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642384(1-21)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642384
Liu YGhaiumy Anaraky RAly HByrne K(2023)The Effect of Privacy Fatigue on Privacy Decision-Making BehaviorProceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/2169506723119367067:1(2428-2433)Online publication date: 20-Oct-2023
https://doi.org/10.1177/21695067231193670
Gruebner Ovan Haasteren AHug AElayan SSykora MAlbanese EStettner GWaldboth VMessmer-Khosla SEnzmann CBaumann Dvon Wyl VFadda MWolf Mvon Rhein M(2023)Mental health challenges and digital platform opportunities in patients and families affected by pediatric neuromuscular diseases - experiences from SwitzerlandDIGITAL HEALTH10.1177/205520762312137009Online publication date: 16-Nov-2023
https://doi.org/10.1177/20552076231213700
Bourdoucen ANurgalieva LLindqvist J(2023)Privacy Is the Price: Player Views and Technical Evaluation of Data Practices in Online GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110647:CHI PLAY(1136-1178)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611064
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents