EXPLORING THE IMPACT OF READABILITY OF PRIVACY POLICIES ON USERS’ TRUST

Empirical studies have repeatedly pointed out that the readability of a privacy policy is a potential source of trust of online users. Nevertheless, many online companies still keep the readability of their privacy policies at a low level. This could possibly coincide with a low compliance of their privacy policies with the guidelines of fair information practices and thus with users’ privacy expectations. Against this background, this study seeks to clarify the role of perceived and actual readability of us-er-friendly and -unfriendly privacy policies in shaping user’s trust in a mobile service provider. Tested for two different mobile service scenarios that differ in the sensitivity of user data (educational enter-tainment app vs. health app), our hypotheses are verified based on the responses of 539 online users. Our findings reveal that in the case of a user-unfriendly data-handling policy, the effect of actual readability of a privacy policy outweighs the effect of its perceived readability in forming users’ trust. At the same time, for a user-friendly privacy policy, only perceived readability plays a significant role in promoting users’ trust in the provider of an educational entertainment app. In a sensitive healthcare context, however, perceived and actual readability of privacy policies are almost equally important

Readability of Privacy Policies of Healthcare Websites

Health-related personal information is very privacy-sensitive. Online privacy policies inform Website users about the ways their personal information is gathered, processed and stored. In the light of increasing privacy concerns, privacy policies seem to be an important mechanism for increasing customer loyalty. However, in practice, consumers only rarely read privacy policies, possibly due to the common assumption that policies are hard to read. By designing and implementing an automated extraction and readability analysis toolset, we present the first study that provides empirical evidence on readability of over 5,000 privacy policies of health websites and over 1,000 privacy policies of top e-commerce sites. Our results confirm the difficulty of reading current privacy policies. We further show that health websites\u27 policies are more readable than top e-commerce ones, but policies of non-commercial health websites are worse readable than commercial ones. Our study also provides a solid policy text corpus for further research

Privacy Policies and Users’ Trust: Does Readability Matter?

Over the years, a drastic increase in online information disclosure spurs a wave of concerns from multiple stakeholders. Among others, users resent the “behind the closed doors” processing of their personal data by companies. Privacy policies are supposed to inform users how their personal information is handled by a website. However, several studies have shown that users rarely read privacy policies for various reasons, not least because limitedly readable policy texts are difficult to understand. Based on our online survey with over 440 responses, we examine the objective and subjective readability of privacy policies and investigate their impact on users’ trust in five big Internet services. Our findings show the stronger a user believes in having understood the privacy policy, the higher he or she trusts a web site across all companies we studied. Our results call for making readability of privacy policies more accessible to an average reader

Do Mobile App Providers Try Enough to Protect Users’ Privacy? – a Content Analysis of Mobile App Privacy Policies

Privacy policies are widely used to draw clear image of risks to users’ personal information in different contexts such as mobile apps. Nonetheless, many believe privacy policies are ineffective tools to notify and aware users about possible risks to information privacy merely because most users have a very low tendency to go through privacy policies to read and comprehend them. Due to intimacy of mobile apps, much of personal information disclosed to them are at risk. Specially, when mobile app users share sensitive personal information to apps chance of privacy violation and consequent risks are higher. It is not only important to understand how mobile developers practically implement a contract to protect users’ privacy based on users’ preferences but also crucial to examine the role of sensitivity of information on developers’ emphasis on different aspects of privacy. This research focuses on two aspects to understand the circumstance users experience when privacy policies are presented: efforts users have to make to read and understand privacy policies in terms of readability and length of statements, and developers’ emphasis on aspects of information privacy with respect to sensitivity of information. To elucidate easiness of reading privacy policy statements, readability and length are calculated. Through the lens of framing concept of prospect theory, this study investigates the information sensitivity level effect on developers’ emphasis on privacy dimensions. Three mobile app categories deal with different levels of sensitive data are health, navigation, and game apps. To differentiate between emphasis on different privacy dimensions when information sensitivity differs, a text mining method is developed in R to analyze the weights of four key privacy dimensions (collection, secondary use, improper access, and error). We downloaded 90 unique mobile app privacy policies. Readability calculations reveal that users should have a minimum of 12 years of secondary education to easily understand privacy policies. The average length of privacy policies is at least 1900 words, which hinders a thorough reading. ANOVA results show a significant difference between secondary uses of information in app privacy policies dealing with higher sensitive data. In addition, the findings demonstrate collection is more emphasized in health than game app privacy policies but do not find any significant difference between improper access dimensions. This study has made two key contributions. First, by building upon the framing concept of prospect theory, this research provides an effective framework to understand the organizational perspective of privacy concerns. Second, the results demonstrate the information sensitivity level is important for measuring privacy concerns

Readability of websites security privacy policies: A survey on text content and readers

The aim of website's Privacy Policies is to educate consumers of a website's practices and procedures relating to their collection, usage, exchange, control, protection and the use of technology in relation to the information collection (website beacon and cookies) and transmission of user's personal information anytime he visits Internet website. This paper discusses a readability issues in privacy policies and how privacy scholars approach the issue. The paper also compares and analyzes research results on readability measurement of privacy policies and divides them into two categories according to different perspective. The perspective includes readability measurement from reader's perspective and readability measurement from privacy policies text content’s perspective. Our finding shows that website providers should give consumers better control regarding their information and give them more freedom in privacy policies. Only then will consumers become liberated from the burden of choosing between 2 unspeakable options. A legally binding document on the privacy policy can be written, that will also be clear and simple to read

A Privacy Policy Comparison of Health and Fitness Related Mobile Applications

AbstractMany mobile device end users believe that privacy is important when dealing with personal health-related information, but the challenge is to develop privacy policies in a meaningful way so that mobile software application developers can adequately meet the requirements of their intended end users. Comprehensive privacy policies, which meet self-regulatory guidelines of increasing transparency on data collection, are often written in a way that average mobile users cannot understand or completely ignore. This paper provides the results of a privacy policy comparison including application permissions requested and several readability metrics used to assess the current state of privacy policies in the health and fitness mobile application market. Our analysis indicates that developers may not be considering their end-users’ reading comprehension levels and specific application permissions are not adequately addressed when developers are creating their privacy policies

SeePrivacy: Automated Contextual Privacy Policy Generation for Mobile Applications

Privacy policies have become the most critical approach to safeguarding individuals' privacy and digital security. To enhance their presentation and readability, researchers propose the concept of contextual privacy policies (CPPs), aiming to fragment policies into shorter snippets and display them only in corresponding contexts. In this paper, we propose a novel multi-modal framework, namely SeePrivacy, designed to automatically generate contextual privacy policies for mobile apps. Our method synergistically combines mobile GUI understanding and privacy policy document analysis, yielding an impressive overall 83.6% coverage rate for privacy-related context detection and an accuracy of 0.92 in extracting corresponding policy segments. Remarkably, 96% of the retrieved policy segments can be correctly matched with their contexts. The user study shows SeePrivacy demonstrates excellent functionality and usability (4.5/5). Specifically, participants exhibit a greater willingness to read CPPs (4.1/5) compared to original privacy policies (2/5). Our solution effectively assists users in comprehending privacy notices, and this research establishes a solid foundation for further advancements and exploration

Understanding Website Privacy Policies—A Longitudinal Analysis Using Natural Language Processing

Privacy policies are the main method for informing Internet users of how their data are collected and shared. This study aims to analyze the deficiencies of privacy policies in terms of readability, vague statements, and the use of pacifying phrases concerning privacy. This represents the undertaking of a step forward in the literature on this topic through a comprehensive analysis encompassing both time and website coverage. It characterizes trends across website categories, top-level domains, and popularity ranks. Furthermore, studying the development in the context of the General Data Protection Regulation (GDPR) offers insights into the impact of regulations on policy comprehensibility. The findings reveal a concerning trend: privacy policies have grown longer and more ambiguous, making it challenging for users to comprehend them. Notably, there is an increased proportion of vague statements, while clear statements have seen a decrease. Despite this, the study highlights a steady rise in the inclusion of reassuring statements aimed at alleviating readers’ privacy concerns.Peer Reviewe

Privacy Policies Across the Ages: Content of Privacy Policies 1996-2021

It is well-known that most users do not read privacy policies, but almost always tick the box to agree with them. While the length and readability of privacy policies have been well studied, and many approaches for policy analysis based on natural language processing have been proposed, existing studies are limited in their depth and scope, often focusing on a small number of data practices at single point in time. In this paper, we fill this gap by analyzing the 25-year history of privacy policies using machine learning and natural language processing and presenting a comprehensive analysis of policy contents. Specifically, we collect a large-scale longitudinal corpus of privacy policies from 1996 to 2021 and analyze their content in terms of the data practices they describe, the rights they grant to users, and the rights they reserve for their organizations. We pay particular attention to changes in response to recent privacy regulations such as the GDPR and CCPA. We observe some positive changes, such as reductions in data collection post-GDPR, but also a range of concerning data practices, such as widespread implicit data collection for which users have no meaningful choices or access rights. Our work is an important step towards making privacy policies machine-readable on the user-side, which would help users match their privacy preferences against the policies offered by web services