Readability of Privacy Policies of Healthcare Websites

Health-related personal information is very privacy-sensitive. Online privacy policies inform Website users about the ways their personal information is gathered, processed and stored. In the light of increasing privacy concerns, privacy policies seem to be an important mechanism for increasing customer loyalty. However, in practice, consumers only rarely read privacy policies, possibly due to the common assumption that policies are hard to read. By designing and implementing an automated extraction and readability analysis toolset, we present the first study that provides empirical evidence on readability of over 5,000 privacy policies of health websites and over 1,000 privacy policies of top e-commerce sites. Our results confirm the difficulty of reading current privacy policies. We further show that health websites\u27 policies are more readable than top e-commerce ones, but policies of non-commercial health websites are worse readable than commercial ones. Our study also provides a solid policy text corpus for further research

Privacy Policies and Users’ Trust: Does Readability Matter?

Over the years, a drastic increase in online information disclosure spurs a wave of concerns from multiple stakeholders. Among others, users resent the “behind the closed doors” processing of their personal data by companies. Privacy policies are supposed to inform users how their personal information is handled by a website. However, several studies have shown that users rarely read privacy policies for various reasons, not least because limitedly readable policy texts are difficult to understand. Based on our online survey with over 440 responses, we examine the objective and subjective readability of privacy policies and investigate their impact on users’ trust in five big Internet services. Our findings show the stronger a user believes in having understood the privacy policy, the higher he or she trusts a web site across all companies we studied. Our results call for making readability of privacy policies more accessible to an average reader

EXPLORING THE IMPACT OF READABILITY OF PRIVACY POLICIES ON USERS’ TRUST

Empirical studies have repeatedly pointed out that the readability of a privacy policy is a potential source of trust of online users. Nevertheless, many online companies still keep the readability of their privacy policies at a low level. This could possibly coincide with a low compliance of their privacy policies with the guidelines of fair information practices and thus with users’ privacy expectations. Against this background, this study seeks to clarify the role of perceived and actual readability of us-er-friendly and -unfriendly privacy policies in shaping user’s trust in a mobile service provider. Tested for two different mobile service scenarios that differ in the sensitivity of user data (educational enter-tainment app vs. health app), our hypotheses are verified based on the responses of 539 online users. Our findings reveal that in the case of a user-unfriendly data-handling policy, the effect of actual readability of a privacy policy outweighs the effect of its perceived readability in forming users’ trust. At the same time, for a user-friendly privacy policy, only perceived readability plays a significant role in promoting users’ trust in the provider of an educational entertainment app. In a sensitive healthcare context, however, perceived and actual readability of privacy policies are almost equally important

Understanding Website Privacy Policies—A Longitudinal Analysis Using Natural Language Processing

Privacy policies are the main method for informing Internet users of how their data are collected and shared. This study aims to analyze the deficiencies of privacy policies in terms of readability, vague statements, and the use of pacifying phrases concerning privacy. This represents the undertaking of a step forward in the literature on this topic through a comprehensive analysis encompassing both time and website coverage. It characterizes trends across website categories, top-level domains, and popularity ranks. Furthermore, studying the development in the context of the General Data Protection Regulation (GDPR) offers insights into the impact of regulations on policy comprehensibility. The findings reveal a concerning trend: privacy policies have grown longer and more ambiguous, making it challenging for users to comprehend them. Notably, there is an increased proportion of vague statements, while clear statements have seen a decrease. Despite this, the study highlights a steady rise in the inclusion of reassuring statements aimed at alleviating readers’ privacy concerns.Peer Reviewe

Privacy Policies Across the Ages: Content of Privacy Policies 1996-2021

It is well-known that most users do not read privacy policies, but almost always tick the box to agree with them. While the length and readability of privacy policies have been well studied, and many approaches for policy analysis based on natural language processing have been proposed, existing studies are limited in their depth and scope, often focusing on a small number of data practices at single point in time. In this paper, we fill this gap by analyzing the 25-year history of privacy policies using machine learning and natural language processing and presenting a comprehensive analysis of policy contents. Specifically, we collect a large-scale longitudinal corpus of privacy policies from 1996 to 2021 and analyze their content in terms of the data practices they describe, the rights they grant to users, and the rights they reserve for their organizations. We pay particular attention to changes in response to recent privacy regulations such as the GDPR and CCPA. We observe some positive changes, such as reductions in data collection post-GDPR, but also a range of concerning data practices, such as widespread implicit data collection for which users have no meaningful choices or access rights. Our work is an important step towards making privacy policies machine-readable on the user-side, which would help users match their privacy preferences against the policies offered by web services

Readability of websites security privacy policies: A survey on text content and readers

The aim of website's Privacy Policies is to educate consumers of a website's practices and procedures relating to their collection, usage, exchange, control, protection and the use of technology in relation to the information collection (website beacon and cookies) and transmission of user's personal information anytime he visits Internet website. This paper discusses a readability issues in privacy policies and how privacy scholars approach the issue. The paper also compares and analyzes research results on readability measurement of privacy policies and divides them into two categories according to different perspective. The perspective includes readability measurement from reader's perspective and readability measurement from privacy policies text content’s perspective. Our finding shows that website providers should give consumers better control regarding their information and give them more freedom in privacy policies. Only then will consumers become liberated from the burden of choosing between 2 unspeakable options. A legally binding document on the privacy policy can be written, that will also be clear and simple to read

Building cross-language corpora for human understanding of privacy policies

Making sure that users understand privacy policies that impact them is a key challenge for a real GDPR deployment. Research studies are mostly carried in English, but in Europe and elsewhere, users speak a language that is not English. Replicating studies in different languages requires the availability of comparable cross-language privacy policies corpora. This work provides a methodology for building comparable cross-language in a national language and a reference study language. We provide an application example of our methodology comparing English and Italian extending the corpus of one of the first studies about users understanding of technical terms in privacy policies. We also investigate other open issues that can make replication harder