Understanding Website Privacy Policies—A Longitudinal Analysis Using Natural Language Processing

Privacy policies are the main method for informing Internet users of how their data are collected and shared. This study aims to analyze the deficiencies of privacy policies in terms of readability, vague statements, and the use of pacifying phrases concerning privacy. This represents the undertaking of a step forward in the literature on this topic through a comprehensive analysis encompassing both time and website coverage. It characterizes trends across website categories, top-level domains, and popularity ranks. Furthermore, studying the development in the context of the General Data Protection Regulation (GDPR) offers insights into the impact of regulations on policy comprehensibility. The findings reveal a concerning trend: privacy policies have grown longer and more ambiguous, making it challenging for users to comprehend them. Notably, there is an increased proportion of vague statements, while clear statements have seen a decrease. Despite this, the study highlights a steady rise in the inclusion of reassuring statements aimed at alleviating readers’ privacy concerns.Peer Reviewe

Readability of Privacy Policies of Healthcare Websites

Health-related personal information is very privacy-sensitive. Online privacy policies inform Website users about the ways their personal information is gathered, processed and stored. In the light of increasing privacy concerns, privacy policies seem to be an important mechanism for increasing customer loyalty. However, in practice, consumers only rarely read privacy policies, possibly due to the common assumption that policies are hard to read. By designing and implementing an automated extraction and readability analysis toolset, we present the first study that provides empirical evidence on readability of over 5,000 privacy policies of health websites and over 1,000 privacy policies of top e-commerce sites. Our results confirm the difficulty of reading current privacy policies. We further show that health websites\u27 policies are more readable than top e-commerce ones, but policies of non-commercial health websites are worse readable than commercial ones. Our study also provides a solid policy text corpus for further research

Anonymity in Bitcoin? – The Users’ Perspective

This article analyzes how users perceive the degree of anonymity provided by the Bitcoin network, to what extent they are concerned about anonymity when using Bitcoin, whether they are knowledgeable of and concerned about specific de-anonymization attacks, and if they are aware of and adopt privacy-preserving countermeasures. A user survey with 125 active Bitcoin users reveals that 70% associate a medium or high level of anonymity with the Bitcoin network and rate their concerns as either low or medium. But almost every 5th user has already considered abandoning Bitcoin because of being concerned about anonymity. Though one third are aware of the risk of de-anonymizing the Blockchain but are not concerned, another almost 50% indeed feel concerned. Our findings have implications for users and developers, suggesting that actions should be undertaken to increase privacy awareness and the level of anonymity provided by the Blockchain and the Bitcoin network

Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios

The emerging cloud computing technology enables new essential scenarios in healthcare, in particular those of data sharing among practitioners. Nevertheless, their security and privacy concerns still impede the wide adoption of cloud computing in this area. Although there are numerous publications in the context of cloud computing in healthcare, we found no consistent typical security and privacy system requirements framework in this domain so far. Owing to the lack of those studies and preparing the ground for creating secure and privacy-friendly cloud architectures for healthcare, we survey security and privacy system requirements for cloud-based medical data sharing scenarios using two strategies. We base on a systematic design science approach following the literature-driven requirement elicitation strategy and apply an established security requirement elicitation methodology as part of the scenario-driven strategy. Finally, we evaluate and compare the two security and privacy system requirements elicitation strategies used in this paper

ACCEPTANCE OF HEALTH CLOUDS - A PRIVACY CALCULUS PERSPECTIVE

The cloud computing paradigm promises to significantly improve the transfer of crucial medical records during medical service delivery. However, since cloud computing technology is still known for unsolved security and privacy challenges, severe concerns could prevent patients and medical workers from accepting such an application scenario. Owing to the lack of similar studies, we investigate what determines an individual´s information privacy concerns on cloud-based transmission of medical records and whether perceived benefits influnce the behavioral intention of individuals to permit medical workers to transfer their medical records via cloud-based services. Based on different established theories, we develop and empirically test a corresponding research model by a survey with more than 260 full responses. \ \ Our results show the perceived benefits of this health cloud scenario override the impact of information privacy concerns even in the privacy-sensitive German-speaking area and immediately after the NSA scandal. Somewhat surprisingly, we also find that in this scenario knowledge about information privacy has no significant effect on information privacy concerns although some relations have been observed in previous empirical studies. Finally, patient information privacy concerns can be mitigated by establishing trust in cloud providers in healthcare as well as in privacy-preserving technological and regulatory mechanisms

EXPLORING THE IMPACT OF READABILITY OF PRIVACY POLICIES ON USERS’ TRUST

Empirical studies have repeatedly pointed out that the readability of a privacy policy is a potential source of trust of online users. Nevertheless, many online companies still keep the readability of their privacy policies at a low level. This could possibly coincide with a low compliance of their privacy policies with the guidelines of fair information practices and thus with users’ privacy expectations. Against this background, this study seeks to clarify the role of perceived and actual readability of us-er-friendly and -unfriendly privacy policies in shaping user’s trust in a mobile service provider. Tested for two different mobile service scenarios that differ in the sensitivity of user data (educational enter-tainment app vs. health app), our hypotheses are verified based on the responses of 539 online users. Our findings reveal that in the case of a user-unfriendly data-handling policy, the effect of actual readability of a privacy policy outweighs the effect of its perceived readability in forming users’ trust. At the same time, for a user-friendly privacy policy, only perceived readability plays a significant role in promoting users’ trust in the provider of an educational entertainment app. In a sensitive healthcare context, however, perceived and actual readability of privacy policies are almost equally important

Website blocking in the European Union: Network interference from the perspective of Open Internet

By establishing an infrastructure for monitoring and blocking networks in accordance with European Union (EU) law on preventive measures against the spread of information, EU member states have also made it easier to block websites and services and monitor information. While relevant studies have documented Internet censorship in non‐European countries, as well as the use of such infrastructures for political reasons, this study examines network interference practices such as website blocking against the backdrop of an almost complete lack of EU‐related research. Specifically, it performs and demonstrates an analysis for the total of 27 EU countries based on three different sources. They include first, tens of millions of historical network measurements collected in 2020 by Open Observatory of Network Interference volunteers from around the world; second, the publicly available blocking lists used by EU member states; and third, the reports issued by network regulators in each country from May 2020 to April 2021. Our results show that authorities issue multiple types of blocklists. Internet Service Providers limit access to different types and categories of websites and services. Such resources are sometimes blocked for unknown reasons and not included in any of the publicly available blocklists. The study concludes with the hurdles related to network measurements and the nontransparency from regulators regarding specifying website addresses in blocking activities.Peer Reviewe

Privacy Policies and Users’ Trust: Does Readability Matter?

Over the years, a drastic increase in online information disclosure spurs a wave of concerns from multiple stakeholders. Among others, users resent the “behind the closed doors” processing of their personal data by companies. Privacy policies are supposed to inform users how their personal information is handled by a website. However, several studies have shown that users rarely read privacy policies for various reasons, not least because limitedly readable policy texts are difficult to understand. Based on our online survey with over 440 responses, we examine the objective and subjective readability of privacy policies and investigate their impact on users’ trust in five big Internet services. Our findings show the stronger a user believes in having understood the privacy policy, the higher he or she trusts a web site across all companies we studied. Our results call for making readability of privacy policies more accessible to an average reader

Cloud Computing in Healthcare – a Literature Review on Current State of Research

Nowadays, IT resources are increasingly being used in all areas of the health sector. Cloud computing offers a promising approach to satisfy the IT needs in a favorable way. Despite numerous publications in the context of cloud computing in healthcare, there is no systematic review on current research so far. This paper addresses the gap and is aimed to identify the state of research and determine the potential areas of future research in the domain. We conduct a structured literature search based on an established framework. Through clustering of the research goals of the found papers we derive research topics including developing cloud-based applications, platforms or brokers, security and privacy mechanisms, and benefit assessments for the use of cloud computing in healthcare. We hence analyze current research results across the topics and deduce areas for future research, e.g., development, validation and improvement of proposed solutions, an evaluation framework

Web Tracking - A Literature Review on the State of Research

Web tracking seems to become ubiquitous in online business and leads to increased privacy concerns of users. This paper provides an overview over the current state of the art of web-tracking research, aiming to reveal the relevance and methodologies of this research area and creates a foundation for future work. In particular, this study addresses the following research questions: What methods are followed? What results have been achieved so far? What are potential future research areas? For these goals, a structured literature review based upon an established methodological framework is conducted. The identified articles are investigated with respect to the applied research methodologies and the aspects of web tracking they emphasize