A Design Space for Effective Privacy Notices.

ABSTRACT Notifying users about a system's data practices is supposed to enable users to make informed privacy decisions. Yet, current notice and choice mechanisms, such as privacy poli cies, are often ineffective because they are neither usable nor useful, and are therefore ignored by users. Constrained interfaces on mobile devices, wearables, and smart home de vices connected in an Internet of Things exacerbate the is sue. Much research has studied usability issues of privacy notices and many proposals for more usable privacy notices exist. Yet, there is little guidance for designers and develop ers on the design aspects that can impact the effectiveness of privacy notices. In this paper, we make multiple contribu tions to remedy this issue. We survey the existing literature on privacy notices and identify challenges, requirements, and best practices for privacy notice design. Further, we map out the design space for privacy notices by identifying relevant dimensions. This provides a taxonomy and consistent ter minology of notice approaches to foster understanding and reasoning about notice options available in the context of specific systems. Our systemization of knowledge and the developed design space can help designers, developers, and researchers identify notice and choice requirements and de velop a comprehensive notice concept for their system that addresses the needs of different audiences and considers the system's limitations and opportunities for providing notice

A Design Space for Effective Privacy Notices.

ABSTRACT Notifying users about a system's data practices is supposed to enable users to make informed privacy decisions. Yet, current notice and choice mechanisms, such as privacy policies, are often ineffective because they are neither usable nor useful, and are therefore ignored by users. Constrained interfaces on mobile devices, wearables, and smart home devices connected in an Internet of Things exacerbate the issue. Much research has studied usability issues of privacy notices and many proposals for more usable privacy notices exist. Yet, there is little guidance for designers and developers on the design aspects that can impact the effectiveness of privacy notices. In this paper, we make multiple contributions to remedy this issue. We survey the existing literature on privacy notices and identify challenges, requirements, and best practices for privacy notice design. Further, we map out the design space for privacy notices by identifying relevant dimensions. This provides a taxonomy and consistent terminology of notice approaches to foster understanding and reasoning about notice options available in the context of specific systems. Our systemization of knowledge and the developed design space can help designers, developers, and researchers identify notice and choice requirements and develop a comprehensive notice concept for their system that addresses the needs of different audiences and considers the system's limitations and opportunities for providing notice

Mitigating the Risks of Smartphone Data Sharing: Identifying Opportunities and Evaluating Notice

<p>As smartphones become more ubiquitous, increasing amounts of information about smartphone users are created, collected, and shared. This information may pose privacy and security risks to the smartphone user. The risks may vary from government surveillance to theft of financial information. Previous work in the area of smartphone privacy and security has both identified specific security flaws and examined users’ expectations and behaviors. However, there has not been a broad examination of the smartphone ecosystem to determine the risks to users from smartphone data sharing and the possible mitigations. Two of the five studies in this work examine the smartphone data sharing ecosystem to identify risks and mitigations. The first study uses multi-stakeholder expert interviews to identify risks to users and the mitigations. A second study examines app developers in order to quantify the risky behaviors and identify opportunities to improve security and privacy. In the remaining three of five studies discussed in this work, we examine one specific risk mitigation that has been popular with policy-makers: privacy notices for consumers. If done well, privacy notices should inform smartphone users about the risks and allow them to make informed decisions about data collection. Unfortunately, previous research has found that existing privacy notices do not help smartphone users, as they are neither noticed nor understood. Through user studies, we evaluate options to improve notices. We identify opportunities to capture the attention of users and improve understanding by examining the timing and content of notices. Overall, this work attempts to inform public policy around smartphone privacy and security. We find novel opportunities to mitigate risks by understanding app developers’ work and behaviors. Also, recognizing the current focus on privacy notices, we attempt to frame the debate by examining how users’ attention to and comprehension of notices can be improved through content and timing.</p

Is Your Inseam a Biometric? Evaluating the Understandability of Mobile Privacy Notice Categories (CMU-CyLab-13-011)

<p>The National Telecommunications and Information Administration (NTIA) has proposed a set of categories and definitions to create a United States national standard for short-form privacy notices on mobile devices. These notices are intended to facilitate user decision-making by categorizing both smartphone data to be shared and the entities with which that data is shared. In order to determine whether users consistently understand these proposed categories and their definitions, we conducted an online study with 791 participants. We found that participants had low agreement on how different data and entities should be categorized. We also compared our online results with those provided by four anonymous NTIA stakeholders, finding that even the stakeholders did not consistently categorize data or entities. Our work highlights areas of confusion for both survey participants and experts in the proposed scheme, and we offer suggestions for addressing these issues.</p

Is It the Typeset or the Type of Statistics? Disfluent Font and Self-Disclosure

<p><strong>Background.</strong> The security and privacy communities have become increasingly interested in results from behavioral economics and psychology to help frame decisions so that users can make better privacy and security choices. One such result in the literature suggests that cognitive disfluency (presenting questions in a hard-to-read font) reduces self-disclosure. (A. L. Alter and D. M. Oppenheimer. Suppressing secrecy through metacognitive ease cognitive fluency encourages self-disclosure. Psychological science, 20(11):1414-1420, 2009)</p> <p><strong>Aim.</strong> To examine the replicability and reliability of the effect of disfluency on self-disclosure, in order to test whether such approaches might be used to promote safer security and privacy behaviors.</p> <p><strong>Method.</strong> We conducted a series of survey studies on human subjects with two conditions - disfluent and fluent font. The surveys were completed online (390 participants throughout the United States), on tablets (93 students) and with pen and paper (three studies with 89, 61, and 59 students). The pen and paper studies replicated the original study exactly. We ran an independent samples t-test to check for significant differences between the averages of desirable responses across the two conditions.</p> <p><strong>Results.</strong> In all but one case, participants did not show lower self-disclosure rates under disfluent conditions using an independent samples t-test. We re-analyzed the original data and our data using the same statistical test (paired t-test) as used in the original paper, and only the data from the original published studies supported the hypothesis.</p