Towards Assured Informed Consent in Privacy Notice Design : An Eye Movement Detection Approach

Makame, Makame

January 2016

To be able to provide data collecting services to customers, service provides are required by law to design privacy policies and present their content to users as privacy notices that informs the user on privacy consequences and demonstrate that an explicit informed consent of the user has been collected before processing of the data. However, despite the increase in data collection by services and hence increase of privacy impact, yet privacy notices do not implement proper mechanisms that can assure that data subjects are well informed and their consent are provided with comprehension. The root of this problem is the fact that typically only theoretical description of what consent is and what it involves is offered by existing literature but no “practical” design guides are available for decision makers and practitioners on how to effectively integrate a targeted consent level in privacy notices. This thesis work addresses the need for explicit integration of consent in privacy notice designs by presenting the Extended Privacy Notice Design Space (XPNDS) construct that guides on explicitly incorporating different levels of consent in privacy notices. This thesis uses theories of eye movement in reading and technical references from computer vision for comprehension and attention determination to prove the feasibility of integrating higher level of consent in the design space that may guide to assured informed consent. The construct can be used by managers to communicate, practitioners to design, and regulators to analyze informed consent incorporation in privacy notice designs. Unlike most works available in the literature on consent which only provide theoretical opinion of what informed consent is, this work cast the conceptual consent guidelines in to a practical privacy notice design space to provide an XPNDS that guides to the practicality of achieving assured informed consent in privacy notices. It is the hope of the author that the XPNDS will be useful to both practitioners and academicians in incorporating informed consent in privacy notice designs to an assured level. / <p>Validerat; 20160622 (global_studentproject_submitter)</p>

Social Behaviour Law

Privacy Notice

Informed Consent

Privacy Notice Design Space

Design Science Research

Samhälls-

beteendevetenskap

juridik

Privacy Notice and Choice in Practice

Leon-Najera, Pedro Giovanni

01 December 2014

In the United States, notice and choice remain the most commonly used mechanisms to protect people’s privacy online. This approach relies on the assumption that users provided with notice will make informed choices that align with their privacy expectations. The goal of this research is to empirically inform industry and regulatory efforts that rely on notice and choice to protect people’s online privacy. To do so, we present a set of case studies covering different aspects of privacy notice and choice in four domains: online behavioral advertising (OBA), online social networks (OSN), financial privacy notices, and websites’ machine-readable privacy notices. We investigate users’ privacy preferences, information needs, and ability to exercise choices in the OBAdomain. Based on our results, we provide recommendations to improve the design of notice and choice methods currently in use in this domain. In the context of OSNs, we explore the effect of nudging notices designed to encourage more thoughtful disclosures among Facebook users and recommend changes to the Facebook user interface aimed to mitigate problematic disclosures. We demonstrate how standardized notices enable large-scale evaluations and comparisons of companies’ privacy practices and argue that standardized privacy notices have an enormous potential to improve transparency and benefit users, privacy-respectful companies, and oversight entities. We argue that, in today’s complex Internet ecosystem, an approach that relies on users to make privacy decisions should also empower them with user-friendly interfaces, relevant information, and the tools they need to make privacy decisions. Finally, we further argue that notice and choice are necessary, but not sufficient to protect online privacy, and that government regulation is necessary to establish necessary additional protections including access, redress, accountability, and enforcement.

behavioral advertising

human-computer interactions

online tracking

privacy choice

privacy disclosure

privacy notice

Design av sekretessmeddelanden : Hur sekretessmeddelanden kan designas för att främja användares förståelse

Cavric, Marko, Isebring, Hampus

January 2024

Den snabba tillväxten av uppkopplade enheter som samlar in och delar data leder till att användare kommer behöva läsa och godkänna alltmer sekretessmeddelanden för att kunna använda enheter och tjänster. Sekretessmeddelanden är de avtal som definierar villkoren för användning av en produkt eller tjänst och är avsedda att informera användare om insamlingen och användningen av deras data och personuppgifter innan valet att acceptera eller neka fattas. Sekretessmeddelanden tenderar vara långa samt innehålla mycket text med ett komplicerat språk. Texten i sekretessmeddelanden är ofta statisk utan användarinteraktion, vilket leder till att användare möts av en lång text att läsa utan någon form av stöd i form av designelement, exempelvis färg, ikoner, överblick eller interaktioner. Avsaknaden av designelement är en av orsakerna till att användare idag antingen förbiser eller accepterar sekretessmeddelanden utan att förstå innebörden, vilket får konsekvenser för användarens integritet. På grund av detta är det av stor vikt att användarna har en klar förståelse för hur deras integritet påverkas vid godkännande av ett sekretessmeddelande. Syftet med studien är att öka kunskapen inom området, och erbjuda och stötta designers i deras tillvägagångssätt kring hur sekretessmeddelanden kan designas för att främja användarens förståelse. Studien genomfördes genom en kvalitativ designstudie där ett befintligt ramverk skapat för design av sekretessmeddelanden kombinerades med identifierade designelement från litteraturstudien. Designelementen och ramverket användes vid framtagningen av fyra designförslag, vilka implementerades i en prototyp för att undersöka hur förståelse kan främjas i sekretessmeddelanden. Resultatet av studien är fyra designförslag som stöttar användaren att uppnå förståelse. / The rapid growth of connected devices that collect and share data leads to users needing to read and approve an increasing number of privacy notices to use devices and services. Privacy notices are agreements that define the terms of use for a product or service and are intended to inform users about the collection and use of their data and personal information before deciding to accept or decline. Privacy notices tend to be lengthy and contain a lot of text with complicated language. The text in privacy notices is often static without user interaction, which leads to users being faced with a long text to read without any form of support in terms of design elements, such as color, icons, overview, or interactions. The lack of design elements is one of the reasons why users today either overlook or accept privacy notices without understanding the implications, which has consequences for the user's privacy. Because of this, it is of great importance that users have a clear understanding of how their privacy is affected by accepting a privacy notice. The purpose of the study is to increase knowledge in the field and offer and support designers in their approach to how privacy notices can be designed to promote user understanding. The study was conducted through a qualitative design study where an existing framework created for the design of privacy notices was combined with identified design elements from the literature study. The design elements and framework were used in the development of four design proposals, which were implemented in a prototype to investigate how understanding can be promoted in privacy notices. The result of the study is four design proposals that support users in achieving understanding.

Privacy notice

understanding

integrity

overview

icons

colors

interactivity

Sekretessmeddelanden

förståelse

integritet

överblick

ikoner

färg

interaktivitet

Human Computer Interaction

Computer and Information Sciences

Data- och informationsvetenskap