1. bookVolume 2021 (2021): Issue 3 (July 2021)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Defining Privacy: How Users Interpret Technical Terms in Privacy Policies

Published Online: 27 Apr 2021
Page range: 70 - 94
Received: 30 Nov 2020
Accepted: 16 Mar 2021
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Recent privacy regulations such as GDPR and CCPA have emphasized the need for transparent, understandable privacy policies. This work investigates the role technical terms play in policy transparency. We identify potentially misunderstood technical terms that appear in privacy policies through a survey of current privacy policies and a pilot user study. We then run a user study on Amazon Mechanical Turk to evaluate whether users can accurately define these technical terms, to identify commonly held misconceptions, and to investigate how the use of technical terms affects users’ comfort with privacy policies. We find that technical terms are broadly misunderstood and that particular misconceptions are common. We also find that the use of technical terms affects users’ comfort with various privacy policies and their reported likeliness to accept those policies. We conclude that current use of technical terms in privacy policies poses a challenge to policy transparency and user privacy, and that companies should take steps to mitigate this effect.

Keywords

[1] Annie Anton, Julia Earp, Qingfeng He, William Stu~ebeam, Davide Bolchini, and Carlos Jensen. Financial privacy policies and the need for standardization. IEEE Security & Privacy, 2:36–45, 03 2004.Search in Google Scholar

[2] Manon Arcand, Jacques Nantel, Mathieu Arles-Dufour, and Anne Vincent. The impact of reading a web site’s privacy statement on perceived control over privacy and perceived trust. Online Information Review, 2007.Search in Google Scholar

[3] Peter Breese and William Burman. Readability of notice of privacy forms used by major health care institutions. JAMA : the journal of the American Medical Association, 293:1593–4, 05 2005.Search in Google Scholar

[4] Rochelle Cadogan. An imbalance of power: The readability of internet privacy policies. Journal of Business & Economics Research (JBER), 2, 02 2011.Search in Google Scholar

[5] Gitanjali Das, Cynthia Cheung, Camille Nebeker, Matthew Bietz, and Cinnamon Bloss. Privacy policies for apps targeted toward youth: Descriptive analysis of readability. JMIR Mhealth Uhealth, 6(1), Jan 2018.Search in Google Scholar

[6] Djellel Difallah, Elena Filatova, and Panos Ipeirotis. Demographics and dynamics of mechanical turk workers. WSDM ’18, page 135–143, 2018.Search in Google Scholar

[7] W3c do not track standard. http://www.w3.org/TR/2015/WD-tracking-compliance-20150714/.Search in Google Scholar

[8] Tatiana Ermakova, Benjamin Fabian, and Eleonora Babina. Readability of privacy policies of healthcare websites. 03 2015.Search in Google Scholar

[9] Benjamin Fabian, Tatiana Ermakova, and Tino Lentz. Large-scale readability analysis of privacy policies. In Proceedings of the International Conference on Web Intelligence, page 18–25, New York, NY, USA, 2017. Association for Computing Machinery.Search in Google Scholar

[10] Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. Android permissions: User attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS ’12, New York, NY, USA, 2012. Association for Computing Machinery.Search in Google Scholar

[11] Rudolph Flesch. A new readability yardstick. Journal of applied psychology, 32(3):221, 1948.Search in Google Scholar

[12] General data protection regulation (GDPR), 2016.Search in Google Scholar

[13] Mark Graber, Donna D’Alessandro, and Jill Johnson-West. Reading level of privacy policies on internet health web sites. The Journal of family practice, 51:642–5, 08 2002.Search in Google Scholar

[14] Mark Hochhauser. Lost in the fine print: Readability of financial privacy notices. 06 2001.Search in Google Scholar

[15] Panagiotis G Ipeirotis. Demographics of mechanical turk. 2010.Search in Google Scholar

[16] Musa Jafar and Amjad Abdullat. Exploratory analysis of the readability of information privacy statement of the primary social networks. Journal of Business & Economics Research (JBER), 7, 02 2011.Search in Google Scholar

[17] Carlos Jensen, Colin Potts, and Christian Jensen. Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies, 63(1-2):203–227, 2005.Search in Google Scholar

[18] Barbara Krumay and Jennifer Klar. Readability of privacy policies. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 388–399. Springer, 2020.Search in Google Scholar

[19] Priya Kumar. Privacy policies and their lack of clear disclosure regarding the life cycle of user information. In AAAI Fall Symposia, 2016.Search in Google Scholar

[20] Kevin E. Levay, Jeremy Freese, and James N. Druckman. The demographic and political composition of mechanical turk samples. SAGE Open, 6(1):2158244016636433, 2016.Search in Google Scholar

[21] Stephen D. Lewis, Robert G. Colvard, and C. N. Adams. A comparison of the readability of privacy statements of banks, credit counseling companies, and check cashing companies. Journal of Organizational Culture, Communications and Conflict, 12(2):87–93, 2008.Search in Google Scholar

[22] Thomas Linden, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. The privacy policy landscape after the gdpr. Proceedings on Privacy Enhancing Technologies, 2020(1):47–64, 2020.Search in Google Scholar

[23] Aleecia M Mcdonald, Robert W Reeder, Patrick Gage Kelley, and Lorrie Faith Cranor. A comparative study of online privacy policies and formats. In International Symposium on Privacy Enhancing Technologies Symposium, pages 37–55. Springer, 2009.Search in Google Scholar

[24] Gabriele Meiselwitz. Readability assessment of policies and procedures of social networking sites. In Online Communities and Social Computing, pages 67–75. Springer Berlin Heidelberg, 2013.Search in Google Scholar

[25] George Milne, Mary Culnan, and Henry Greene. A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing - J PUBLIC POLICY MARKETING, 25:238–249, 09 2006.Search in Google Scholar

[26] Aaron Moss and Leib Litman. Demographics of people on amazon mechanical turk. 06 2020.Search in Google Scholar

[27] Aaron J. Moss, Cheskie Rosenzweig, Jonathan Robinson, and Leib Litman. Demographic stability on mechanical turk despite covid-19. Trends in Cognitive Science, 24(9), 06 2020.Search in Google Scholar

[28] California Office of the Attorney General. California consumer privacy act regulations: Final text of regulations. https://www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/oal-sub-final-text-of-regs.pdf.Search in Google Scholar

[29] Irene Pollach. A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62:221–235, 12 2005.Search in Google Scholar

[30] Irene Pollach. What’s wrong with online privacy policies? Commun. ACM, 50:103–108, 09 2007.Search in Google Scholar

[31] Robert Proctor, Athar Ali, and Kim-Phuong Vu. Examining usability of web privacy policies. Int. J. Hum. Comput. Interaction, 24:307–328, 03 2008.Search in Google Scholar

[32] Elissa M Redmiles, Sean Kross, and Michelle L Mazurek. How well do my results generalize? comparing security and privacy survey results from mturk, web, and telephone samples. In 2019 IEEE Symposium on Security and Privacy (SP), pages 1326–1343. IEEE, 2019.Search in Google Scholar

[33] Joel Reidenberg, Travis Breaux, Lorrie Cranor, and Brian French. Disagreeable privacy policies: Mismatches between meaning and users’ understanding. Berkeley Technology Law Journal, 30, 08 2015.Search in Google Scholar

[34] Julie Robillard, Tanya L. Feng, Arlo B. Sporn, Jen-Ai Lai, Cody Lo, Monica Ta, and Roland Nadler. Availability, readability, and content of privacy policies and terms of agreements of mental health apps. Internet Interventions, 17, 2019.Search in Google Scholar

[35] Yan Shvartzshnaider, Noah Apthorpe, Nick Feamster, and Helen Nissenbaum. Analyzing privacy policies using contextual integrity annotations. 2018.Search in Google Scholar

[36] Yan Shvartzshnaider, Noah Apthorpe, Nick Feamster, and Helen Nissenbaum. Going against the (appropriate) flow: A contextual integrity approach to privacy policy analysis. In AAAI 2019, 2019.Search in Google Scholar

[37] Ravi Inder Singh, Manasa Sumeeth, and James Miller. A user-centric evaluation of the readability of privacy policies in popular web sites. Information Systems Frontiers, 13(4):501–514, 2011.Search in Google Scholar

[38] Aaron Smith. What internet users know about technology and the web. 11 2014.Search in Google Scholar

[39] H Jeff Smith, Tamara Dinev, and Heng Xu. Information privacy research: an interdisciplinary review. MIS quarterly, pages 989–1015, 2011.Search in Google Scholar

[40] Daniel Solove. Privacy self-management and the consent dilemma. Harvard Law Review, 126(7):1880–1903, 2013.Search in Google Scholar

[41] Joseph Turow, Lauren Feldman, and Kimberly Meltzer. Open to exploitation: America’s shoppers online and o~ine. Departmental Papers (ASC), page 35, 2005.Search in Google Scholar

[42] Joseph Turow, Michael Hennessy, and Nora Draper. Persistent misperceptions: Americans’ misplaced confidence in privacy policies, 2003–2015. Journal of Broadcasting & Electronic Media, 62:461–478, 07 2018.Search in Google Scholar

[43] Kim-Phuong L. Vu, Vanessa Chambers, Fredrick P. Garcia, Beth Creekmur, John Sulaitis, Deborah Nelson, Russell Pierce, and Robert W. Proctor. How users read and comprehend privacy policies. In Human Interface and the Management of Information. Interacting in Information Environments, pages 802–811. Springer Berlin Heidelberg, 2007.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo