Fighting the Fog: Evaluating the Clarity of Privacy Disclosures in the Age of CCPA

09/28/2021
by   Rex Chen, et al.
0

Vagueness and ambiguity in privacy policies threaten the ability of consumers to make informed choices about how businesses collect, use, and share their personal information. The California Consumer Privacy Act (CCPA) of 2018 was intended to provide Californian consumers with more control by mandating that businesses (1) clearly disclose their data practices and (2) provide choices for consumers to opt out of specific data practices. In this work, we explore to what extent CCPA's disclosure requirements, as implemented in actual privacy policies, can help consumers to answer questions about the data practices of businesses. First, we analyzed 95 privacy policies from popular websites; our findings showed that there is considerable variance in how businesses interpret CCPA's definitions. Then, our user survey of 364 Californian consumers showed that this variance affects the ability of users to understand the data practices of businesses. Our results suggest that CCPA's mandates for privacy disclosures, as currently implemented, have not yet yielded the level of clarity they were designed to deliver, due to both vagueness and ambiguity in CCPA itself as well as potential non-compliance by businesses in their privacy policies.

READ FULL TEXT

page 14

page 15

page 16

research
11/08/2021

Automated Detection of GDPR Disclosure Requirements in Privacy Policies using Deep Active Learning

Since GDPR came into force in May 2018, companies have worked on their d...
research
10/06/2019

Automated Approach to Improve IoT Privacy Policies

The massive growth of the Internet of Things (IoT) as a network of inter...
research
08/11/2023

PrivacyLens: A Framework to Collect and Analyze the Landscape of Past, Present, and Future Smart Device Privacy Policies

As the adoption of smart devices continues to permeate all aspects of ou...
research
09/22/2018

The Privacy Policy Landscape After the GDPR

Every new privacy regulation brings along the question of whether it res...
research
06/13/2022

Lalaine: Measuring and Characterizing Non-Compliance of Apple Privacy Labels at Scale

As a key supplement to privacy policies that are known to be lengthy and...
research
06/20/2023

A Comparative Audit of Privacy Policies from Healthcare Organizations in USA, UK and India

Data privacy in healthcare is of paramount importance (and thus regulate...
research
09/02/2023

Are Current CCPA Compliant Banners Conveying User's Desired Opt-Out Decisions? An Empirical Study of Cookie Consent Banners

The California Consumer Privacy Act (CCPA) secures the right to Opt-Out ...

Please sign up or login with your details

Forgot password? Click here to reset