The Challenges and Impact of Privacy Policy Comprehension

by   Jana Korunovska, et al.

The new information and communication technology providers collect increasing amounts of personal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive commercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such behavioural pitfalls we present design recommendations to improve the quality of informed consent.


The Power and Pitfalls of Transparent Privacy Policies in Social Networking Service Platforms

Users disclose ever-increasing amounts of personal data on Social Networ...

OConsent – Open Consent Protocol for Privacy and Consent Management with Blockchain

In the current connected world - Websites, Mobile Apps, IoT Devices coll...

Zooming Into Video Conferencing Privacy and Security Threats

The COVID-19 pandemic outbreak, with its related social distancing and s...

Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

In our data-centric world, most services rely on collecting and using pe...

Shai: Enforcing Data-Specific Policies with Near-Zero Runtime Overhead

Data retrieval systems such as online search engines and online social n...

Design and Implementation of iMacros-based Data Crawler for Behavioral Analysis of Facebook Users

Obtaining the desired dataset is still a prime challenge faced by resear...

Privacy Friendly E-Ticketing For Public Transport

This paper studies how to implement a privacy friendly form of ticketing...