The Challenges and Impact of Privacy Policy Comprehension

05/18/2020
by   Jana Korunovska, et al.
0

The new information and communication technology providers collect increasing amounts of personal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive commercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such behavioural pitfalls we present design recommendations to improve the quality of informed consent.

READ FULL TEXT
11/21/2019

The Power and Pitfalls of Transparent Privacy Policies in Social Networking Service Platforms

Users disclose ever-increasing amounts of personal data on Social Networ...
01/04/2022

OConsent – Open Consent Protocol for Privacy and Consent Management with Blockchain

In the current connected world - Websites, Mobile Apps, IoT Devices coll...
07/02/2020

Zooming Into Video Conferencing Privacy and Security Threats

The COVID-19 pandemic outbreak, with its related social distancing and s...
03/09/2022

Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

In our data-centric world, most services rely on collecting and using pe...
01/14/2018

Shai: Enforcing Data-Specific Policies with Near-Zero Runtime Overhead

Data retrieval systems such as online search engines and online social n...
02/18/2018

Design and Implementation of iMacros-based Data Crawler for Behavioral Analysis of Facebook Users

Obtaining the desired dataset is still a prime challenge faced by resear...
01/22/2021

Privacy Friendly E-Ticketing For Public Transport

This paper studies how to implement a privacy friendly form of ticketing...