TTC Labs - Why privacy policies are falling short...

Why privacy policies are falling short...

Florian Schaub

Florian Schaub

Assistant Professor, University of Michigan

Do you actually read an app or website’s privacy policy before clicking to accept the terms?

Most of us don’t – and that means privacy policies are missing the mark.

Terms and condition exercise

One of the fundamental purposes of privacy policies is to enable people to make informed decisions. But privacy policies are surprisingly ineffective at informing consumers, as Rebecca BalebakoLorrie Cranor and I analyse in our research.

With our research, we propose a better way that would make privacy notices clearer and easier to follow. We aim to share our research and insights with other people and organisations working on innovative approaches to online transparency, and are happy for our work to be a part of the TTC Labs.

Content design exercise6

Too long A 2008 study by Lorrie Cranor and Aleecia McDonald estimated that it would take 244 hours a year for the typical American internet user to read the privacy policies of all websites he or she visits – and that was before everyone carried smartphones with dozens of apps, before cloud services, and before Internet of Things technologies.

Too complex Even people who read privacy policies struggle to understand them, because they often require college-level reading skills. Privacy policies frequently cover multiple services offered by a company, resulting in vague statements that make it difficult to find concrete information about which personal information is collected and how it is used.

Out of context Privacy policies are increasingly separated from users’ actual interactions with a system. Websites link to policies at the bottom of pages, mobile apps link to them in the app store and the policy of your smart speaker or fitness tracker is likely posted somewhere on the company’s website.

Limited choice Few privacy policies provide consumers with any choices besides not using the service at all. Companies may also change their privacy policies anytime. Not accepting the updated policy – if consumers are even asked to acknowledge the change – may stop your gadget from working or result in termination of the account.

Academicsregulators and governments have called for more usable privacy notices and solutions. Europe’s General Data Protection Regulation, which takes effect in May 2018, imposes strict requirements on privacy notices. Notices must be in 'concise, transparent, intelligible and easily accessible form, using clear and plain language.' Most privacy notices today do not meet these requirements. How can we change that?

Towards a better way: Refocusing on the consumer Privacy policies serve different functions for consumers, companies and regulators – and to be effective, they have to reconcile all three. Companies use privacy policies to demonstrate compliance with legal and regulatory notice requirements, and to limit liability. Regulators use them to investigate and enforce compliance with regulations. People should be able to rely on them for meaningful information about their privacy choices. But at the moment, people’s needs are getting lost.

The starting point for developing people-friendly privacy notices is to make them understandable, actionable and relevant to the user’s activity,. As part of the Usable Privacy Policy Project, my colleagues and I developed a way to make privacy notices more effective.

Exercises - Sharing3

'Data Use Case' exercise | Dublin Design Jam | November 2017

Privacy information and choices in context The first principle is to break up the information from the privacy policy into smaller chunks and deliver them at times that are appropriate and relevant for users. Now, a single privacy policy page covers all scenarios. But someone casually browsing a website doesn’t need all the information that someone needs who signs up for email updates or to pay for a service through the site. Yet, both have to sift through the same lengthy policy.

A casual browser certainly needs some information, like how the site handles their IP address, whether their browsing activity will be shared with advertisers and whether they can opt out of interest-based ads.

But a user who engages more deeply with a site needs more information to make meaningful choices, like whether or not she wants her email address to be shared with outside marketing companies. An additional short privacy notice could provide the relevant information when entering her email address and then offer the option of checking a box at the relevant point.

Fanfare Dublin2017 sketch - how we recommend

'How did we do?' sketch by team Fanfare | Dublin Design Jam | November 2017

Understanding expectations Notices can be made simpler by focusing particularly on unexpected or surprising types of data collection or sharing.

In another study, we learned that most people know their fitness tracker counts steps – so they didn’t really need a privacy notice to tell them that. But they did not expect their data to be collectedaggregated and shared with third parties. Customers should be asked for permission to do this, and allowed to restrict sharing or opt out entirely when information leaves the original context of collection.


'Third Parties Explained...' by team Oink | London Design Jam | February 2018

Most importantly, companies should test new privacy notices with users, to ensure final versions are understandable and not misleading, and that choices are meaningful.

Augmenting privacy policies Shorter, people-friendly privacy notices can easily coexist with traditional privacy policies. Shorter user-centric notices can augment a company’s privacy policy and make data practices more understandable for consumers. We’re seeing this start to happen on mobile devices at the operating system level. Apple and Google, on their mobile operating systems, introduced just-in-time permission dialogues in 2008 and 2015, respectively. For example, when a mobile app wants to access the phone’s location or contacts, the phone gives the user the option to say 'No.'


Conversational Privacy Interface | Dublin Design Jam | November 2017

Systems like this give people usable information and real choices. And they encourage app developers to communicate better with users about privacy. If we can expand this model, everyone could have privacy policies that are clear, easy to understand and really meaningful for both users and software designers.

The views expressed in this article reflect those of the author. TTC Labs seeks to include a diverse range of perspectives and expert insight to encourage a constructive exchange of ideas.

Florian Schaub

Florian Schaub

Assistant Professor, University of Michigan, University of Michigan

Florian Schaub is Assistant Professor of Information and Electrical Engineering and Computer Science at the University of Michigan. His research focuses on empowering users to effectively manage their privacy in complex socio-technological systems by studying privacy decision making, privacy behavior and usable privacy notices and controls.

TTC Labs is a cross-industry effort to create innovative design solutions that put people in control of their privacy.

Initiated and supported by Meta, and built on collaboration, the movement has grown to include hundreds of organisations, including major global businesses, startups, civic organisations and academic institutions.