Web Privacy with P3p
Privacy policies as decision-making tools: an evaluation of online privacy notices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User interfaces for privacy agents
ACM Transactions on Computer-Human Interaction (TOCHI)
What's wrong with online privacy policies?
Communications of the ACM - ACM's plan to go online first
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Electronic Commerce Research and Applications
Financial Privacy Policies and the Need for Standardization
IEEE Security and Privacy
Designing a privacy label: assisting consumer understanding of online privacy practices
CHI '09 Extended Abstracts on Human Factors in Computing Systems
A "nutrition label" for privacy
Proceedings of the 5th Symposium on Usable Privacy and Security
A Comparative Study of Online Privacy Policies and Formats
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
Finding "hidden" connections on linkedIn an argument for more pragmatic social network privacy
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Standardizing privacy notices: an online study of the nutrition label approach
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
Personal and Ubiquitous Computing
| Hi-index | 0.02 |
Displaying website privacy policies to consumers in ways they understand is an important part of gaining consumers' trust and informed consent, yet most website privacy policies today are presented in confusing, legalistic natural language. Moreover, because website privacy policy presentations vary from website to website, policies are difficult to compare and it is difficult for consumers to determine which websites offer the best privacy protections. The Platform for Privacy Preferences P3P) addresses part of the problem with natural language policies by providing a formal, machine-readable language for expressing privacy policies in a manner that is standardized across websites. To address remaining problems, an automated tool must be developed to read P3P policies and display them to users in a comprehensible way. To this end, we have developed a P3P policy presentation tool based on the Expandable Grid, a visualization technique for displaying policies in an interactive matrix. In prior work, the Expandable Grid has been shown to work well for displaying file permissions policies, so it appears to hold promise for presenting online privacy policies as well. To evaluate our Expandable Grid interface, we conducted two user studies, an online study with 520 participants and a laboratory study with 12 participants. The studies compared participants' comprehension of privacy policies presented with the Grid interface with their comprehension of the same policies presented in natural language. To our surprise, comprehension of policies was, for the most part, no better with the Grid interface than with natural language. We describe why the Grid interface did not perform well in our study and discuss implications for when and how the Expandable Grid concept can be usefully applied.