Change search
ReferencesLink to record
Permanent link

Direct link
Next generation privacy policy
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Computer and Information Science.
2011 (English)MasteroppgaveStudent thesis
Abstract [en]

Privacy policies are commonly used by service providers to notify users what information is collected, how it will be used and with whom it will be shared. These policies are however known to be notoriously long and hard to understand, and several studies have shown that very few users actually read them. Alternative solutions that accurately communicates the most important parts of the policy in a way that is more enjoyable to read, is therefore needed to aid the users in making informed decisions on whether or not to share information with a provider. By following a design science strategy we first explore current solutions, and based on an initial evaluation we find the Nutrition Label to be the current approach best suited to base further work on. Through an assess and refine cycle we first evaluate the Nutrition Label based on usability literature, and propose a set of design criteria which is used as a basis for developing an alternative solution, entitled the Privacy Table. By following an iterative design process, we evaluate the Privacy Table in terms of accuracy, time-to-response and likeability through a pre-test, a laboratory experiment with 15 participants, and finally through an Internet experiment with 24 participants, where each iteration results in a re-designed version of the Privacy Table. While we don't find clear evidence for any difference between the formats, we find indications for that they perform similarly in terms of accuracy and enjoyability. We discover several issues regarding the Nutrition Label where some are related to the terminology used, which could indicate that it would need modifications in order to be usable among non-native English speakers. We also suggest that future research on the Nutrition Label should focus on its usability rather than further expansion, and that it should be considered to base it on a more simplified underlying technology than the P3P language. Finally we find that a merged version of the Privacy Table and the Nutrition Label could be advantageous to use in relation with current and future privacy enhancing technologies, as a top layer to communicate the most important privacy practices.

Place, publisher, year, edition, pages
Institutt for datateknikk og informasjonsvitenskap , 2011. , 239 p.
Keyword [no]
ntnudaim:6266, MTDT datateknikk, Program- og informasjonssystemer
URN: urn:nbn:no:ntnu:diva-13647Local ID: ntnudaim:6266OAI: diva2:441346
Available from: 2011-09-15 Created: 2011-09-15

Open Access in DiVA

fulltext(25418 kB)272 downloads
File information
File name FULLTEXT01.pdfFile size 25418 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(47 kB)44 downloads
File information
File name COVER01.pdfFile size 47 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Department of Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 272 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 84 hits
ReferencesLink to record
Permanent link

Direct link