Implementation and In Situ Assessment of Contextual Privacy Policies


Online services collect an increasing amount of data about their users. Privacy policies are currently the only common way to inform users about the kinds of data collected, stored and processed by online services. Previous work showed that users do not read and understand privacy policies, due to their length, difficult language, and often non-prominent location. Embedding privacy-relevant information directly in the context of use could help users understand the privacy implications of using online services. We implemented Contextual Privacy Policies (CPPs) as a browser extension and provide it to the community to make privacy information accessible for endusers. We evaluated CPPs through a one-week deployment and in situ questionnaires as well as pre- and post-study interviews. We found that CPPs were well received by participants. The analysis revealed that provided information should be as compact as possible, be adjusted to user groups and enable users to take action.

Proceedings of the 2020 ACM Designing Interactive Systems Conference
Anna-Marie Ortloff
Anna-Marie Ortloff
Ph.D. Student

I explore research methods in Usable Security and Privacy. If you are interested or just a fellow stats-nerd, drop me an e-mail.