+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Probing the Design Space of Usable Privacy Policies: A Qualitative Exploration of a Reimagined Privacy Policy


      , ,

      Electronic Visualisation and the Arts (EVA 2017) (EVA)

      Electronic Visualisation and the Arts

      11 – 13 July 2017

      Usable Privacy, Visual Design, Data Negotiations, Interviews, Human Data Interaction



            This paper explores the design space of privacy policies through the prototyping of a ‘reimagined’ privacy policy for a UK media service. Privacy policies notify potential users about the data practices of a service and, in principle, enable users to make informed decisions about how their data is used. In practice, they are routinely ineffective, by design. In response to the persistent problems with the effectiveness of privacy policies we develop a prototype of a ‘reimagined’ privacy policy for a UK media service. We conduct several workshops with stakeholders to explore the problems with existing policies and identify how they could better balance industry and user needs and use these findings to prototype a new interactive policy design for the service. Our prototype presents a new visual design and added options and controls for data exchange. We conduct an exploratory study with potential service users to explore how the prototype compares with an existing policy, eliciting feedback on the visual design and control options before facilitating a discussion about users’ past experiences and needs in relation to the policy design space. Findings from the pilot study show participants appreciated key elements of the new design and valued the new options for sharing data with service providers and restricting data collection and use - negotiating ‘degrees of consent’. Findings suggest people felt more empowered by the design and this improved their impression of the service provider in terms of openness, fairness and trustworthiness. The paper contributes to HCI by advancing our understanding of the potential of the design space to increase engagement with privacy policies and in the data exchange process. This paper does not promote this design per se as a solution but uses it as a vehicle to discuss the potential of reimagining the design space for policies.


            Author and article information

            July 2017
            July 2017
            : 1-12
            [0001]BBC Research and Development

            MediaCity, UK
            [0002]University of Nottingham

            Nottingham, UK
            © Jones et al. Published by BCS Learning and Development. Proceedings of British HCI 2017 – Digital Make-Believe, Sunderland, UK.

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Electronic Visualisation and the Arts (EVA 2017)
            London, UK
            11 – 13 July 2017
            Electronic Workshops in Computing (eWiC)
            Electronic Visualisation and the Arts
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing


            1. 2004 Privacy attitudes and privacy behavior Economics of Information Security 165 178

            2. 2010 Misplaced confidences, Privacy and the control paradox Ninth Annual Workshop on the Economics of Information Security (WEIS)

            3. 2006 A privacy paradox: Social Networking in the United States. First Monday http://firstmonday.org/article/view/1394 /1312_2 2 3 2017

            4. 2016 Attitudes Towards Data Combination and Sharing Across Services and Companies In Proceedings of the 2016 CHI Conference in Human Computing Systems Pages 5215-52

            5. Against Notice Skepticism in Privacy (and Elsewhere) 2012 Notre Dame Law Review 87 3 1027 1072 https://ndlrev.wordpress.com/volume-87-issue-3/ 28 2 2017

            6. 2010 The Limits of Notice and Choice IEEE Security & Privacy 8 2 59 2 doi:10.1109/MSP.2010.8

            7. 2009 The 7 Foundational Principles Implementation and Mapping of Fair Information Practice http://www.ontla.on.ca/library/repository/mon/24C05/301946.pdf 28 2 2017

            8. Center for Information Policy Leadership, H. W. L. Multi-layered notices https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/ten_steps_to_develop_a_mulilayered_privacy_notice__white_paper_march_2007_.pdf 4 3 2017

            9. 2012 Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice Journal on Telecommunications anc High Technology Law 10 2 2012 273 307

            10. European Parliament and Council 2002 Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector. Official Journal of the European Communities, (L201) 2002. http://ec.europa.eu/justice/data-protection/law/files/recast_20091219_en.pdf March 3 2017

            11. European Parliament and Council 1995 Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, (L 281/31) http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf March 3 2017

            12. Federal Trade Commission 2012 Protecting Consumer Privacy in an Era of Rapid Change. Recommendations for Businesses and Policy Makers. Retrieved from http://www.ftc.gov/os/2012/03/120326privacyreport.pdf 28 2 2017

            13. 2001 Cultural (s- Probing People for Design Inspiration. SiGcHI. DK

            14. 2013 Obscurity by Design. Washington Law Review 88 385 418

            15. 2003 Technology probes: inspiring design for and with families. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '03: 17-24. http://doi.org/10.1145/611.642616

            16. 2007 End-User Privacy in Human-Computer Interaction. Foundations and Trends in Human-Computer Interaction Volume 1 1

            17. Information Commissioners Office (ICO 2017). Privacy Notice. https://ico.org.uk/global/privacy-notice/ March 3 2017

            18. 2004 Privacy Policies as Decision-Making Tools: An Evaluation of Online Privacy Notices. CHI'04 Vienna, Austria

            19. Kelley, Patrick Gage, et al 2009 A nutrition label for privacy. Proceedings of the 5th Symposium on Usable Privacy and Security ACM

            20. 2015 Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process In Proceedings of the 33rd Annual ACM Conference on Human Computer Factors in Computer Systems 457 466

            21. Information Commissioners Office (ICO 2017b). Privacy Policies, Transparency and Control https://ico.org.uk/for-organisations/guide-to-data-protection/privacv-notices-transparencv-and-control March 3 2017

            22. 2008 The cost of Reading Privacy Policies. I/S: A Journal of Law and Policy for the Information Society 4 3 40 565

            23. 2014 Human-Data Interaction: The Human Face of the Data-Driven Society http://ssrn.com/abstract=2508051

            24. 2012 Privacy By Design and the New Privacy Framework of the U.S. Federal Trade Commission Federal Trade Commission https://www.ftc.gov/sites/default/files/documents/public_statements/privacy-design-and-new-privacy-framework-u.s.federal-trade-commission/120613privacydesign.pdf 1 2 2017

            25. 2012 nline T&Cs longer than Shakespeare plays - who reads them? Which Retrieved from:https://conversation.which.co.uk/technology/length-of-website-terms-and-conditions/(Accessed 3.3.2017)

            26. 2011 Layered Policy Design | TRUSTe. Retrieved from: http://www.truste.com/blog/2011/05/20/layered-policy-and-short-notice-design/ 1 11 2017

            27. 2013 Privacy by Design: A counterfactual analysis of Google and Facebook Privacy Incidents. Berkeley Technology Law Journal. Article 6 28 2

            28. 2012 Understanding Privacy Harvard Univeristy Press Massachusettes London. England

            29. 1996 The Eyes Have It: A Task by Data Type Taxonomy for Information Visualizations In Proceedings of the IEEE Symposium on Visual Language 336 343 Washington IEEE Computer Society Press http://citeseer.ist.psu.edu/409647.html

            30. 2015 A Design Space for Effective Privacy Notices Symposium on Usable Privacy and Security Ottowa, Canada

            31. 2002 Toward a Typology of Internet Users and Online Privacy Concerns The Information Society 18 1

            32. 2009 Notice & Choice. In The Second NPLAN/BMSG Meeting on Digital Media and Marketing to Children

            33. 2016 Make it Simple, or Force Users to Read? Paraphrased Design Improves Comprehension of End User License Agreements. CHI '16. San Jose USA

            34. 1967 Privacy and Freedom, New York: Atheneum


            Comment on this article