working draft - jume 2010

A “Nutrition Label” for Privacy Policies

Through an iterative design process, including focus groups and a laboratory study, we developed a standardized, tabular, "nutrition label" for online privacy policies. We tested this standardized format, two variants, and two real-world policy formats in a large, online user study to show how consumer understanding and decision-making can be assisted by intentional interface design.

Research Questions

1. Can we design a better privacy policy? Where we define better as measured by:
   • accuracy
   • speed
   • opinion
2. Can this design make policy comparison more accessible?
3. Can deeper, more specific information be made accessible through interactivity?
4. Do icons assist users with the understanding of certain concepts?

Interactivity In The Label

A follow on study will involve literally diving deeper into information in the standard privacy label. As many of the data categories and purposes are grouped in the label, but spelled out separately in some natural language policies. To address this we will test an interactive version of the label that explains sub-cell level information.

We will ask a series of questions as in the previous work, with simple and complex questions, but add simple and complex variants where partial cell information is required (e.g. a question will ask about the collection of a user's phone number, the contact information box will be marked as collected, but upon further investigation only home address, not phone number will be collected).

This study will be run on Amazon's Mechanical Turk: same procedure as before, between subjects design. Likely conditions:

• Natural Language policy (need to find some with the specific info listed, for fairness)
• Short-standardized label with expanding row design
• Standardized label with sidebar

Questions to answer:

• Are people willing to explore?
• How much longer does this version take?
• Does enjoyability decrease?
• Can people actually find and understand this more complex information.

In the design phase, when building the three versions (hover, expand, sidebar) a laboratory study of 25ish users will be conducted, within-subjects, using an eye-tracker. This will allow us to better understand:

• People's viewing patterns of the label
• If they locate information in the right place
• How frequently the definitions and legend are used
• If labels are read
• If column/row intersections are hard to scan
• Other information

The Iconography of Privacy

Over the past decade a number of iconographic symbols have been proposed as replacement or supplements to help users better understand privacy. We question whether any of these icons possess comprehension benefits to users, and seek to understand how they can best be applied. These sets include:

• Cooper - CDT
• raskin - mozilla
• Pinnick - truste
• DNT?
• Behavioral - fpf
• green boxes - PF
• icons for privacy - creative commeons - bendrath
• us?

Ideas

• Which are most successful?
• Which are totally incomprehensible?
• Maybe some focus groups / interviews.
• Maybe an online design approach with iteration.
• Some sort of online quiz to test?
• Real world test with appending on search results through a browser plugin?

Calendar

June 13th

Reading more papers, surveys, guidelines, TRUSTe reports, and privacy policies (summary coming next week). Also CFP happened.

June 20th

First mock prototypes. Initial draft of summary privacy interests report up.

June 27th

PriMo workshop.

July 4th

Return from europe. Prep study design.

July 11th

Initial around lab testing.

July 18th

Begin piloting. Prepare and make large-scale modifications

July 25th

Run study all week.

August 1st

Run study all week.

August 8th

Begin study write up. Begin MTurk prep.

August 15th

August 22nd

Launch MTurk variant

August 29th

September 5th

September 12th

September 19th

CHI deadline: September 23

September 26th

Switch gears to ICON study

October 3rd

October 10th

October 17th

October 24th

Launch ICON study

October 31st

November 7th

November 14th

November 21st

November 28th

December 5th

December 12th

December 19th

December 26th

Have all INTERACTIVE and ICON work complete.

Supplemental Documents

coming soon

• [[ List of things missing from P3P policies ]]
• [[ Findings from surveys/papers/developers/designers/agencies ]]
• [[ Preliminary script and policies ]]
• [[ Icon design literature review ]]

Tasks

INTERACTIVE tasks: (all this summer)

• Mockups for possible interactions
• Build live interactive renderer
• Write script, develop questions
• Pick policies
• IRB application
• Conduct study

ICON tasks:

• Read more about: How to evaluate icons. Icon design in general.
• Create comprehensive gallery

MISCELLANEOUS tasks:

• Pull the parser out form Privacy Finder so I can generate them without searching
• Switch PrivacyFinder into perma-demo mode
• Make browser plugins exist and online
• Market
• Create label standard documentation
• Editor
• Create gallery of labels/variants
• Lawyer stamp of approval