Upload
theodora-alexander
View
218
Download
1
Tags:
Embed Size (px)
Citation preview
Policy Design &
Creating Effective Privacy Policies
Presentation by Travis Pinnick
User Experience Designer, TRUSTe
NTIA Privacy Multistakeholder Process: Mobile Application Transparency
November 30, 2012
Washington DC.
Problems with Privacy Policies
• Privacy Policies are difficult to read (Anton 2007)
• Misconceptions about protections (Hoofnagle 2008)
• Time required to read policies is too great (McDonald 2008)
• Lack of market differentiation (KnowPrivacy 2009)
Machine-readable Policy Summaries
Policy Short Notice Designs
Icon-based policy summaries
Icon-based policy summaries
Layered Policy Design
Policy Summary Data in Product Design
User Testing - Policy Summaries
•Users don’t seem to have preconceived notions of what categories make the most sense regarding privacy •Icons aren't as important as presentation and finding the appropriate vehicle and context for delivery
•Users appreciate attempts to visually simply policy data, but that doesn’t mean it will necessarily influence their behavior
Icon-based policy summaries
Icon-reading user agents
User Testing - Policy Summaries part 2
•Users respond positively to the idea icon-based summary data, but aren’t really able to articulate the meaning of the categories even after having viewed the descriptions •Once again, users appreciate attempts to visually simply policy data, but that doesn’t mean it will necessarily influence their behavior
Mobile-optimized Policies
Policy Summary Data in Mobile
Challenges
Fundamentally, how useful is policy summary data?
1. Users report caring about privacy in vast majorities when polled, yet this attitude is not reflected by their actions
2. While summary data provides a helpful layer of transparency, there’s no reason to assume it will affect user behavior
3. Depending on whether summary data is self-attested or crowd-sourced, it may not be useful for enforcement
Recommendations
An effective policy summary should:
1. Support a user’s ability to assess a site or app’s privacy practices at an appropriate time and in the right context (like a decision making moment such as app download)
2. Support a method of delivery that is informative without being overwhelming or intrusive to the user experience
3. Provide only the information that is most relevant, like the data collection practices which are invisible to users