Horizon CDT Research Highlights

Research Highlights

Testing for Transparency: designing privacy-informing systems for young people.

  Ephraim Luwemba (2019 cohort)   ephraimluwemba-phd.github.io

Overview

The aim of my PhD is to assess emerging privacy policy presentation techniques (“policy presentations”) by studying the impact they have on children and young people. It is well established that the current ‘consent-and-notice’ approach to managing user privacy has not been effective online [5] [7]. Consent-and-notice refers to the approach of providing a privacy notice at the point of a user’s contact with an online service, and then asking for that user to consent (or to withdraw consent) toward the privacy practices that have been explained within it. This approach has been criticised for its lengthiness, the timing of when notices are displayed, and the power asymmetry it encourages, amongst other things [2] [3]

One method of addressing the problems inherent in notice-and-consent is to alter how website privacy practices are presented to people. Privacy researchers have suggested and tested using alternative formats, visual and other mediums including short or ‘layered’ notices, privacy nutrition labels, graphics and privacy dashboards to name a few. 

It is assumed that alternative policy presentations could provide a means of enhancing the transparency of online privacy policies, and therefore positively affect the habits of internet users. Although counter-arguments do exist, and the evidence supporting this assumption is mixed [4][6], this appears to be a direction that the industry is taking to alter practice, particularly as it relates to children: Recently, the Information Commissioner’s Office (ICO) recommended using novel presentation formats in their guidelines for transparency within the Age Appropriate Design Code, their guidelines for creating GDPR-compliant, child-facing internet services.  Young people have expressed concerns about the ways their data is used and how privacy policies are presented to them, and there is some evidence that they would welcome attempts to tailor solutions to them [1] [7]. If the former assumption about transparency is correct, alternative policy presentations designed with young people in mind could encourage their engagement, lead them to better understand terms of service, and result in them adopting better privacy practices. However, research on novel approaches to displaying privacy policies designed by and for young people is lacking. My PhD will explore these alternative privacy policy presentations to see whether their use can have an effect on young people’s privacy practices, and to what extent the co-creation of policy presentation formats can increase their effectiveness. 

Citations:

[1] Black, S., Joshaghani, R., Ratakonda, D. kumar, Mehrpouyan, H., & Fails, J. A. (2019). Anon what what? Proceedings of the Interaction Design and Children on ZZZ - IDC ’19, 439–445. https://doi.org/10.1145/3311927.3325324

[2] Jafar, M. J., & Abdullat, A. (2011). Exploratory Analysis Of The Readability Of Information Privacy Statement Of The Primary Social Networks. Journal of Business & Economics Research (JBER)7(12), 123–142. https://doi.org/10.19030/jber.v7i12.2371

[3] Luger, E., Moran, S., & Rodden, T. (2013). Consent for all: Revealing the hidden complexity of terms and conditions. Conference on Human Factors in Computing Systems - Proceedings, 2687–2696. https://doi.org/10.1145/2470654.2481371.

[4] McDonald, A. M., Reeder, R. W., Kelley, P. G., & Cranor, L. F. (2009). A comparative study of online privacy policies and formats. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)5672 LNCS, 37–55. https://doi.org/10.1007/978-3-642-03168-7_3

[5] Milne, G. R., Culnan, M. J., & Greene, H. (2006). A Longitudinal Assessment of Online Privacy Notice Readability. Journal of Public Policy25(2), 238–249.

[6] Nissenbaum, H. (2011). Protecting the Internet as a Public Commons. Bulletin of the American Academy of Arts and Sciences140(4), 32–48. www.amacad.org.

[7] Reidenberg, J. R., Breaux, T., Carnor, L. F., French, B., Cranor, L. F., Grannis, A., Graves, J. T., Liu, F., Mcdonald, A., Norton, T. B., Ramanath, R., Russell, N. C., Sadeh, N., & Schaub, F. (2014). Disagreeable Privacy Policies: Mismatches Between Meaning and Users’ Understanding. Berkeley Technology Law Journal30(1), 39–88. https://doi.org/10.15779/Z384K33

[7] Vallejos, E. P., Koene, A., Portillo, V., Dowthwaite, L., & Cano, M. (2017). Young people’s policy recommendations on algorithm fairness. WebSci 2017 - Proceedings of the 2017 ACM Web Science Conference, 247–251. https://doi.org/10.1145/3091478.3091512

This author is supported by the Horizon Centre for Doctoral Training at the University of Nottingham (UKRI Grant No. EP/S023305/1).