The challenges and impact of privacy policy comprehension

Jana Korunovska; Bernadette Kamleitner; Sarah Spiekermann-Hoff

The challenges and impact of privacy policy comprehension

Jana Korunovska, Bernadette Kamleitner, Sarah Spiekermann-Hoff

Publikation: Beitrag in Buch/Konferenzband › Beitrag in Konferenzband

Abstract

The new information and communication technology providers collect increasing amounts of per-sonal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive com-mercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such be-havioural pitfalls we present design recommendations to improve the quality of informed consent.

Originalsprache	Englisch
Titel des Sammelwerks	Twenty-Eighth European Conference on Information Systems (ECIS2020)
Herausgeber*innen	Association for Information Systems
Erscheinungsort	An Online AIS Conference
Seiten	1-17
Publikationsstatus	Veröffentlicht - 2020

Österreichische Systematik der Wissenschaftszweige (ÖFOS)

502050 Wirtschaftsinformatik
102024 Usability Research
102013 Human-Computer Interaction
508
505002 Datenschutz
303029 Suchtforschung
305909 Stressforschung
501003 Arbeitspsychologie
501015 Organisationspsychologie
501011 Kognitionspsychologie
211912 Produktgestaltung

Zugriff auf Dokument

http://www.academia.edu/download/63349189/FINAL_SUBMISSION_ECIS_2020_ecis20a-sub1301-cam-i7-120200518-91701-1xr2xzx.pdfLizenz: Nicht angegeben

Verfügbarkeit prüfen

Katalog der Universitätsbibliothek

Andere Dateien und Links

https://aisel.aisnet.org/ecis2020_rp/51/

Zitat

@inproceedings{b5d5628055664d80a6c9741236bd1d4c,

title = "The challenges and impact of privacy policy comprehension",

abstract = "The new information and communication technology providers collect increasing amounts of per-sonal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive com-mercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such be-havioural pitfalls we present design recommendations to improve the quality of informed consent.",

author = "Jana Korunovska and Bernadette Kamleitner and Sarah Spiekermann-Hoff",

year = "2020",

language = "English",

pages = "1--17",

editor = "{Association for Information Systems}",

booktitle = "Twenty-Eighth European Conference on Information Systems (ECIS2020)",

}

Korunovska, J , Kamleitner, B & Spiekermann-Hoff, S 2020, The challenges and impact of privacy policy comprehension. in Association for Information Systems (Hrsg.), Twenty-Eighth European Conference on Information Systems (ECIS2020). An Online AIS Conference, S. 1-17. <http://www.academia.edu/download/63349189/FINAL_SUBMISSION_ECIS_2020_ecis20a-sub1301-cam-i7-120200518-91701-1xr2xzx.pdf>

TY - GEN

T1 - The challenges and impact of privacy policy comprehension

AU - Korunovska, Jana

AU - Kamleitner, Bernadette

AU - Spiekermann-Hoff, Sarah

PY - 2020

Y1 - 2020

N2 - The new information and communication technology providers collect increasing amounts of per-sonal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive com-mercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such be-havioural pitfalls we present design recommendations to improve the quality of informed consent.

AB - The new information and communication technology providers collect increasing amounts of per-sonal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive com-mercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such be-havioural pitfalls we present design recommendations to improve the quality of informed consent.

UR - https://aisel.aisnet.org/ecis2020_rp/51/

M3 - Contribution to conference proceedings

SP - 1

EP - 17

BT - Twenty-Eighth European Conference on Information Systems (ECIS2020)

A2 - Association for Information Systems, null

CY - An Online AIS Conference

ER -