The new information and communication technology providers collect increasing amounts of per-sonal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive com-mercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such be-havioural pitfalls we present design recommendations to improve the quality of informed consent.
Titel des SammelwerksTwenty-Eighth European Conference on Information Systems (ECIS2020)
Herausgeber*innen Association for Information Systems
ErscheinungsortAn Online AIS Conference
PublikationsstatusVeröffentlicht - 2020

Österreichische Systematik der Wissenschaftszweige (ÖFOS)

  • 502050 Wirtschaftsinformatik
  • 102024 Usability Research
  • 102013 Human-Computer Interaction
  • 508
  • 505002 Datenschutz
  • 303029 Suchtforschung
  • 305909 Stressforschung
  • 501003 Arbeitspsychologie
  • 501015 Organisationspsychologie
  • 501011 Kognitionspsychologie
  • 211912 Produktgestaltung