Designing Privacy Notices: Supporting User Understanding and Control
Users are increasingly expected to manage complex privacy settings in their normal online interactions. From shopping to social networks, users make decisions about sharing their personal information with corporations and contacts, frequently with little assistance. Current solutions require customers to read long documents or go out of their way to manage complex settings buried deep in the management interfaces, all of which lead to little or no actual control.
The goal of this work is to help people cope with the shifting privacy landscape. While our work looks at many aspects of how users make decisions regarding their privacy, this dissertation focuses on two specific areas: the current state of web privacy policies and mobile phone application permissions. We explored consumers' current understanding of privacy in these domains, and then used that knowledge to iteratively design and test more comprehensible information displays.
These prototyped information displays should not be seen as final commercially-ready solutions, but as examples of privacy notices that can help users think about, cope with, and make decisions regarding their data privacy. We conclude with a series of design suggestions motivated by our findings.