Understanding how to inform blind and low-vision users about data privacy through privacy question answering assistants
AUTHORs: 
Yuanyuan Feng, Abhilasha Ravichander, Yaxing Yao, Shikun Zhang, Rex Chen, Shomir Wilson, 
Norman SadehAuthors Info & Claims
Article No.: 116, Pages 2065 - 2082
Abstract
Understanding and managing data privacy in the digital world can be challenging for sighted users, let alone blind and low-vision (BLV) users. There is limited research on how BLV users, who have special accessibility needs, navigate data privacy, and how potential privacy tools could assist them. We conducted an in-depth qualitative study with 21 US BLV participants to understand their data privacy risk perception and mitigation, as well as their information behaviors related to data privacy. We also explored BLV users' attitudes towards potential privacy question answering (Q&A) assistants that enable them to better navigate data privacy information. We found that BLV users face heightened security and privacy risks, but their risk mitigation is often insufficient. They do not necessarily seek data privacy information but clearly recognize the benefits of a potential privacy Q & A assistant. They also expect privacy Q & A assistants to possess cross-platform compatibility, support multi-modality, and demonstrate robust functionality. Our study sheds light on BLV users' expectations when it comes to usability, accessibility, trust and equity issues regarding digital data privacy.
References
[1]
Ali Abdolrahmani and Ravi Kuber. Should I trust it when I cannot see it? credibility assessment for blind web users. In Proceedings of the 18th International ACM SIGACCESS Conference on Computers and Accessibility, ASSETS '16, pages 191-199, 2016.
[2]
Patricia Acosta-Vargas, Belén Salvador-Acosta, Luis Salvador-Ullauri, William Villegas-Ch., and Mario Gonzalez. Accessibility in native mobile applications for users with disabilities: A scoping review. Applied Sciences, 11(12):5707, 2021.
[3]
Patricia Acosta-Vargas, Luis Salvador-Ullauri, Janio Jadán-Guerrero, César Guevara, Sandra Sanchez-Gordon, Tania Calle-Jimenez, Patricio Lara-Alvarez, Ana Medina, and Isabel L. Nunes. Accessibility assessment in mobile applications for Android. In Proceedings of the 2019 International Conference on Applied Human Factors and Ergonomics, AHFE '19, pages 279-288, 2019.
[4]
Alessandro Acquisti and Jens Grossklags. Privacy and rationality in individual decision making. IEEE security & privacy, 3(1):26-33, 2005.
[5]
Wasi Ahmad, Jianfeng Chi, Yuan Tian, and Kai-Wei Chang. PolicyQA: A reading comprehension dataset for privacy policies. In Findings of the Association for Computational Linguistics: EMNLP 2020, pages 743-749, Online, nov 2020. Association for Computational Linguistics.
[6]
Tousif Ahmed, Roberto Hoyle, Kay Connelly, David Crandall, and Apu Kapadia. Privacy concerns and behaviors of people with visual impairments. In Proceedings of the 2015 CHI Conference on Human Factors in Computing Systems, CHI '15, pages 3523-3532, 2015.
[7]
Taslima Akter, Bryan Dosono, Tousif Ahmed, Apu Kapadia, and Bryan Semaan. "i am uncomfortable sharing what i can't see": Privacy concerns of the visually impaired with camera based assistive applications. In Proceedings of the 29th USENIX Security Symposium, SEC '20, pages 1929-1948, 2020.
[8]
Waleed Ammar, Shomir Wilson, Norman Sadeh, and Noah A Smith. Automatic categorization of privacy policies: A pilot study. Technical Report CMU-LTI-12-019, Carnegie Mellon University, 12 2012.
[9]
Marcia J. Bates. Information behavior. In Encyclopedia of Library and Information Sciences, pages 2074-2085. Taylor & Francis, 4th edition, 2017.
[10]
Glynis M. Breakwell. Interviewing methods. In Research methods in psychology, pages 232-253. SAGE, 3rd edition, 2006.
[11]
Victoria Clarke, Virginia Braun, and Nikki Hayfield. Thematic analysis. In Qualitative psychology: A practical guide to research methods, page 248. SAGE, 3rd edition, 2015.
[12]
Jessica Colnago, Yuanyuan Feng, Tharangini Palanivel, Sarah Pearman, Megan Ung, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh. Informing the design of a personalized privacy assistant for the internet of things. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI '20, pages 1-13, 2020.
[13]
Elisa Costante, Jerry den Hartog, and Milan Petković. What websites know about you. In Data Privacy Management and Autonomous Spontaneous Security, pages 146-159. Springer, 2012.
[14]
Elisa Costante, Yuanhao Sun, Milan Petković, and Jerry den Hartog. A machine learning solution to assess privacy policy completeness: (short paper). In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, WPES '12, page 91-96, New York, NY, USA, 2012. Association for Computing Machinery.
[15]
Council of European Union. General data protection regulation. https://gdpr-infor.eu, 2016.
[16]
Anupam Das, Martin Degeling, Daniel Smullen, and Norman Sadeh. Personalized privacy assistants for the internet of things: Providing users with notice and choice. IEEE Pervasive Computing, 17(3):35-46, 2018.
[17]
Bryan Dosono, Jordan Hayes, and Yang Wang. "I'm stuck!": A contextual inquiry of people with visual impairments in authentication. In 11th USENIX Conference on Usable Privacy and Security, SOUPS '15, pages 151-168, 2015.
[18]
Bryan Dosono, Jordan Hayes, and Yang Wang. Toward accessible authentication: Learning from people with visual impairments. IEEE Internet Computing, 22(2):62-70, 2018.
[19]
Nora A. Draper. From privacy pragmatist to privacy resigned: Challenging narratives of rational choice in digital privacy debates. Policy & Internet, 9(2):232-251, 2017.
[20]
Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, and Lorrie Faith Cranor. Exploring how privacy and security factor into IoT device purchase behavior. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, CHI '19, pages 1-12, 2019.
[21]
Fahim Faisal, Sharlina Keshava, Md Mahfuz Ibn Alam, and Antonios Anastasopoulos. SD-QA: Spoken dialectal question answering for the real world. In Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, EMNLP '21, pages 3296-3315, 2021.
[22]
Jennifer Fereday and Eimear Muir-Cochrane. Demonstrating rigor using thematic analysis: A hybrid approach of inductive and deductive coding and theme development. International Journal of Qualitative Methods, 5(1):80-92, 2006.
[23]
John C. Flanagan. The critical incident technique. Psychological Bulletin, 51(4):327, 1954.
[24]
Patricia I Fusch and Lawrence R Ness. Are we there yet? data saturation in qualitative research. The Qualitative Report, 20(9):1408-1416, 2015.
[25]
Nina Gerber, Paul Gerber, and Melanie Volkamer. Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Computers & security, 77:226-261, 2018.
[26]
Joshua Gluck, Florian Schaub, Amy Friedman, Hana Habib, Norman Sadeh, Lorrie Faith Cranor, and Yuvraj Agarwal. How short is too short? implications of length and framing on the effectiveness of privacy notices. In 12th Symposium on Usable Privacy and Security, SOUPS '16, pages 321-340, 2016.
[27]
Danna Gurari, Qing Li, Abigale J. Stangl, Anhong Guo, Chi Lin, Kristen Grauman, Jiebo Luo, and Jeffrey P. Bigham. Vizwiz grand challenge: Answering visual questions from blind people. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, CVPR '18, pages 3608-3617, 2018.
[28]
Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. "it's a scavenger hunt": Usability of websites' opt-out and data deletion choices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI '20, pages 1-12, 2020.
[29]
Stephanie Hackett, Bambang Parmanto, and Xiaoming Zeng. Accessibility of Internet websites through time. In Proceedings of the 6th International ACM SIGACCESS Conference on Computers and Accessibility, ASSETS '03, pages 32-39, 2003.
[30]
Dilek Hakkani-Tur and Manaal Faruqui. A call for revisiting the boundary between asr and nlu in the age of conversational dialog systems. Computational Linguistics, 48(1):221-232, 2022.
[31]
Foad Hamidi, Kellie Poneres, Aaron Massey, and Amy Hurst. Who should have access to my pointing data? privacy tradeoffs of adaptive assistive technologies. In Proceedings of the 20th International ACM SIGACCESS Conference on Computers and Accessibility, ASSETS '18, pages 203-216, 2018.
[32]
Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G Shin, and Karl Aberer. Polisis: Automated analysis and presentation of privacy policies using deep learning. In 27th USENIX Security Symposium (USENIX Security 18), pages 531-548, 2018.
[33]
Hamza Harkous, Kassem Fawaz, Kang G. Shin, and Karl Aberer. PriBots: Conversational privacy with chatbots. In Proceedings of the Workshop on the Future of Privacy Indicators, at the 12th Symposium on Usable Privacy and Security, pages 1-6, 2016.
[34]
Jordan Hayes, Smirity Kaushik, Charlotte Emily Price, and Yang Wang. Cooperative privacy and security: Learning from people with visual impairments and their allies. In 15th USENIX Symposium on Usable Privacy and Security, SOUPS '19, pages 1-20, 2019.
[35]
Shawn Lawton Henry. WCAG 2 overview. Web Accessibility Initiative (WAI) https://www.w3.org/WAI/standards-guidelines/wcag/, 2005.
[36]
Julia Himmelsbach, Markus Garschall, Sebastian Egger, Susanne Steffek, and Manfred Tscheligi. Enabling accessibility through multimodality? interaction modality choices of older adults. In Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia, MUM '15, pages 195-199, 2015.
[37]
Karen Holtzblatt and Hugh R. Beyer. Requirements gathering: the human factor. Communications of the ACM, 38(5):31-32, 1995.
[38]
Ruogu Kang, Stephanie Brown, Laura Dabbish, and Sara Kiesler. Privacy attitudes of mechanical turk workers and the US. public. In 10th Symposium On Usable Privacy and Security, SOUPS '14, pages 37-49, 2014.
[39]
Moniba Keymanesh, Micha Elsner, and Srinivasan Parthasarathy. Toward domain-guided controllable summarization of privacy policies. In Natural Legal Language Processing Workshop. KDD, 2020.
[40]
Hyun K. Kim, Sung H. Han, Jaehyun Park, and Joohwan Park. The interaction experiences of visually impaired people with assistive technology: A case study of smart-phones. International Journal of Industrial Ergonomics, 55:22-33, 2016.
[41]
Spyros Kokolakis. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & security, 64:122-134, 2017.
[42]
Barbara Krumay and Jennifer Klar. Readability of privacy policies. In Proceedings of the 34th IFIP Annual Conference on Data and Applications Security and Privacy, DBSec '20, pages 388-399, 2020.
[43]
Vinayshekhar Bannihatti Kumar, Roger Iyengar, Namita Nisal, Yuanyuan Feng, Hana Habib, Peter Story, Sushain Cherivirala, Margaret Hagan, Lorrie Cranor, Shomir Wilson, Florian Schaub, and Norman Sadeh. Finding a choice in a haystack: Automatic extraction of opt-out statements from privacy policy text. In Proceedings of The Web Conference 2020, WWW '20, pages 1943-1954, 2020.
[44]
Elaine Lau and Zachary Peterson. A research framework and initial study of browser security for the visually impaired. In 11th USENIX Symposium on Usable Privacy and Security, SOUPS '15, pages 1-18, 2015.
[45]
Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun Aerin Zhang, Norman Sadeh, Yuvraj Agarwal, and Alessandro Acquisti. Follow my recommendations: A personalized privacy assistant for mobile app permissions. In 12th Symposium on Usable Privacy and Security, SOUPS '16, pages 27-41, 2016.
[46]
Fei Liu, Rohan Ramanath, Norman Sadeh, and Noah A. Smith. A step towards usable privacy policy: Automatic alignment of privacy statements. In Proceedings of COLING 2014, the 25th International Conference on Computational Linguistics: Technical Papers, pages 884-894, Dublin, Ireland, August 2014. Dublin City University and Association for Computational Linguistics.
[47]
Shuang Liu, Baiyang Zhao, Renjie Guo, Guozhu Meng, Fan Zhang, and Meishan Zhang. Have you been properly notified? automatic compliance analysis of privacy policy text with gdpr article 13. In Proceedings of the Web Conference 2021, pages 2154-2164, 2021.
[48]
Aleecia M. McDonald and Lorrie Faith Cranor. The cost of reading privacy policies. I/S: A Journal of Law and Policy for the Information Society, 4:543-568, 2008.
[49]
Nora McDonald, Sarita Schoenebeck, and AndreaForte. Reliability and inter-rater reliability in qualitative research: Norms and guidelines for cscw and hci practice. Proceedings of the ACM on Human-Computer Interaction, 3(CSCW):1-23, 2019.
[50]
Gabriele Meiselwitz. Readability assessment of policies and procedures of social networking sites. In Proceedings of the 2013 International Conference on Online Communities and Social Computing, OCSC '13, pages 67-75, 2013.
[51]
Stephen Mutula and Rebecca M. Majinge. Information behaviour of students living with visual impairments in university libraries: A review of related literature. The Journal of Academic Librarianship, 42(5):522-528, 2016.
[52]
Daniela Napoli, Khadija Baig, Sana Maqsood, and Sonia Chiasson. "i'm literally just hoping this will work": Obstacles blocking the online security and privacy of users with visual disabilities. In 17th Symposium on Usable Privacy and Security, SOUPS '21, pages 263-280, 2021.
[53]
National Federation of the Blind. Blindness statistics. https://nfb.org/resources/blindness-statistics, 2019.
[54]
Jonathan A. Obar and Anne Oeldorf-Hirsch. The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society, 23(1):128-147, 2020.
[55]
Anne Oeldorf-Hirsch and Jonathan A. Obar. Overwhelming, important, irrelevant: Terms of service and privacy policy reading among older adults. In Proceedings of the 10th International Conference on Social Media and Society, SMSociety '19, pages 166-173, 2019.
[56]
Alisha Pradhan, Kanika Mehta, and Leah Findlater. "accessibility came by accident": Use of voice-controlled intelligent personal assistants by people with disabilities. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, CHI '18, pages 1-13, 2018.
[57]
Rohan Ramanath, Fei Liu, Norman Sadeh, and Noah A. Smith. Unsupervised alignment of privacy policies using hidden markov models. In Proceedings of the 52nd Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers), pages 605-610, Baltimore, Maryland, June 2014. Association for Computational Linguistics.
[58]
Ashwini Rao, Florian Schaub, Norman Sadeh, Alessandro Acquisti, and Ruogu Kang. Expecting the unexpected: Understanding mismatched privacy expectations online. In 12th Symposium on Usable Privacy and Security, SOUPS '16, pages 77-96, 2016.
[59]
Abhilasha Ravichander, Alan W. Black, Thomas Norton, Shomir Wilson, and Norman Sadeh. Breaking down walls of text: How can NLP benefit consumer privacy? In Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing, ACL-IJCNLP '21, pages 4125-4140, 2021.
[60]
Abhilasha Ravichander, Alan W Black, Shomir Wilson, Thomas Norton, and Norman Sadeh. Question answering for privacy policies: Combining computational and legal perspectives. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), pages 4947-4958, Hong Kong, China, nov 2019. Association for Computational Linguistics.
[61]
Abhilasha Ravichander, Alan W. Black, Shomir Wilson, Thomas Norton, and Norman Sadeh. Question answering for privacy policies: Combining computational and legal perspectives. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing, EMNLP-IJCNLP '19, pages 4947-4958, 2019.
[62]
Abhilasha Ravichander, Siddharth Dalmia, Maria Ryskina, Florian Metze, Eduard Hovy, and Alan W. Black. NoiseQA: Challenge set evaluation for user-centric question answering. In Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics, EACL '21, pages 2976-2992, 2021.
[63]
Joel R Reidenberg, Travis Breaux, Lorrie Faith Cranor, Brian French, Amanda Grannis, James T Graves, Fei Liu, Aleecia McDonald, Thomas B Norton, Rohan Ramanath, N. Cameron Russell, Norman Sadeh, and Florian Schaub. Disagreeable privacy policies: Mismatches between meaning and users' understanding. Berkeley Technology Law Journal, 30:39-68, 2015.
[64]
Antti Salovaara, Antti Oulasvirta, and Giulio Jacucci. Evaluation of prototypes and the problem of possible futures. In Proceedings of the 2017 CHI conference on human factors in computing systems, pages 2064-2077, 2017.
[65]
William Seymour, Martin J. Kraemer, Reuben Binns, and Max Van Kleek. Informing the design of privacy-empowering tools for the connected home. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI '20, pages 1-14, 2020.
[66]
Chris Stokel-Walker and Richard Van Noorden. What ChatGPT and generative AI mean for science. Nature, 614(7947):214-216, 2023.
[67]
Peter Story, Daniel Smullen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. Awareness, adoption, and misconceptions of web privacy tools. Proceedings on Privacy Enhancing Technologies Symposium 2021, pages 1-26, 2021.
[68]
Alina Stöver, Sara Hahn, Felix Kretschmer, and Nina Gerber. Investigating how users imagine their personal privacy assistant. In Proceedings on Privacy Enhancing Technologies Symposium 2023, PETS '23, pages 384-402, 2023.
[69]
Soundarya Nurani Sundareswara, Shomir Wilson, Mukund Srinath, and C. Lee Giles. Privacy not found: a study of the availability of privacy policies on the web. In 16th Symposium on Usable Privacy and Security, SOUPS '20, pages 1-5, 2020.
[70]
Shannon M. Tomlinson. Perceptions of accessibility and usability by blind or visually impaired persons: a pilot study. Proceedings of the Association for Information Science and Technology, 53(1):1-4, 2016.
[71]
Noriko Tomuro, Steven Lytinen, and Kurt Hornsburg. Automatic summarization of privacy policies using ensemble learning. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, CODASPY '16, page 133-135, New York, NY, USA, 2016. Association for Computing Machinery.
[72]
Matthew W. Vail, Julia B. Earp, and Annie I. Antón. An empirical study of consumer perceptions and comprehension of web site privacy policies. IEEE Transactions on Engineering Management, 55(3):442-454, 2008.
[73]
Maike Vollstedt and Sebastian Rezat. An introduction to grounded theory with a special focus on axial coding and the coding paradigm. Compendium for early career researchers in mathematics education, 13(1):81-100, 2019.
[74]
Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh, and Mahadev Satyanarayanan. Enabling live video analytics with a scalable and privacy-aware framework. ACM Transactions on Multimedia Computing, Communications, and Applications, 14(3s):1-24, 2018.
[75]
Shomir Wilson, Florian Schaub, Aswarth Abhilash Dara, Frederick Liu, Sushain Cherivirala, Pedro Giovanni Leon, Mads Schaarup Andersen, Sebastian Zimmeck, Kanthashree Mysore Sathyendra, N Cameron Russell, et al. The creation and analysis of a website privacy policy corpus. In Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, volume 1, pages 1330-1340, 2016.
[76]
Iris Xie, Shengang Wang, and Meredith Saba. Studies on blind and visually impaired users in LIS literature: A review of research methods. Library & Information Science Research, 43(3):101109, 2021.
[77]
Yaxing Yao, Davide Lo Re, and Yang Wang. Folk models of online behavioral advertising. In Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing, pages 1957-1969, 2017.
[78]
Razieh Nokhbeh Zaeem, Safa Anya, Alex Issa, Jake Nimergood, Isabelle Rogers, Vinay Shah, Ayush Srivastava, and K Suzanne Barber. Privacycheck v2: A tool that recaps privacy policies for you. In 29th ACM International Conference on Information and Knowledge Management (CIKM). ACM. To appear, 2020.
[79]
Razieh Nokhbeh Zaeem, Rachel L German, and K Suzanne Barber. Privacycheck: Automatic summarization of privacy policies using data mining. ACM Transactions on Internet Technology (TOIT), 18(4):1-18, 2018.
[80]
Shikun Zhang, Yuanyuan Feng, Yaxing Yao, Lorrie Faith Cranor, and Norman Sadeh. How usable are iOS app privacy labels? Proceedings on Privacy Enhancing Technologies Symposium 2022, pages 204-228, 2022.
[81]
Yuhang Zhao, Edward Cutrell, Christian Holz, Meredith Ringel Morris, Eyal Ofek, and Andrew D. Wilson. SeeingVR: A set of tools to make virtual reality more accessible to people with low vision. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, CHI '19, pages 1-14, 2019.
[82]
Yuhang Zhao, Sarit Szpiro, Jonathan Knighten, and Shiri Azenkot. CueSee: exploring visual cues for people with low vision to facilitate a visual search task. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp '16, pages 73-84, 2016.
[83]
Yuhang Zhao, Yaxing Yao, Jiaru Fu, and Nihan Zhou. "if sighted people know, i should be able to know:" privacy perceptions of bystanders with visual impairments around camera-based technology. In 32nd USENIX Security Symposium (USENIX Security 23), pages 4661-4678, 2023.
[84]
Sebastian Zimmeck, Peter Story, Daniel Smullen, Abhilasha Ravichander, Ziqi Wang, Joel R. Reidenberg, N. Russell, and N. Sadeh. Maps: Scaling privacy compliance analysis to a million apps. Proceedings on Privacy Enhancing Technologies, 2019:66-86, 2019.
Index Terms
- Understanding how to inform blind and low-vision users about data privacy through privacy question answering assistants
Index terms have been assigned to the content through auto-classification.
Recommendations
Multi-level privacy preserving data publishing
Policedata is an important source of social media data and can be regarded as a technical assistance to increase government accountability and transparency. Notably, it contains large amounts of personal private information that should be preserved ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2024 The USENIX Association.
Sponsors
- Bloomberg Engineering
- Google Inc.
- NSF
- Futurewei Technologies
- IBM
Publisher
USENIX Association
United States
Publication History
Published: 12 August 2024
Qualifiers
- Research-article
- Research
- Refereed limited
Acceptance Rates
Overall Acceptance Rate 40 of 100 submissions, 40%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 23 Jan 2025