More Web Proxy on the site http://driver.im/

research-article

A "nutrition label" for privacy

Authors:

Patrick Gage Kelley,

Lorrie Faith Cranor,

Robert W. ReederAuthors Info & Claims

SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security

Article No.: 4, Pages 1 - 12

https://doi.org/10.1145/1572532.1572538

Published: 15 July 2009 Publication History

Abstract

We used an iterative design process to develop a privacy label that presents to consumers the ways organizations collect, use, and share personal information. Many surveys have shown that consumers are concerned about online privacy, yet current mechanisms to present website privacy policies have not been successful. This research addresses the present gap in the communication and understanding of privacy policies, by creating an information design that improves the visual presentation and comprehensibility of privacy policies. Drawing from nutrition, warning, and energy labeling, as well as from the effort towards creating a standardized banking privacy notification, we present our process for constructing and refining a label tuned to privacy. This paper describes our design methodology; findings from two focus groups; and accuracy, timing, and likeability results from a laboratory study with 24 participants. Our study results demonstrate that compared to existing natural language privacy policies, the proposed privacy label allows participants to find information more quickly and accurately, and provides a more enjoyable information seeking experience.

References

[1]

]]Balasubramanian, S. and Cole, C. "Consumers' Search and Use of Nutrition Information: The Challenge and Promise of the Nutrition Labeling and Education Act." Journal of Marketing. 2002. Vol. 66, 112--127.

[2]

]]Beard, T. C., Nowson, C. A., Riley, M. D. "Traffic-light food labels." Med J Aust. 2007;186:19.

[3]

]]Belser, B. Designing the Food Label: Nutrition Facts. AIGA Journal. 1994.

[4]

]]Buckley, P. and Shepherd, R. Ergonomic factors: The clarity of food labels. British Food Journal. 1993. 95

[5]

]]Byrd-Bredbenner, C., Alfieri, L., Wong, A., and Cottee, P. The Inherent Educatiional Qualities of Nutrition Labels. Family and Consumer Sciences Research Journal, Vol 29, No 3, March 2001 265--280.

[6]

]]Cranor, L., Egelman, S., Sheng, S., McDonald, A., and Chowdhury, A. P3P Deployment on Websites. Electronic Commerce Research and Applications, Volume 7, Issue 3, Autumn 2008, Pages 274--293.

Digital Library

[7]

]]Consumer Product Safety Commission. "Labeling Requirements for Toy and Game Advertisements." 2008. http://cpsc.gov/library/foia/foia08/brief/toygameads.pdf

[8]

]]DeJoy, D. M., Cameron, K. A., and Della, L. J. Post-exposure evaluation of warning effectiveness: A review of field studies and population-based research. The Handbook of Warnings. 2006. (35--48).

[9]

]]Downs J. S., Loewenstein G., and Wisdom J. Strategies for Promoting Healthier Food Choices. American Economic Review. 2009, vol. 99, issue 2, pages 159--64

[10]

]]Drichoutis AC, Lazaridis P, Nayga RM. 2006. Consumers' use of nutritional labels: a review of research studies and issues. Acad Marketing Sci Rev, no. 9.

[11]

]]The Energy Label. 2007. www.energyrating.gov.au

[12]

]]European Union Commission Directive 98/11/EC "Energy Labeling." 1998. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1998:071:0001:0008:EN:PDF

[13]

]]Food Standards Agency. "Signpost Labeling Research." 2005 http://www.food.gov.uk/foodlabelling/signposting/siognpostlabelresearch/

[14]

]]Jensen, C. and Potts, C. Privacy policies as decision-making tools: an evaluation of online privacy notices. SIGCHI. 2004.

Digital Library

[15]

]]Kelley, P., A. McDonald, R. Reeder, and L. Cranor. P3P Expandable Grids. Poster at Privacy MindSwap Carnegie Mellon University. 2007. http://cups.cs.cmu.edu/soups/2008/posters/kelley.pdf

[16]

]]Kleimann Communication Group, Inc. Evolution of a Prototype Financial Privacy Notice. February 2006. Available: http://www.ftc.gov/privacy/privacyinitiatives/ftcfinalreport060228.pdf

[17]

]]Levy, A. and Hastak, M. Consumer Comprehension of Financial Privacy Notices. December 2008. Available: http://www.ftc.gov/privacy/privacyinitiatives/Levy-Hastak-Report.pdf

[18]

]]Maubach, N., Hoek J. "The Effect of Alternative Nutrition Information Formats on Consumers' Evaluations of a Children's Breakfast Cereal" Proceedings of the EParternships, Proof and Practice -- International Nonprofit and Social Marketing Conference 2008.

[19]

]]McDonald, A., Reeder, R. W., Kelley, P. G., and Cranor, L. F. A Comparison of Online Privacy Policies and Formats. Privacy Enhancing Technologies 2009.

Digital Library

[20]

]]McDonald, A, and Cranor, L. The Cost of Reading Privacy Policies. Telecommunications Policy Research Conference, 2008.

[21]

]]Privacy Leadership Initiative. Privacy Notices Research Final Results, November 2001, Available at: http://www.understandingprivacy.org/content/library/datasum.pdf.

[22]

]]Reeder, R. W. Expandable Grids: A user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring. PhD thesis, Carnegie Mellon. 2008. http://www.robreeder.com/pubs/ReederThesis.pdf

Digital Library

[23]

]]Reeder, R., Cranor, L., Kelley, P., and McDonald, A. A User Study of the Expandable Grid Applied to P3P Privacy Policy Visualization. Workshop on Privacy in the Electronic Society. 2008

Digital Library

[24]

]]Seymore, J. D., Lazarus Yaroch, A., Serdula M., Blanck, H. M., and Khan, L. K. "Impact of nutrition environmental interventions on point-of-purchase behavior in adults a review." Preventative Medicine 2004. 29: S108--S136.

[25]

]]The Center for Information Policy Leadership, H. W. L. Multi-layered notices.

[26]

]]Turow, J. Feldman, L., and Meltzer, K. Open to Exploitation: American Shoppers Online and Offline. The Annenberg Public Policy Center. 2005. http://www.annenbergpublicpolicycenter.org/NewsDetails.aspx?myId=31

[27]

]]U.S. Food and Drug Administration. A Food Labeling Guide. Center for Food Safety & Applied Nutrition. 1999. http://vm.cfsan.fda.gov/%7Edms/flg-toc.html.

[28]

]]U.S. Food and Drug Administration. "Guide to Nutrition Labeling and Education Act Requirements" 1994. http://www.fda.gov/ora/inspect_ref/igs/nleatxt.html

[29]

]]U.S. Food and Drug Administration. "New OTC Drug Facts Label" FDA Consumer Magazine. 2002. http://www.fda.gov/FDAC/features/2002/402_otc.html

[30]

]]W3C. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. http://www.w3.org/TR/P3P/

[31]

]]W3C. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. http://www.w3.org/TR/P3P11/

[32]

]]WELS Regulator (Australian Government). "WELS and Watermark." 2005. http://www.waterrating.gov.au/compliance.html

Cited By

Berkholz JRahman AStevens G(2025)Playing with Privacy: Exploring the Social Construction of Privacy Norms Through a Card GameProceedings of the ACM on Human-Computer Interaction10.1145/37012029:1(1-23)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3701202
Pan STao ZHoang TZhang DLi TXing ZXu XStaples MRakotoarivelo TLo DBalzarotti DXu W(2024)A NEW HOPEProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699219(5699-5716)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699219
Khandelwal RNayak AChung PFawaz KBalzarotti DXu W(2024)Unpacking privacy labelsProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699059(2831-2848)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699059
Show More Cited By

Index Terms

A "nutrition label" for privacy

Recommendations

A user study of the expandable grid applied to P3P privacy policy visualization
WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

Displaying website privacy policies to consumers in ways they understand is an important part of gaining consumers' trust and informed consent, yet most website privacy policies today are presented in confusing, legalistic natural language. Moreover, ...
Designing a privacy label: assisting consumer understanding of online privacy practices
CHI EA '09: CHI '09 Extended Abstracts on Human Factors in Computing Systems

This project describes the continuing development of a Privacy Label to present to consumers the ways organizations collect, use, and share personal information. Several studies have indicated the importance of privacy for consumers, yet current ...
A Comparative Study of Privacy Mechanisms and a Novel Privacy Mechanism [Short Paper]
Information and Communications Security
Abstract
Privacy of PII(Personally Identifiable Information) on the Internet is a major concern of a netizen. On the Internet different service providers are supposed to publish their own privacy policies but understanding of these policies is a major ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security

July 2009

205 pages

ISBN:9781605587363

DOI:10.1145/1572532

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2009 Copyright held by the author/owner.

Sponsors

Carnegie Mellon CyLab
Google Inc.

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 July 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

SOUPS '09

Sponsor:

SOUPS '09: Symposium on Usable Privacy and Security

July 15 - 17, 2009

California, Mountain View, USA

Acceptance Rates

SOUPS '09 Paper Acceptance Rate 15 of 49 submissions, 31%;

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

281
Total Citations
View Citations
3,012
Total Downloads

Downloads (Last 12 months)452
Downloads (Last 6 weeks)30

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Berkholz JRahman AStevens G(2025)Playing with Privacy: Exploring the Social Construction of Privacy Norms Through a Card GameProceedings of the ACM on Human-Computer Interaction10.1145/37012029:1(1-23)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3701202
Pan STao ZHoang TZhang DLi TXing ZXu XStaples MRakotoarivelo TLo DBalzarotti DXu W(2024)A NEW HOPEProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699219(5699-5716)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699219
Khandelwal RNayak AChung PFawaz KBalzarotti DXu W(2024)Unpacking privacy labelsProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699059(2831-2848)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699059
Geeng CChen NTurk KHutson JMcCoy DKelley PKapadia A(2024)"Say I'm in public...I don't want my nudes to pop up."Proceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696922(433-451)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696922
Balash DAli MKanich CAviv AKelley PKapadia A(2024)"I would not install an app with this label"Proceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696921(413-432)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696921
Gopi GMaddi AArasaratnam OFanti GKelley PKapadia A(2024)Privacy requirements and realities of digital public goodsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696908(159-177)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696908
Zhang SKlucinec LNorton KSadeh NCranor LKelley PKapadia A(2024)Exploring expandable-grid designs to make iOS app privacy labels more usableProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696907(139-157)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696907
Korneeva ESalge TCichy PAntons D(2024)How Users Assess Privacy Risks in the Internet of Things: The Role of Framing, Comparing, and EducatingBusiness & Society10.1177/0007650324125508263:8(1794-1841)Online publication date: 23-Jul-2024
https://doi.org/10.1177/00076503241255082
Khedkar MMondal ABodden EFilkov VRay BZhou M(2024)Do Android App Developers Accurately Report Collection of Privacy-Related Data?Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops10.1145/3691621.3694949(176-186)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691621.3694949
Xiao YNadkarni ALiao XTorres-Arias SDe Carli LZhang Y(2024)Enhancing Transparency and Accountability of TPLs with PBOM: A Privacy Bill of MaterialsProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696159(1-11)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689944.3696159
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents