EXPRESS: The Bulletproof Glass Effect: Unintended Consequences of Privacy Notices

Drawing from a content analysis of publicly-traded companies’ privacy notices, a survey of managers, a field study, and five online experiments, this research investigates how consumers respond to privacy notices. A privacy notice, by placing legally-enforceable limits on a firm’s data practices, communicating safeguards, and signaling transparency, might be expected to promote confidence that personal data will not be misused. Indeed, most managers expected a privacy notice to make customers feel more secure (Study 1). Yet, consistent with the analogy that bulletproof glass can increase feelings of vulnerability despite the protection offered, formal privacy notices undermined consumer trust and decreased purchase interest even when they emphasized objective protection (Studies 2, 3, and 5) or omitted any mention of potentially concerning data practices (Study 6). These unintended consequences did not occur, however, when consumers had an a priori reason to be distrustful (Study 4) or when benevolence cues were added to privacy notices (Studies 5-6). Finally, Study 7 showed that both the presence and conspicuous absence of privacy information are sufficient to trigger decreased purchase intent. Together, these results provide actionable guidance to managers on how to effectively convey privacy information (without hurting purchase interest).

Honeysuckle

In-app privacy notices can help smartphone users make informed privacy decisions. However, they are rarely used in real-world apps, since developers often lack the knowledge, time, and resources to design and implement them well. We present Honeysuckle, a programming tool that helps Android developers build in-app privacy notices using an annotation-based code generation approach facilitated by an IDE plugin, a build system plugin, and a library. We conducted a within-subjects study with 12 Android developers to evaluate Honeysuckle. Each participant was asked to implement privacy notices for two popular open-source apps using the Honeysuckle library as a baseline as well as the annotation-based approach. Our results show that the annotation-based approach helps developers accomplish the task faster with significantly lower cognitive load. Developers preferred the annotation-based approach over the library approach because it was much easier to learn and use and allowed developers to achieve various types of privacy notices using a unified code format, which can enhance code readability and benefit team collaboration.

Does The GDPR Achieve Its Goal of “Protection of Youth”?

The increasing ‘datafication of society’1 and ubiquitous computing resulted in high privacy risks such as commercial exploitation of personal data, discrimination, identity theft and profiling (automated processing of personal data). 2 Especially, minor data subjects are more likely to be victims of unfair commercial practices due to their behavioral characteristics (emotional volatility and impulsiveness) and unawareness of consequences of their virtual activities.3 Accordingly, it has been claimed that thousands of mobile apps utilized by children collected their data and used it for tracking their location, processed it for the development of child profiles so as to tailor behavioral advertising targeted at them and shared it with third parties without children’s or parent’s knowledge.4 Following these concerns, recently adopted EU General Data Protection Regulation (679/2016) departed from its Data Protection Directive (DPD) in terms of children’s data protection by explicitly recognizing that minors need more protection than adults5 and providing specific provisions aimed at protecting children’s right to data protection.6 Unlike the GDPR, the DPD was designed to provide “equal” protection for all data subjects irrespective of their age.7 This paper argues that consent principle along with the requirement of parental consent cannot effectively be implemented for the protection of children’s data due to the lack of actual choice, verification issues and complexity of data processing, and also the outcome of the privacy notices in a child-appropriate form is limited. However, there are other mechanisms and restrictions embodied in the GDPR, which provide opportunities for the protection of children’s data by placing burden on data controllers rather than data subjects.

Eliciting Design Guidelines for Privacy Notifications in mHealth Environments

The possibilities of employing mobile health (mhealth) devices for the purpose of self-quantification and fitness tracking are increasing; yet few users of online mhealth services possess proven knowledge of how their personal data are processed once the data have been disclosed. Ex post transparency-enhancing tools (TETs) can provide such insight and guide users in making informed decisions with respect to intervening with the processing of their personal data. At present, however, there are no suitable guidelines that aid designers of TETs in implementing privacy notifications that reflect their recipients' needs in terms of what they want to be notified about and the level of guidance required to audit their data effectively. Based on an analysis of gaps related to TETs, the findings of a study on privacy notification preferences, and the findings on notifications and privacy notices discussed in the literature, this paper proposes a set of guidelines for the human-centred design of privacy notifications that facilitate ex post transparency.

Eliciting Design Guidelines for Privacy Notifications in mHealth Environments

The possibilities of employing mobile health (mhealth) devices for the purpose of self-quantification and fitness tracking are increasing; yet few users of online mhealth services possess proven knowledge of how their personal data are processed once the data have been disclosed. Ex post transparency-enhancing tools (TETs) can provide such insight and guide users in making informed decisions with respect to intervening with the processing of their personal data. At present, however, there are no suitable guidelines that aid designers of TETs in implementing privacy notifications that reflect their recipients' needs in terms of what they want to be notified about and the level of guidance required to audit their data effectively. Based on an analysis of gaps related to TETs, the findings of a study on privacy notification preferences, and the findings on notifications and privacy notices discussed in the literature, this paper proposes a set of guidelines for the human-centred design of privacy notifications that facilitate ex post transparency.