the cups blog

07-16-09

A “Nutrition Label” for Privacy

Presented by Patrick Gage Kelley

http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf

Privacy policies are difficult to read.  We examined the warning science and labeling literature (nutrition, energy) to guide our work in designing a new privacy label.  The FTC commissioned a study to design a label for financial privacy.

First iteration: Text-based label with category boxes, a list view.

Second iteration: Grid-based visualization to allow users to find intersections of information. Simplified symbols from 11 to 5 and added color. Worked to convey “choice” to readers.

Conducted 5 focus group (7 – 11 participants each) to categorize how people understand how they understood elements of the label, and compare labels to examine how people choose between two companies with different elements highlighted in the label.  Asked questions to determine if users could find information using the labels.

Conducted a laboratory study (n = 30) to compare the label to natural language policies.

Results: The label matched the performance of natural language polcies, or surpassed it in the accuracy of information for several elements.  The time to find information was significantly lower for the label as compared to the natural language policy.  Label like-ability significant beat the natural lanaguge policy.  Label beat the natural language ability for ability to compare.

Additional work:
Another focus group targeting an older population.  The older population understood the concepts of opt-in and opt-out which younger people have a harder time understanding.

Next steps:
Large online study, having people compare the label to natural language policies.

Implementing the label in privacyfinder.org

3 Comments on “A “Nutrition Label” for Privacy”

Leave a Comment