an empirical analysis of data deletion and opt out
play

An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 - PowerPoint PPT Presentation

Aug 16, 2023 •32 likes •542 views

An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites Hana Habib, Yixin Zou , Aditi Jannu, Chelse Swoopes, Alessandro Acquisti, Lorrie Cranor, Norman Sadeh, Florian Schaub 1 Privacy Choices Are Mandated European Union

  1. An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites Hana Habib, Yixin Zou , Aditi Jannu, Chelse Swoopes, Alessandro Acquisti, Lorrie Cranor, Norman Sadeh, Florian Schaub 1

  2. Privacy Choices Are Mandated European Union The United States 2

  3. Examples of Privacy Choices 3

  4. User Attitudes and Behaviors said it’s “very important” to them to control 65% what information is collected about them. had taken steps to remove or mask their 86% digital footprints. Pew Research Center. 2016. The State of Privacy in Post-Snowden America. 4

  5. Usability Issues of Privacy Choices Large-scale Small-scale measurement studies user studies • Cranor et al., TWEB ’16 • Komanduri et al., ISJLP ’11 • Libert , WWW ’18 • Leon et al ., CHI ’12 • Degeling et al., NDSS ’19 • Ur et al., SOUPS ’12 • Zimmeck et al., PETS ’19 Our Study 5

  6. Our Study… A manual, in-depth content analysis of privacy choices on 150 websites. Opt-outs for email Opt-outs for Choices for communications targeted ads data deletion 6

  7. Research Questions What choices related to email 1. communications, targeted advertising, and data deletion do websites offer? How are websites presenting these privacy 2. choices to their visitors, and what are the potential usability issues? 7

  8. Analysis Procedure 1. Visit home page 2. Create a user account 8

  9. Analysis Procedure 3. Visit privacy policy 4. Visit account settings 9

  10. Analysis Template Location Privacy Policy? Account Settings? Other places? Level of detail Specific types of communications that can be opted out? Link availability One or multiple links? Broken or not? Interaction path Clicks? Form fields? Other user actions required? 10

  11. Sampling Strategy 150 English- language websites sampled from Alexa’s global top 10,000 sites (Mar. 2018). Category Ranks Top traffic (50) 1-200 Middle traffic (50) 201-5,000 Bottom traffic (50) >5,000 All sites were analyzed between Apr. and Oct. 2018 ( κ = 0.82). Amazon Alexa Top Sites: https://www.alexa.com/topsites 11

  12. Website Locations Africa, 3% Unknown , 10% Asia, 7% Analysis only shows the status quo for US-based users . Europe, 17% US, 62% Central America, 1% 12

  13. What did we find for website privacy choices? 13

  14. Findings of Website Privacy Choices Presence Description Usability 14

  15. Findings of Website Privacy Choices Privacy choices commonly Presence offered on all websites across different traffic tiers. 15

  16. Privacy Choices Are Common 39 Other opt-outs: 12 • Web analytic 10 services (21) • Third-party 111 100 sharing (17) 85 • Do-Not-Track (8) • Cookies (5) Email Targeted Data deletion communications advertising Provide a choice DO NOT provide a choice 16

  17. Location of Privacy Choices 17

  18. Location of Privacy Choices 18

  19. Location of Privacy Choices 19

  20. Findings of Website Privacy Choices Privacy choices text has Description poor readability . 20

  21. Poor Readability in Text Description Flesch-Kincaid Grade Level (FGL) scores Categories Mean Email Communications 13.89 Targeted Advertising 13.72 Text requires university- level reading abilities! Data Deletion 14.28 Privacy Policies Overall 10.20 21

  22. Findings of Website Privacy Choices No dominant wording for Description section headings. 22

  23. No Dominant Wording for Headings N-Gram Email Targeted Data Deletion Communications Advertising your choic* 11 9 10 opt out 13 7 2 third part* 0 14 2 your right* 9 2 20 “*” is a place holder for one or more letters that follow the beginning pattern. 23

  24. No Dominant Wording for Headings N-Gram Email Targeted Data Deletion Communications Advertising your choic* 11 9 10 opt out 13 7 2 third part* 0 14 2 your right* 9 2 20 “*” is a place holder for one or more letters that follow the beginning pattern. 24

  25. No Dominant Wording for Headings N-Gram Email Targeted Data Deletion Communications Advertising your choic* 11 9 10 opt out 13 7 2 third part* 0 14 2 your right* 9 2 20 “*” is a place holder for one or more letters that follow the beginning pattern. 25

  26. No Dominant Wording for Headings N-Gram Email Targeted Data Deletion Communications Advertising your choic* 11 9 10 opt out 13 7 2 third part* 0 14 2 your right* 9 2 20 “*” is a place holder for one or more letters that follow the beginning pattern. 26

  27. No Dominant Wording for Headings N-Gram Email Targeted Data Deletion Communications Advertising your choic* 11 9 10 opt out 13 7 2 third part* 0 14 2 your right* 9 2 20 No single n-gram occurred in >20 analyzed policies. “*” is a place holder for one or more letters that follow the beginning pattern. 27

  28. Various Headings for Data Deletion 28

  29. Findings of Website Privacy Choices Ambiguity in what happens Description after exercising the choice. 29

  30. Ambiguity in Targeted Ads Opt-outs Among 80 sites that offered targeted ads opt-outs: 50% 90% did not specify if it also did not specify if it applies to tracking . works across multiple browsers or devices . 30

  31. Ambiguity in Data Deletion Choices Among 108 sites that offered data deletion: 83% did not describe when the account would be permanently deleted. 31

  32. Findings of Website Privacy Choices Exercising privacy choices Usability requires many actions . 32

  33. Average Number of Actions Actions we counted: Average number for the shortest path : • Clicks for email opt-outs • Hovers 5.3 and data deletion • Checkboxes choices. • Form fields 3.2 for targeted ads opt-outs. 33

  34. 34

  35. Findings of Website Privacy Choices Multiple links leading to Usability different opt-out tools. 35

  36. Links to Multiple Opt-outs 1. Twitter implemented 1. Twitter implemented 2. DAA 1. Twitter implemented 2. DAA 3. NAI 4. Google Privacy Policy “About Ads” page Account Settings 36

  37. Findings of Website Privacy Choices Usability Poor design choices. 37

  38. 38

  39. How do we improve website privacy choices? 39

  40. Improving Website Privacy Choices Planning Determining what to do Translation Determining how to do it Physical action Doing it Assessment Determining outcomes via feedback Andre et al. The user action framework: A reliable foundation for usability engineering support tools. International Journal of Human-Computer Studies , 54(1):107 – 136, 2001. 40

  41. Improving Website Privacy Choices Standardize section Planning headings in privacy policies. Translation Physical action Assessment 41

  42. Standardize Policy Section Headings 42

  43. Improving Website Privacy Choices Planning Simplify the process of Translation learning opt-outs. Physical action Assessment 43

  44. 1. Twitter implemented 1. Twitter implemented 2. DAA 1. Twitter implemented 2. DAA 3. NAI 4. Google Unify multiple choice mechanisms into a single interface. Help users distinguish different opt-out tools. 44

  45. Improving Website Privacy Choices Planning Translation Reduce number of actions Physical action to exercise choices. Assessment 45

  46. Reduce Number of User Actions Add the option “delete my account from all NYT services.” Convert this to a list of checkboxes. 46

  47. Reduce Number of User Actions 47

  48. Regulation Needs to Combat Dark Patterns For alleged failure to… • Provide notice in an accessible form. • Obtain valid user consent to data processing for ad personalization. 48

  49. Improving Website Privacy Choices Planning Translation Physical action Describe what privacy Assessment choices achieve clearly. 49

  50. Describe What Privacy Choices Do 50

  51. Summary Privacy choices are prevalent on websites. Severe issues exist regarding their description and usability. Companies and regulators must ensure usability of privacy choices. Yixin Zou yixinz@umich.edu / @yixinzou1124 yixinzou.github.io 51

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Listening(to(big(data( ( Is(clone(analysis(/(empirical(SE(a(Big(Data(problem?(

Listening(to(big(data( ( Is(clone(analysis(/(empirical(SE(a(Big(Data(problem?(

Overview( Listening(to(big(data( ( Is(clone(analysis(/(empirical(SE(a(Big(Data(problem?( (and(should(we(care?( Or,(philately(will(get(you(everywhere( Looking(hard(for(the(Big(Picture( And(why(someJmes(that(can(be(a(bad(idea(

126 views • 11 slides
The Nature of Econometrics and Economic Data Steps in an Empirical Analysis The Structure of

The Nature of Econometrics and Economic Data Steps in an Empirical Analysis The Structure of

What is Econometrics? Why Study Econometrics? The Nature of Econometrics and Economic Data Steps in an Empirical Analysis The Structure of Economic Caio Vigo Data Causality and the Notion of The University of Kansas Ceteris Paribus

654 views • 38 slides
A Theoretical & Empirical Analysis of Evolutionary Testing and Hill Climbing for Structural

A Theoretical & Empirical Analysis of Evolutionary Testing and Hill Climbing for Structural

A Theoretical & Empirical Analysis of Evolutionary Testing and Hill Climbing for Structural Test Data Generation ISSTA July 2007 Mark Harman Phil McMinn Sheffield University Kings College London Mark Harman ISSTA: Empirical and

1.05k views • 68 slides
Empirical Analysis of Data Breach Litigation Sasha Romanosky David Hoffman Alessandro Acquisti 1

Empirical Analysis of Data Breach Litigation Sasha Romanosky David Hoffman Alessandro Acquisti 1

Empirical Analysis of Data Breach Litigation Sasha Romanosky David Hoffman Alessandro Acquisti 1 Problem: externalities caused by loss or theft of consumer information Modern IS, Web 2.0, and social media afford us many benefits. Many of

344 views • 30 slides
Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V

Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V

Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V ALIANT , J AMES Z OU Advances in Neural Information Processing Systems December 12, 2019 AI systems today... Data Algorithm Model Users AI systems

561 views • 12 slides
Deletion from Red-Black Trees E R R C U D O B S X erm 12.235 CS 21: Red Black Tree

Deletion from Red-Black Trees E R R C U D O B S X erm 12.235 CS 21: Red Black Tree

CS 21: Red Black Tree Deletion February 25, 1998 Deletion from Red-Black Trees E R R C U D O B S X erm 12.235 CS 21: Red Black Tree Deletion February 25, 1998 Setting Up Deletion As with binary search trees, we can always delete

315 views • 20 slides
A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

Intro vORAM HIRB Results A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S. Roche Adam J. Aviv Seung Geol Choi Computer Science Department United States Naval Academy Annapolis, Maryland, USA

395 views • 37 slides
Polar Codes for the Deletion Channel: Weak and Strong Polarization Ido Tal 1 Henry D. Pfister 2

Polar Codes for the Deletion Channel: Weak and Strong Polarization Ido Tal 1 Henry D. Pfister 2

Polar Codes for the Deletion Channel: Weak and Strong Polarization Ido Tal 1 Henry D. Pfister 2 Arman Fazeli 3 Alexander Vardy 3 1 Technion 2 Duke 3 UCSD Big picture first A polar coding scheme for the deletion channel where the: Deletion

893 views • 30 slides
Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk Tyler Moore 1 Nicolas Christin 2

Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk Tyler Moore 1 Nicolas Christin 2

Data on Bitcoin-Exchange Closures Survival Analysis of Exchange Closure Regression Analysis of Exchange Breaches Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk Tyler Moore 1 Nicolas Christin 2 1 Computer Science &

751 views • 31 slides
Empirical Project Monitor and Results from 100 OSS Development Projects Masao Ohira Empirical

Empirical Project Monitor and Results from 100 OSS Development Projects Masao Ohira Empirical

Empirical Project Monitor and Results from 100 OSS Development Projects Masao Ohira Empirical Software Engineering Research Laboratory, Nara Institute of Science and Technology ohira@empirical.jp collection EASE Project analysis

350 views • 18 slides
Teaching and Practicing Integrity in Empirical Research Documenting and Replicating Data

Teaching and Practicing Integrity in Empirical Research Documenting and Replicating Data

Teaching and Practicing Integrity in Empirical Research Documenting and Replicating Data Management and Analysis Richard Ball Associate Professor of Economics Haverford College www.haverford.edu/TIER Mississippi State University September

425 views • 16 slides
City objectives and monopoly franchising. An empirical analysis of calls for tenders in Italian

City objectives and monopoly franchising. An empirical analysis of calls for tenders in Italian

Infraday 2010 8/9 October City objectives and monopoly franchising. An empirical analysis of calls for tenders in Italian gas distribution Riccardo Marzano Outline 2 Introduction Gas distribution in Italy Background Data

584 views • 12 slides
Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The Risks Involved with Over-Retention 5 Steps to Reduce Data Risk Understanding what exists Focusing on risks Leveraging lower cost storage

664 views • 25 slides
Benefit-cost analysis of phasing out coal in power and for household usage: An empirical analysis

Benefit-cost analysis of phasing out coal in power and for household usage: An empirical analysis

Comments on: Benefit-cost analysis of phasing out coal in power and for household usage: An empirical analysis of the Chinese Action Plan applied to Beijing (BCABC for short) Jin, Y., H. Andersson and S. Zhang Conference on The Economics of

272 views • 10 slides
Theory I Algorithm Design and Analysis (4 AVL trees: deletion) Prof. Th. Ottmann 1

Theory I Algorithm Design and Analysis (4 AVL trees: deletion) Prof. Th. Ottmann 1

Theory I Algorithm Design and Analysis (4 AVL trees: deletion) Prof. Th. Ottmann 1 Definition of AVL trees Definition: A binary search tree is called AVL tree or height-balanced tree, if for each node v the height of the right subtree h ( T

424 views • 18 slides
NUMBER OF BIDDERS AND THE NUMBER OF BIDDERS AND THE WINNER S S CURSE: AN EMPIRICAL

NUMBER OF BIDDERS AND THE NUMBER OF BIDDERS AND THE WINNER S S CURSE: AN EMPIRICAL

NUMBER OF BIDDERS AND THE NUMBER OF BIDDERS AND THE WINNER S S CURSE: AN EMPIRICAL CURSE: AN EMPIRICAL WINNER ANALYSIS ANALYSIS 5th conference on Applied Infrastructure Research, 7 October 2006, Berlin ATHIAS Laure , ATOM, University

390 views • 18 slides
Lecture 5: Dictionaries Steven Skiena Department of Computer Science State University of New

Lecture 5: Dictionaries Steven Skiena Department of Computer Science State University of New

Lecture 5: Dictionaries Steven Skiena Department of Computer Science State University of New York Stony Brook, NY 117944400 http://www.cs.sunysb.edu/ skiena Dictionary / Dynamic Set Operations Perhaps the most important class of data

614 views • 25 slides
Developmental Disabilities Traditional Waiver Review Proposed Renewal 2019 Key concepts

Developmental Disabilities Traditional Waiver Review Proposed Renewal 2019 Key concepts

Developmental Disabilities Traditional Waiver Review Proposed Renewal 2019 Key concepts regarding the waiver What is a waiver? Section 1915 c of the Social Security Act was changed to allow states to ask for waivers. A waiver

720 views • 22 slides
What is Happening Across the Country? Richard G. Boles, M.D. Director, CNNH NeuroGenomics Program

What is Happening Across the Country? Richard G. Boles, M.D. Director, CNNH NeuroGenomics Program

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX The Spectrum of Medical Child Abuse and What is Happening Across the Country? Richard G. Boles, M.D. Director, CNNH

1k views • 37 slides
Data Organization - B-trees Data organization and retrieval File organization can improve data

Data Organization - B-trees Data organization and retrieval File organization can improve data

Data Organization - B-trees Data organization and retrieval File organization can improve data retrieval time 100 blocks SELECT * FROM depositors 200 recs/block Query returns 150 records WHERE bname=Downtown Ordered File Heap Brighton

1.07k views • 80 slides
Red-Black Trees Based on materials by Dennis Frey, Yun Peng, Jian Chen, and Daniel Hood Advanced

Red-Black Trees Based on materials by Dennis Frey, Yun Peng, Jian Chen, and Daniel Hood Advanced

Red-Black Trees Based on materials by Dennis Frey, Yun Peng, Jian Chen, and Daniel Hood Advanced Data Structures n CS 206 covered basic data structures q Lists, binary search trees, heaps, hash tables n CS 246 will introduce you to some

571 views • 40 slides
The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions Tao Zhu

The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions Tao Zhu

The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions Tao Zhu Independent Researcher David Phipps Bowdoin College Adam Pridgen Rice University Jedidiah R. Crandall University of New Mexico Dan S. Wallach Rice University

547 views • 28 slides
Goals SQL: Data Definition Language CREATE ALTER DROP SQL: Data Manipulation

Goals SQL: Data Definition Language CREATE ALTER DROP SQL: Data Manipulation

IT360: Applied Database Systems SQL: Structured Query Language DDL and DML (w/o SELECT) (Chapter 7 in Kroenke) 1 Goals SQL: Data Definition Language CREATE ALTER DROP SQL: Data Manipulation Language INSERT DELETE

293 views • 7 slides
Analyzing the Impact of GDPR on Storage Systems Aashaka Shah, Vinay Banakar, Supreeth Shastri

Analyzing the Impact of GDPR on Storage Systems Aashaka Shah, Vinay Banakar, Supreeth Shastri

Analyzing the Impact of GDPR on Storage Systems Aashaka Shah, Vinay Banakar, Supreeth Shastri Melissa Wasserman and Vijay Chidambaram General Data Protection Regulation (GDPR) May 25, 2018 Fundamental right Adopted after 2 years of public debate.

168 views • 16 slides

More recommend