privacy notice and privacy notice and choice choice
play

Privacy notice and Privacy notice and choice choice Engineering - PowerPoint PPT Presentation

Apr 09, 2024 •558 likes •1.1k views

CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor October 1, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

  1. CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor � October 1, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818: b r a a t L o Privacy Policy, Law, and Technology y r C y U H D T T E P . U : / M / C C U . S P S C . 1

  2. US government privacy reports • U.S. FTC and White House reports released in 2012 • U.S. Department of Commerce � multi-stakeholder � process to develop � enforceable � codes of conduct 2

  3. Privacy self regulation e c i o t N d n a e c o i h C 3

  4. Notice and choice Protect privacy by giving people control over their information Choices Choices about allowing their data to be collected and used Notice Notice about data in that way collection and use ¡ ¡ 4

  5. 5

  6. Privacy Facts ¡ Privacy Facts ¡ Privacy Facts Privacy Facts ¡ ¡ 6

  7. 
 
 
 
 “In theory there is no di ff erence between theory and practice. In practice there is.” 
 ― Yogi Berra 
 7

  8. How e ff ective is privacy notice and choice in practice ? 8

  9. 9

  10. Nobody wants to read privacy policies “the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand” − Protecting Consumer Privacy in an Era of Rapid Change. Preliminary FTC Staff Report. December 2010. 10

  11. Cost of reading privacy policies • What would happen if everyone read the privacy policy for each site they visited once each month? • Time = 244/hours year • Cost = $3,534/year • National opportunity cost for � time to read policies: $781 billion A. McDonald and L. Cranor. The Cost of Reading Privacy Policies. I/S: � A Journal of Law and Policy for the Information Society. 2008 Privacy Year in Review Issue. http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf 11

  12. http://www.azarask.in/blog/post/privacy-icons/ � 2010 � 12

  13. ! ! Smartphone App Privacy Icon Study Conducted for LifeLock, Inc. by Cranor et al., 2013 13

  14. Towards a privacy 
 “nutrition label” • Standardized format – People learn where to find answers – Facilitates policy comparisons • Standardized language – People learn terminology • Brief – People find info quickly • Linked to extended view – Get more details if needed 14

  15. Iterative design process Series of studies • – Focus groups – Lab studies – Online studies Metrics • – Reading-comprehension (accuracy) – Time to find information – Ease of policy comparison – Subjective opinions, ease, fun, trust P .G. Kelley, J. Bresee, L.F. Cranor, and R.W. Reeder. A “Nutrition Label” for Privacy. SOUPS 2009. P .G. Kelley, L.J. Cesca, J. Bresee, and L.F. Cranor. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. CHI2010. 15

  16. Privacy label for Android 16

  17. Role play studies • Task for participants in lab or online – Select apps for friend with new Android phone – Choose from 2 similar apps w/ different permission requests in each of 6 categories – Click on app name to visit download screens • Post-task questionnaire • Participants who saw Privacy Facts more likely to select apps that requested fewer permissions – Other factors such as brand and rating reduce effect P .G. Kelley, L.F. Cranor, and N. Sadeh. Privacy as part of the app decision-making process. CHI 2013. 17

  18. Let your computer read for you • Platform for Privacy Preferences (P3P) • W3C specification for � XML privacy policies – Proposed 1996 – Adopted 2002 • Optional P3P compact policy HTTP headers to accompany cookies • Lacks incentives for adoption 18

  19. P3P in Internet Explorer • P3P implemented in IE 6, 7, 8, 9, 10 … • Default privacy setting – Rejects third-party cookies without a CP – Rejects unsatisfactory third-party cookies 19

  20. No P3P syntax checking in IE • IE accepts P3P policies containing bogus tokens or missing required tokens • Example of valid compact policy: CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE • Examples of invalid policies accepted by IE: AMZN Facebook does not have a P3P policy. 
 Learn why here: http://fb.me/p3p � P . Leon, L. Cranor, A. McDonald, and R. McGuire. Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens. WPES 2010. 20

  21. Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 …. It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality. 21

  22. Do not track • Proposed W3C standard • User checks a box • Browser sends “do not track” header to website • Website stops “tracking” • W3C working group trying to define what that means 22

  23. Lots of tools to stop tracking • Browser privacy settings – Cookie blocking – P3P – Tracking Protection Lists – Do Not Track • Browser add-ons • Opt-out cookies • Digital Advertising Alliance (DAA) AdChoices icon and associated opt-out pages 23

  24. Are any of these tools e ff ective? • Do the tools work? – Does technology do what it is supposed to do? – Do companies respect user choices? • Can consumers use them? – Do users understand tracking? – Do users understand what tools do? – Can users make tools do what they want? 24

  25. Why Johnny Can’t Opt Out: 
 A Usability Evaluation of Tools to Limit Online Behavioral Advertising 
 Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang � CHI 2012 25

  26. Three types of tools tested 26

  27. Methodology • Part of previous interview study • 45 participants evaluated 9 tools – Between subjects study – Random assignment, controlled for preferred web browser and operating system 27

  28. Testing protocol • Semi-structured interview • Usability testing – Task 1: Learn about and install the tool – Task 2: Change tool settings – Task 3: Browsing scenarios • Exit questionnaire 28

  29. DAA website 29

  30. Opting out can be challenging 30

  31. Ghostery configuration interface 31

  32. IE-TPL configuration interface 32

  33. Takeaways • Problematic defaults • Poorly designed interfaces and jargon • Feedback • Misconceptions about opt-out tools • Users unable to make meaningful decisions on a per-company basis 33

  34. What Do Online Behavioral Advertising Disclosures Communicate to Users? 
 Pedro Giovanni Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur, and Guzi Xu. WPES 2012 34

  35. 35

  36. The industry claims total success “The DAA has revolutionized consumer education and choice by delivering a real-time, in-ad notice more than 10 billion times every day through the increasingly ubiquitous DAA Advertising Option Icon (also known as the ‘Ad Choices’ Icon)” Peter Kosmala, Former Managing Director of The Digital Advertising Alliance . Yes, Johnny Can Benefit From Transparency and Control . November 3, 2011. 36

  37. Objectives • Evaluate the effectiveness of different OBA disclosures at communicating notice and choice about OBA • Find ways to improve effectiveness of OBA disclosures 37

  38. Methodology • Large scale between-subjects online study – 1,505 participants – Over 100 participants per treatment • Participants recruited through Amazon Mechanical Turk • Guided browsing scenario • Online survey 38

  39. First exposure to OBA disclosures 39

  40. Second exposure to OBA disclosures • Why did I get this ad? • Interest based ads • AdChoices • Sponsor ads • Learn about your ad choices • Configure ad preferences • ‘No tagline’ 40

  41. Exposure to landing pages • AOL • Yahoo! • Microsoft • Google • Monster 41

  42. Do icons and taglines suggest tailored ads? • To what extent, if any, does this combination of the symbol and phrase, placed on the top right corner of the above ad suggest the following? – This ad has been tailored based on websites you have visited in the past. [true] 42

  43. This ad has been tailored based on websites you have visited in the past % Definitely or Probably Why did I get this ad? 80% Interest based ads 68% Learn about your ad choices 66% Configure ad preferences 58% AdChoices 58% Blank 34% Sponsor Ads 26% 0% 20% 40% 60% 80% 100% Definitely not Probably not Not sure Probably Definitely 43

  44. Willingness to click • What do you think would happen if you click on that symbol or that phrase? – It will take you to a page where you can tell the advertising company that you do not want to receive tailored ads. [true] – More ads will pop up. [false] – It will take you to a page where you can buy advertisements on this website. [false] 44

  45. Will take you to a page where you can tell the advertising company that you do not want to receive tailored ads % Definitely or Probably Configure ad preferences 50% 34% Learn about your ad choices Why did I get this ad? 28% AdChoices 27% Blank 20% Interest based ads 17% Sponsor Ads 16% 0% 20% 40% 60% 80% 100% Definitely not Probably not Not sure Probably Definitely 45

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor September 23, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

1.01k views • 67 slides
Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor September 29, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

1.11k views • 76 slides
Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie

Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie

Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie Cranor, Florian Schaub, and Carman Neustaedter 1 Logistics HW3 grades are out See detailed comments in ELMS Today: Privacy policies, notice

786 views • 42 slides
How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and Security Conference Privacy and Security by Choice, not Chance Afternoon Workshop Wednesday February 3, 2016 Victoria, B.C. Canada Gerry Bliss

1.11k views • 63 slides
Privacy David Wagner What is privacy? the right to be let alone Justices Samuel Warren

Privacy David Wagner What is privacy? the right to be let alone Justices Samuel Warren

Privacy David Wagner What is privacy? the right to be let alone Justices Samuel Warren and Louis Brandeis control over who can obtain or use information about me Fair Information Practices notice, consent (opt-in/opt-out),

711 views • 21 slides
Enabling Customer Choice for RPP TOU Customers Preparation of Billing Quantities by SME August

Enabling Customer Choice for RPP TOU Customers Preparation of Billing Quantities by SME August

Enabling Customer Choice for RPP TOU Customers Preparation of Billing Quantities by SME August 13, 2020 Purpose of Meeting On July 15, 2020, the OEB issued Notice of Proposal to Amend (Notice) the Standard System Supply Code (SSSC) to

287 views • 10 slides
Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti

Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti

Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti Parsheera, Faiza Rahman and Renuka Sane National Institute of Public Finance and Policy Supported by the Omidyar Network What is consent? Law

770 views • 17 slides
PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 ,

PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 ,

PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 , Karl Aberer 1 1 EPFL; 2 University of Michigan Workshop on the Future of Privacy Notices and Indicators, SOUPS 2016 Privacy Notice: Current State 2

708 views • 50 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Data Protection. IT issues and Solutions Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What information is being collected? v Who is collecting it? v How is it collected? v Why is it being collected?

198 views • 18 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
AWH - Metal Signage Project Presenter: Adrian Wu Black v.s Cut-out notice notice. Yellow v.s

AWH - Metal Signage Project Presenter: Adrian Wu Black v.s Cut-out notice notice. Yellow v.s

AWH - Metal Signage Project Presenter: Adrian Wu Black v.s Cut-out notice notice. Yellow v.s Orange notice. notice. Wild Cards notice. notice. notice. notice. notice. CAG X3 X5 X2 CornerX2 White on Black v.s Brand Standard

484 views • 27 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Misuse & Abuse Cases Engineering Secure Software Last Revised: October 9, 2020 SWEN-331:

Misuse & Abuse Cases Engineering Secure Software Last Revised: October 9, 2020 SWEN-331:

Misuse & Abuse Cases Engineering Secure Software Last Revised: October 9, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is a Requirement? How do you define it? If done well, what are they useful for? Who

648 views • 27 slides
COMP2111 System Modelling and Design 1 Who are we? Lecturer in Charge: I am Dr. Christine

COMP2111 System Modelling and Design 1 Who are we? Lecturer in Charge: I am Dr. Christine

COMP2111 System Modelling and Design 1 Who are we? Lecturer in Charge: I am Dr. Christine Rizkallah, a lecturer at UNSW who works on, among other things, formal verification and programming languages. I work on several projects with Data61.

394 views • 7 slides
Advertising Per-node Administrative Tags in OSPF draft-hegde-ospf-node-admin-tag-01 Shraddha

Advertising Per-node Administrative Tags in OSPF draft-hegde-ospf-node-admin-tag-01 Shraddha

Advertising Per-node Administrative Tags in OSPF draft-hegde-ospf-node-admin-tag-01 Shraddha Hegde shraddha@juniper.net Harish Raghuveer hraghuveer@juniper.net Hannes Gredler hannes@juniper.net Rob Shakir rob.shakir@bt.com Anton Smirnov

888 views • 4 slides
g Green Mining and the Perils of Mining Energy Profjles Abram Hindle (hindle1@ualberta.ca)

g Green Mining and the Perils of Mining Energy Profjles Abram Hindle (hindle1@ualberta.ca)

g Green Mining and the Perils of Mining Energy Profjles Abram Hindle (hindle1@ualberta.ca) Department of Computing Science University of Alberta http://softwareprocess.es/ with Karan Aggarawal*, Candy Pang*, Chenlei Zhang*, Kent Rasmussen*,

750 views • 51 slides
Revising IDIS Vouchers for the ESG Program July 11, 2016 Presenters Marlisa Grogan, HUD

Revising IDIS Vouchers for the ESG Program July 11, 2016 Presenters Marlisa Grogan, HUD

Revising IDIS Vouchers for the ESG Program July 11, 2016 Presenters Marlisa Grogan, HUD Marlisa.M.Grogran@hud.gov Chris Pitcher, ICF International Chris.Pitcher@icfi.com Heidi Schilpp, The Cloudburst Group

437 views • 19 slides
Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where

Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where

Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where the data is being sent to? What data is being collected? Why the data is being collected? Haojian Jin , Minyi Liu, Yuanchun Li, Gaurav Srivastava,

848 views • 63 slides
Jeffrey D. Ullman Stanford University/Infolab Slides mostly developed by Anand Rajaraman

Jeffrey D. Ullman Stanford University/Infolab Slides mostly developed by Anand Rajaraman

Jeffrey D. Ullman Stanford University/Infolab Slides mostly developed by Anand Rajaraman Classic model of ( offline ) algorithms: You get to see the entire input, then compute some function of it. Online algorithm : You get to

515 views • 38 slides
Natural Language Processing Learning PCFGs Parsing II Dan Klein UC Berkeley Treebank PCFGs

Natural Language Processing Learning PCFGs Parsing II Dan Klein UC Berkeley Treebank PCFGs

Natural Language Processing Learning PCFGs Parsing II Dan Klein UC Berkeley Treebank PCFGs Conditional Independence? [Charniak 96] Use PCFGs for broad coverage parsing Can take a grammar right off the trees (doesnt work well): ROOT

224 views • 10 slides

More recommend