privacy notice and privacy notice and choice choice
play

Privacy notice and Privacy notice and choice choice Engineering - PowerPoint PPT Presentation

Nov 08, 2023 •337 likes •1.11k views

CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor September 29, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

  1. CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor � September 29, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818: � b r a a t L o Privacy Policy, Law, and Technology y r C y U H D T T E P . U : / M / C C U . S P S C . 1

  2. Today you will learn • How notice and choice has worked out in practice • Ways to empirically test claims about the effectiveness of tools for consumers 2

  3. But first… some notes on homework • Optional reading summaries should be taken from optional reading assigned AFTER the last homework assignment was due, through the due date of the current assignment • Highlights should show some insight or reflection on your part, not just a trivial observation 3

  4. Summary and highlight example 4

  5. US government privacy reports • U.S. FTC and White House reports released in 2012 • U.S. Department of Commerce � multi-stakeholder � process to develop � enforceable � codes of conduct 5

  6. Privacy self regulation e c i o t N d n a e c o i h C 6

  7. Notice and choice Protect privacy by giving people control over their information Choices Choices about allowing their data to be collected and used Notice Notice about data in that way collection and use ¡ ¡ 7

  8. 8

  9. Privacy Facts ¡ Privacy Facts ¡ Privacy Facts Privacy Facts ¡ ¡ 9

  10. 
 
 
 
 “In theory there is no di ff erence between theory and practice. In practice there is.” 
 ― Yogi Berra 
 10

  11. How e ff ective is privacy notice and choice in practice ? 11

  12. 12

  13. Nobody wants to read privacy policies “the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand” − Protecting Consumer Privacy in an Era of Rapid Change. Preliminary FTC Staff Report. December 2010. 13

  14. Nobody actually reads policies “Only in some fantasy ta world do users actually REPORT TO THE PRESIDENT read these notices and BIG DATA AND PRIVACY: understand their A TECHNOLOGICAL PERSPECTIVE implications before clicking to indicate their Executive Office of the President President’s Council of Advisors on consent.” Science and Technology May 2014 – Big Data and Privacy: A Technological Perspective. PCAST 2014. 14

  15. Cost of reading privacy policies • What would happen if everyone read the privacy policy for each site they visited once each month? • Time = 244/hours year • Cost = $3,534/year • National opportunity cost for � time to read policies: $781 billion A. McDonald and L. Cranor. The Cost of Reading Privacy Policies. I/S: � A Journal of Law and Policy for the Information Society. 2008 Privacy Year in Review Issue. http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf 15

  16. http://www.azarask.in/blog/post/privacy-icons/ 2010 16

  17. ! ! Smartphone App Privacy Icon Study Conducted for LifeLock, Inc. by Cranor et al., 2013 17

  18. Towards a privacy 
 “nutrition label” • Standardized format – People learn where to find answers – Facilitates policy comparisons • Standardized language – People learn terminology • Brief – People find info quickly • Linked to extended view – Get more details if needed 18

  19. Iterative design process Series of studies • – Focus groups – Lab studies – Online studies Metrics • – Reading-comprehension (accuracy) – Time to find information – Ease of policy comparison – Subjective opinions, ease, fun, trust P .G. Kelley, J. Bresee, L.F. Cranor, and R.W. Reeder. A “Nutrition Label” for Privacy. SOUPS 2009. P .G. Kelley, L.J. Cesca, J. Bresee, and L.F. Cranor. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. CHI2010. 19

  20. Privacy label for Android 20

  21. Role play studies • Task for participants in lab or online – Select apps for friend with new Android phone – Choose from 2 similar apps w/ different permission requests in each of 6 categories – Click on app name to visit download screens • Post-task questionnaire • Participants who saw Privacy Facts more likely to select apps that requested fewer permissions – Other factors such as brand and rating reduce effect P .G. Kelley, L.F. Cranor, and N. Sadeh. Privacy as part of the app decision-making process. CHI 2013. 21

  22. Let your computer read for you • Platform for Privacy Preferences (P3P) • W3C specification for � XML privacy policies – Proposed 1996 – Adopted 2002 • Optional P3P compact policy HTTP headers to accompany cookies • Lacks incentives for adoption 22

  23. P3P in Internet Explorer • P3P implemented in IE 6, 7, 8, 9, 10 … • Default privacy setting – Rejects third-party cookies without a CP – Rejects unsatisfactory third-party cookies 23

  24. No P3P syntax checking in IE • IE accepts P3P policies containing bogus tokens or missing required tokens • Example of valid compact policy: CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE • Examples of invalid policies accepted by IE: AMZN Facebook does not have a P3P policy. 
 Learn why here: http://fb.me/p3p P . Leon, L. Cranor, A. McDonald, and R. McGuire. Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens. WPES 2010. 24

  25. Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 …. It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality. 25

  26. Do not track • Proposed W3C standard • User checks a box • Browser sends “do not track” header to website • Website stops “tracking” • W3C working group trying to define what that means 26

  27. Lots of tools to stop tracking • Browser privacy settings – Cookie blocking – P3P – Tracking Protection Lists – Do Not Track • Browser add-ons • Opt-out cookies • Digital Advertising Alliance (DAA) AdChoices icon and associated opt-out pages 27

  28. Are any of these tools e ff ective? • Do the tools work? – Does technology do what it is supposed to do? – Do companies respect user choices? • Can consumers use them? – Do users understand tracking? – Do users understand what tools do? – Can users make tools do what they want? 28

  29. Why Johnny Can’t Opt Out: 
 A Usability Evaluation of Tools to Limit Online Behavioral Advertising 
 Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang � CHI 2012 29

  30. Three types of tools tested 30

  31. Methodology • Part of previous interview study • 45 participants evaluated 9 tools – Between subjects study – Random assignment, controlled for preferred web browser and operating system 31

  32. Testing protocol • Semi-structured interview • Usability testing – Task 1: Learn about and install the tool – Task 2: Change tool settings – Task 3: Browsing scenarios • Exit questionnaire 32

  33. DAA website 33

  34. Opting out can be challenging 34

  35. Ghostery configuration interface 35

  36. IE-TPL configuration interface 36

  37. Takeaways • Problematic defaults • Poorly designed interfaces and jargon • Feedback • Misconceptions about opt-out tools • Users unable to make meaningful decisions on a per-company basis 37

  38. What Do Online Behavioral Advertising Disclosures Communicate to Users? 
 Pedro Giovanni Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur, and Guzi Xu. WPES 2012 38

  39. 39

  40. The industry claims total success “The DAA has revolutionized consumer education and choice by delivering a real-time, in-ad notice more than 10 billion times every day through the increasingly ubiquitous DAA Advertising Option Icon (also known as the ‘Ad Choices’ Icon)” Peter Kosmala, Former Managing Director of The Digital Advertising Alliance . Yes, Johnny Can Benefit From Transparency and Control . November 3, 2011. 40

  41. Objectives • Evaluate the effectiveness of different OBA disclosures at communicating notice and choice about OBA • Find ways to improve effectiveness of OBA disclosures 41

  42. Methodology • Large scale between-subjects online study – 1,505 participants – Over 100 participants per treatment • Participants recruited through Amazon Mechanical Turk • Guided browsing scenario • Online survey 42

  43. First exposure to OBA disclosures 43

  44. Second exposure to OBA disclosures • Why did I get this ad? • Interest based ads • AdChoices • Sponsor ads • Learn about your ad choices • Configure ad preferences • ‘No tagline’ 44

  45. Exposure to landing pages • AOL • Yahoo! • Microsoft • Google • Monster 45

  46. Do icons and taglines suggest tailored ads? • To what extent, if any, does this combination of the symbol and phrase, placed on the top right corner of the above ad suggest the following? – This ad has been tailored based on websites you have visited in the past. [true] 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor September 23, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

1.01k views • 67 slides
Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie

CyLab Privacy notice and Privacy notice and choice choice Engineering & Public Policy Lorrie Faith Cranor October 1, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

1.1k views • 53 slides
Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie

Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie

Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie Cranor, Florian Schaub, and Carman Neustaedter 1 Logistics HW3 grades are out See detailed comments in ELMS Today: Privacy policies, notice

786 views • 42 slides
How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and Security Conference Privacy and Security by Choice, not Chance Afternoon Workshop Wednesday February 3, 2016 Victoria, B.C. Canada Gerry Bliss

1.11k views • 63 slides
Privacy David Wagner What is privacy? the right to be let alone Justices Samuel Warren

Privacy David Wagner What is privacy? the right to be let alone Justices Samuel Warren

Privacy David Wagner What is privacy? the right to be let alone Justices Samuel Warren and Louis Brandeis control over who can obtain or use information about me Fair Information Practices notice, consent (opt-in/opt-out),

711 views • 21 slides
Enabling Customer Choice for RPP TOU Customers Preparation of Billing Quantities by SME August

Enabling Customer Choice for RPP TOU Customers Preparation of Billing Quantities by SME August

Enabling Customer Choice for RPP TOU Customers Preparation of Billing Quantities by SME August 13, 2020 Purpose of Meeting On July 15, 2020, the OEB issued Notice of Proposal to Amend (Notice) the Standard System Supply Code (SSSC) to

287 views • 10 slides
Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti

Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti

Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti Parsheera, Faiza Rahman and Renuka Sane National Institute of Public Finance and Policy Supported by the Omidyar Network What is consent? Law

770 views • 17 slides
PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 ,

PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 ,

PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 , Karl Aberer 1 1 EPFL; 2 University of Michigan Workshop on the Future of Privacy Notices and Indicators, SOUPS 2016 Privacy Notice: Current State 2

708 views • 50 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Data Protection. IT issues and Solutions Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What information is being collected? v Who is collecting it? v How is it collected? v Why is it being collected?

198 views • 18 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
AWH - Metal Signage Project Presenter: Adrian Wu Black v.s Cut-out notice notice. Yellow v.s

AWH - Metal Signage Project Presenter: Adrian Wu Black v.s Cut-out notice notice. Yellow v.s

AWH - Metal Signage Project Presenter: Adrian Wu Black v.s Cut-out notice notice. Yellow v.s Orange notice. notice. Wild Cards notice. notice. notice. notice. notice. CAG X3 X5 X2 CornerX2 White on Black v.s Brand Standard

484 views • 27 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
PRODUCTION: THE CHOICE OF KEY INDICATORS AND THE KENOWLEDGE OF THE VARIABLES ROLE ON THE

PRODUCTION: THE CHOICE OF KEY INDICATORS AND THE KENOWLEDGE OF THE VARIABLES ROLE ON THE

EUCALYPTUS WOOD EVALUATION FOR PULP PRODUCTION: THE CHOICE OF KEY INDICATORS AND THE KENOWLEDGE OF THE VARIABLES ROLE ON THE PROCESSES AS A TOOL FOR RAISING THE PRODUCTIVITY Autors Leonardo S. Caux Leandro C. Dalvi Jorge L.

772 views • 21 slides
Material Characteristics of Ceramics and Composites Characteristics of Aerospace Materials

Material Characteristics of Ceramics and Composites Characteristics of Aerospace Materials

Material Characteristics of Ceramics and Composites Characteristics of Aerospace Materials Materials and Manufacturing Methods Ceramics Properties of ceramics Hard and brittle (limited toughness - small failure strain) High strength and

816 views • 10 slides
Anisotropic Structures - Theory and Design Strutture anisotrope: teoria e progetto Paolo VANNUCCI

Anisotropic Structures - Theory and Design Strutture anisotrope: teoria e progetto Paolo VANNUCCI

International Doctorate in Civil and Environmental Engineering Anisotropic Structures - Theory and Design Strutture anisotrope: teoria e progetto Paolo VANNUCCI Lesson 2 - April 9, 2019 - DICEA - Universit a di Firenze 1 / 100 Topics of the

1.19k views • 100 slides
MANAGEMENT OF HIGH BLOOD CHOLESTEROL: IMPLICATIONS OF THE NEW GUIDELINES Robert B. Baron MD MS

MANAGEMENT OF HIGH BLOOD CHOLESTEROL: IMPLICATIONS OF THE NEW GUIDELINES Robert B. Baron MD MS

Robert Baron MD, MS MANAGEMENT OF HIGH BLOOD CHOLESTEROL: IMPLICATIONS OF THE NEW GUIDELINES Robert B. Baron MD MS Professor and Associate Dean UCSF School of Medicine Declaration of full disclosure: No conflict of interest EXPLAINING THE

484 views • 25 slides
Structural studies of amyloidogenic peptides and proteins Annette Eva Langkilde Dept. Of Drug

Structural studies of amyloidogenic peptides and proteins Annette Eva Langkilde Dept. Of Drug

Structural studies of amyloidogenic peptides and proteins Annette Eva Langkilde Dept. Of Drug Design and Pharmacology / Dept. Of Chemistry University of Copenhagen, Denmark Amyloid fibrils Disease Related Unbranched Extracellular

896 views • 33 slides
Developing a Multiserver Operating System Jakub Jerm February 3, 2010 UINX.CZ What is a

Developing a Multiserver Operating System Jakub Jerm February 3, 2010 UINX.CZ What is a

Developing a Multiserver Operating System Jakub Jerm February 3, 2010 UINX.CZ What is a Multiserver OS? What is a Multiserver OS? microkernel-based OS, which is... What is a Multiserver OS? microkernel-based OS, which is...

1.11k views • 86 slides
1 2 Text and Left image from the CISM Summer School (Boulder, August 2013) SW101_4_Flares

1 2 Text and Left image from the CISM Summer School (Boulder, August 2013) SW101_4_Flares

1 2 Text and Left image from the CISM Summer School (Boulder, August 2013) SW101_4_Flares https://www.bu.edu/cism/SummerSchool/summerlist.html Right animation from ESA: http://sci.esa.int/cluster/36447-direct-observation-of-3d-magnetic-

1.86k views • 118 slides
Ultrafast Science with X-ray FELS X-ray laser capabilities Survey of new science with X-ray

Ultrafast Science with X-ray FELS X-ray laser capabilities Survey of new science with X-ray

Ultrafast Science with X-ray FELS X-ray laser capabilities Survey of new science with X-ray FELS Ultrafast science with LCLS Jon Marangos Imperial College Frontiers In Science for the 21 st Century Include Nanometre scale imaging

964 views • 36 slides

More recommend