Skip to main content Accessibility help
×
Hostname: page-component-78c5997874-mlc7c Total loading time: 0 Render date: 2024-11-17T21:21:41.623Z Has data issue: false hasContentIssue false

21 - A Design Space for Effective Privacy Notices*

from Part V - New Approaches to Improve the Status Quo

Published online by Cambridge University Press:  18 April 2018

Evan Selinger
Affiliation:
Rochester Institute of Technology, New York
Jules Polonetsky
Affiliation:
Future of Privacy Forum
Omer Tene
Affiliation:
International Association of Privacy Professionals
Get access

Summary

Image of the first page of this content. For PDF version, please use the ‘Save PDF’ preceeding this image.'
Type
Chapter
Information
Publisher: Cambridge University Press
Print publication year: 2018

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Acquisti, A.. Nudging privacy: The behavioral economics of personal information. IEEE Security Privacy, 7(6):8285, 2009.Google Scholar
Acquisti, A., Brandimarte, L., and Loewenstein, G.. Privacy and human behavior in the age of information. Science, 347(6221):509514, 2015.Google Scholar
Adjerid, I., Acquisti, A., Brandimarte, L., and Loewenstein, G.. Sleights of privacy: Framing, disclosures, and the limits of transparency. In Proc. SOUPS ’13, article 9, 11 pages. New York: ACM, 2013.Google Scholar
Almuhimedi, H., Schaub, F., Sadeh, N., Adjerid, I., Acquisti, A., Gluck, J., Cranor, L. F., and Agarwal, Y.. Your location has been shared 5,398 times! A field study on mobile app privacy nudging. In Proc. CHI ’15, pages 787796. New York: ACM, 2015.Google Scholar
Anderson, B., Kirwan, B., Eargle, D., Howard, S., and Vance, A.. How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study. In Proc. CHI ’15, pages 28832892. New York: ACM, 2015.Google Scholar
Anderson, B., Vance, A., Kirwan, B., Eargle, D., and Howard, S.. Users aren’t (necessarily) lazy: Using NeuroIS to explain habituation to security warnings. In Proc. ICIS ’14, 2014.Google Scholar
Angulo, J., Fischer-Hübner, S., Pulls, T., and König, U.. HCI for Policy Display and Administration. In Privacy and Identity Management for Life, pages 261277. Berlin: Springer, 2011.Google Scholar
Argo, J. J. and Main, K. J.. Meta-analyses of the effectiveness of warning labels. Journal of Public Policy & Marketing, 23(2):193208, Oct. 2004.Google Scholar
Article 29 Data Protection Working Party. Opinion 10/2004 on More Harmonised Information Provisions. WP 100, Nov. 2004.Google Scholar
Article 29 Data Protection Working Party. Opinion 8/2014 on the Recent Developments on the Internet of Things. WP 223, Sept. 2014.Google Scholar
Autographer. http://www.autographer.com, 2012. Accessed: June 1, 2015.Google Scholar
Balebako, R., Jung, J., Lu, W., Cranor, L. F., and Nguyen, C.. “Little brothers watching you”: Raising awareness of data leaks on smartphones. In Proc. SOUPS ’13, Article 12, 11 pages. New York: ACM, 2013.Google Scholar
Balebako, R., Schaub, F., Adjerid, I., Acquisti, A., and Cranor, L.. The impact of timing on the salience of smartphone app privacy notices. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM ’15, pages 63–74, New York: ACM. 2015.Google Scholar
Balebako, R., Shay, R., and Cranor, L. F.. Is your inseam a biometric? A case study on the role of usability studies in developing public policy. In Proc. USEC ’14, 2014.Google Scholar
Barkhuus, L.. The mismeasurement of privacy: Using contextual integrity to reconsider privacy in HCI. In Proc. CHI ’12, pages 367376, New York: ACM, 2012.Google Scholar
Bauer, L., Bravo-Lillo, C., Cranor, L. F., and Fragkaki, E.. Warning design guidelines. Tech. report CMU-CyLab-13–002, CyLab, Carnegie Mellon University, 2013.Google Scholar
Besmer, A., Watson, J., and Lipford, H. R.. The impact of social navigation on privacy policy configuration. In Proc. SOUPS ’10, article 7, 10 pages, New York: ACM, 2010.Google Scholar
Böhme, R. and Grossklags, J.. The security cost of cheap user interaction. In Proc. Workshop on New Security Paradigms, pages 67–82, New York: ACM, 2011.Google Scholar
Böhme, R. and Köpsell, S.. Trained to accept? A field experiment on consent dialogs. In Proc. CHI ’10, pages 2403–2406, New York: ACM, 2010.Google Scholar
Brandimarte, L., Acquisti, A., and Loewenstein, G.. Misplaced confidences: Privacy and the control paradox. Social Psychological and Personality Science, 4(3):340347, 2013.Google Scholar
Bravo-Lillo, C., Cranor, L. F., Komanduri, S., Schechter, S., and Sleeper, M.. Harder to ignore? Revisiting pop-up fatigue and approaches to prevent it. In Proc. SOUPS ’14, pages 105111, Berkeley: USENIX Association, 2014.Google Scholar
Bravo-Lillo, C., Komanduri, S., Cranor, L. F., Reeder, R. W., Sleeper, M., Downs, J., and Schechter, S.. Your attention please: Designing security-decision UIs to make genuine risks harder to ignore. In Proc. SOUPS ’13, article 6, 12 pages, New York: ACM, 2013.Google Scholar
Calo, R.. Against notice skepticism in privacy (and elsewhere). Notre Dame Law Review, 87(3):10271072, 2012.Google Scholar
Cannon, J.. Privacy in Technology. IAPP, 2014.Google Scholar
Cate, F.. The limits of notice and choice. IEEE Security Privacy, 8(2):5962, Mar. 2010.Google Scholar
Center for Information Policy Leadership. Ten steps to develop a multilayered privacy notice. White paper, Mar. 2007.Google Scholar
Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). http://www.cms.hhs.gov/hipaa/, 1996.Google Scholar
Chen, Y., Zahedi, F. M., and Abbasi, A.. Interface design elements for anti-phishing systems. In Service-Oriented Perspectives in Design Science Research, pages 253265. Berlin: Springer, 2011.Google Scholar
Choe, E., Jung, J., Lee, B., and Fisher, K.. Nudging people away from privacy-invasive mobile apps through visual framing. In Proc. INTERACT ’13, pages 7491, Berlin: Springer, 2013.Google Scholar
CMU CyLab. Workshop on the future of privacy notice and choice. https://www.cylab.cmu.edu/news events/events/fopnac/, June 27, 2015.Google Scholar
Cranor, L.. Giving notice: Why privacy policies and security breach notifications aren’t enough. IEEE Communications Magazine, 43(8):1819, Aug. 2005.CrossRefGoogle Scholar
Cranor, L. F.. A framework for reasoning about the human in the loop. In Proc. UPSEC ’08, article 1, 15 pages, Berkeley: USENIX Assoc., 2008.Google Scholar
Cranor, L. F.. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10(2):273308, 2012.Google Scholar
Cranor, L. F., Guduru, P., and Arjula, M.. User interfaces for privacy agents. ACM TOCHI, 13(2):135178, 2006.Google Scholar
Cranor, L. F., Idouchi, K., Leon, P. G., Sleeper, M., and Ur, B.. A large-scale evaluation of U.S. financial institutions’ standardized privacy notices. ACM Trans. Web 10, 3, Article 17 (August 2016), 33 pages.Google Scholar
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le M´etayer, D., Tirtea, R., and Schiffner, S.. Privacy and data protection by design: From policy to engineering. Report, ENISA, Dec. 2014.Google Scholar
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., and Joosen, W.. A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16(1):332, Nov. 2010.Google Scholar
Disconnect.me. Privacy policies are too complicated: We’ve simplified them. https://disconnect.me/icons, Dec. 2014. Accessed: June 1, 2015.Google Scholar
Egelman, S., Tsai, J., Cranor, L. F., and Acquisti, A.. Timing is everything?: The effects of timing and placement of online privacy indicators. In Proc. CHI ’09, pages 319328, New York: ACM, 2009.Google Scholar
European Parliament and Council. Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities (L 281):31–50, 1995.Google Scholar
European Parliament and Council. Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities (L 201), pages 37–47, 2002.Google Scholar
European Parliament and Council. Directive 2009/136/EC. Official Journal of the European Communities, (L 337), pages 11–36, 2009.Google Scholar
Facebook. Data policy. https://www.facebook.com/privacy/explanation, 2015. Accessed: June 1, 2015.Google Scholar
Federal Trade Commission. Privacy online: A report to Congress. FTC report, 1998.Google Scholar
Federal Trade Commission. Protecting consumer privacy in an era of rapid change. FTC report, 2012.Google Scholar
Federal Trade Commission. Mobile privacy disclosures: Building trust through transparency. FTC staff report, Feb. 2013.Google Scholar
Federal Trade Commission. Internet of Things: Privacy & security in a connected world. FTC staff report, Jan. 2015.Google Scholar
Felt, A., Egelman, S., Finifter, M., Akhawe, D., and Wagner, D.. How to ask for permission. In Proc. HOTSEC ’12, Berkeley: USENIX, 2012.Google Scholar
Fischer-Hübner, S., Pettersson, J. S., Bergmann, M., Hansen, M., Pearson, S., and Mont, M. C.. HCI designs for privacy-enhancing identity management. In Digital Privacy: Theory, Technologies, and Practices, pages 229252. Boca Raton: Auerbach Pub., 2007.Google Scholar
Fu, H., Yang, Y., Shingte, N., Lindqvist, J., and Gruteser, M.. A field study of run-time location access disclosures on android smartphones. In Proc. USEC ’14, Reston: Internet Society, 2014.Google Scholar
Garrison, L., Hastak, M., Hogarth, J. M., Kleimann, S., and Levy, A. S.. Designing evidence-based disclosures: A case study of financial privacy notices. Journal of Consumer Affairs, 46(2):204234, June 2012.Google Scholar
Gates, C., Li, N., Peng, H., Sarma, B., Qi, Y., Potharaju, R., Nita-Rotaru, C., and Molloy, I.. Generating summary risk scores for mobile applications. IEEE Transactions on Dependable and Secure Computing, 11(3):238251, May 2014.Google Scholar
Ghostery. https://www.ghostery.com. accessed: June 1, 2015.Google Scholar
Gomez, J., Pinnick, T., and Soltani, A.. Know privacy. Final report, University of California, Berkeley, School of Information, 2009.Google Scholar
Good, N. S., Grossklags, J., Mulligan, D. K., and Konstan, J. A.. Noticing notice: A large-scale experiment on the timing of software license agreements. In Proc. CHI ’07, pages 607616, New York: ACM, 2007.Google Scholar
Greenleaf, G.. Sheherezade and the 101 data privacy laws: Origins, significance and global trajectories. Journal of Law, Information and Science, 23(1):449, 2014.Google Scholar
Harbach, M., Fahl, S., Yakovleva, P., and Smith, M.. Sorry, I don’t get it: An analysis of warning message texts. In Proc. USEC ’13, pages 94111. Berlin: Springer, 2013.Google Scholar
Harbach, M., Hettig, M., Weber, S., and Smith, M.. Using personal examples to improve risk communication for security & privacy decisions. In Proc. CHI ’14, pages 2647-2656, New York: ACM, 2014.Google Scholar
Harrison, C., Horstman, J., Hsieh, G., and Hudson, S.. Unlocking the expressivity of point lights. In Proc. CHI ’12, pages 16831692, New York: ACM, 2012.Google Scholar
Holtz, L. E., Zwingelberg, H., and Hansen, M.. Privacy policy icons. In Privacy and Identity Management for Life, 279285. Berlin: Springer, 2011.Google Scholar
Iachello, G., Truong, K. N., Abowd, G. D., Hayes, G. R., and Stevens, M.. Prototyping and sampling experience to evaluate ubiquitous computing privacy in the real world. In Proc. CHI ’06, pages 10091018, New York: ACM, 2006.Google Scholar
Inglesant, P. G. and Sasse, M. A.. The true cost of unusable password policies: Password use in the wild. In Proc. CHI ’10, pages 383392, New York: ACM, 2010.Google Scholar
Jensen, C. and Potts, C.. Privacy policies as decision-making tools: An evaluation of online privacy notices. In Proc. CHI ’04, pages 471478, New York: ACM, 2004.Google Scholar
Keith, M. J., Maynes, C., Lowry, P. B., and Babb, J.. Privacy fatigue: The effect of privacy control complexity on consumer electronic information disclosure. In Proc. ICIS ’14. 2014.Google Scholar
Kelley, P. G., Cesca, L., Bresee, J., and Cranor, L. F.. Standardizing privacy notices: An online study of the nutrition label approach. In Proc. CHI ’10. New York: ACM, 2010.Google Scholar
Kelley, P. G., Cranor, L. F., and Sadeh, N.. Privacy as part of the app decision-making process. In Proc. CHI ’13, pages 33933402, New York: ACM, 2013.Google Scholar
Kobsa, A. and Teltzrow, M.. Contextualized communication of privacy practices and personalization benefits: Impacts on users’ data sharing and purchase behavior. In Proc. PETS ’05, pages 329343, Berlin: Springer, 2005.Google Scholar
Könings, B., Schaub, F., and Weber, M.. PriFi beacons: Piggybacking privacy implications on wifi beacons. In Ubicomp ’13 Adjunct Proceedings, pages 8386, New York: ACM, 2013.Google Scholar
Könings, B., Thoma, S., Schaub, F., and Weber, M.. Pripref broadcaster: Enabling users to broadcast privacy preferences in their physical proximity. In Proc. MUM ’14, pages 133142, New York: ACM, 2014.Google Scholar
Kortum, P.. HCI beyond the GUI: Design for haptic, speech, olfactory, and other nontraditional interfaces. Burlington: Morgan Kaufmann, 2008.Google Scholar
Landau, S.. Control use of data to protect privacy. Science, 347(6221):504506, Jan. 2015.Google Scholar
Langheinrich, M.. Privacy by Design – principles of privacy-aware ubiquitous systems. In Proc. UbiComp ’01. Berlin: Springer, 2001.Google Scholar
Langheinrich, M.. A privacy awareness system for ubiquitous computing environments. In Proc. UbiComp ’02. Berlin: Springer, 2002.Google Scholar
Lazer-Walker, M.. Core location in iOS 8. http://nshipster.com/core-location-in-ios-8/, 2014. accessed: June 1, 2015.Google Scholar
Leon, P., Ur, B., Shay, R., Wang, Y., Balebako, R., and Cranor, L.. Why Johnny can’t opt out: A usability evaluation of tools to limit online behavioral advertising. In Proc. CHI ’12, pages 589598, New York: ACM, 2012.Google Scholar
Leon, P. G., Cranshaw, J., Cranor, L. F., Graves, J., Hastak, M., Ur, B., and Xu, G.. What do online behavioral advertising privacy disclosures communicate to users? In Proc. WPES ’12, pages 1930, New York: ACM, 2012.Google Scholar
Liccardi, I., Pato, J., Weitzner, D. J., Abelson, H., and De Roure, D.. No technical understanding required: Helping users make informed choices about access to their personal data. In Proc. MOBIQUITOUS ’14, pages 140150, ICST, 2014.Google Scholar
Lin, J., Amini, S., Hong, J. I., Sadeh, N., Lindqvist, J., and Zhang, J.. Expectation and purpose: Understanding users’ mental models of mobile app privacy through crowdsourcing. In Proc. UbiComp ’12, pages 501510, New York: ACM, 2012.Google Scholar
Maganis, G., Jung, J., Kohno, T., Sheth, A., and Wetherall, D.. Sensor tricorder: What does that sensor know about me? In Proc. HotMobile ’11, pages 98103, New York: ACM, 2011.Google Scholar
Marx, G.. Murky conceptual waters: The public and the private. Ethics and Information technology, 3(3):57169, 2001.Google Scholar
McDonald, A. M. and Cranor, L. F.. The cost of reading privacy policies. I/S: A Journal of Law and Policy for the Information Society, 4(3):540565, 2008.Google Scholar
Mcdonald, A. M., Reeder, R. W., Kelley, P. G., and Cranor, L. F.. A comparative study of online privacy policies and formats. In Proc. PETS ’09, pages 3755. Berlin: Springer, 2009.Google Scholar
Microsoft. Privacy Guidelines for Developing Software Products and Services. Technical Report version 3.1, 2008.Google Scholar
Microsoft. Microsoft.com privacy statement. https://www.microsoft.com/privacystatement/en-us/core/default.aspx, 2014. Accessed: June 1, 2015.Google Scholar
Milne, G. R., Culnan, M. J., and Greene, H.. A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing, 25(2):238249, 2006.Google Scholar
Mylonas, A., Theoharidou, M., and Gritzalis, D.. Assessing privacy risks in android: A user-centric approach. In Workshop on Risk Assessment and Risk-Driven Testing, pages 3137, Berlin: Springer, 2014.Google Scholar
Nielsen, J. and Molich, R.. Heuristic evaluation of user interfaces. In Proc. CHI ’90, pages 249256, New York: ACM, 1990.Google Scholar
Nielsen, L.. Personas. In The Encyclopedia of Human-Computer Interaction. The Interaction Design Foundation, 2nd ed., 2014. https://www.interaction-design.org/encyclopedia/personas.html.Google Scholar
Nissenbaum, H.. A contextual approach to privacy online. Daedalus, 140(4):3248, 2011.Google Scholar
NTIA. Short form notice code of conduct to promote transparency in mobile app practices. Redline draft, July 2013. http://www.ntia.doc.gov/files/ntia/publications/july 25 code draft.pdf.Google Scholar
NTIA. Privacy multistakeholder process: Facial recognition technology, 2014. http://www.ntia.doc.gov/other-publication/2014/privacy-multistakeholder-process-facial-recognition-technology. Accessed: June 1, 2015.Google Scholar
OECD. Making privacy notices simple: digital economy papers 120, July 2006. http://www.oecd-ilibrary.org/science-and-technology/making-privacy-notices-simple 231428216052.Google Scholar
OECD. The OECD privacy framework. Report, 2013. http://www.oecd.org/sti/ieconomy/oecd privacy framework.pdf.Google Scholar
Official California legislative information. The Online Privacy Protection Act of 2003, 2003.Google Scholar
Palen, L. and Dourish, P.. Unpacking “privacy” for a networked world. In Proc. CHI ’03. New York: ACM, 2003.Google Scholar
Patil, S., Hoyle, R., Schlegel, R., Kapadia, A., and Lee, A. J.. Interrupt now or inform later? Comparing immediate and delayed privacy feedback. In Proc. CHI ’15, pages 14151418, New York: ACM, 2015.Google Scholar
Patil, S., Page, X., and Kobsa, A.. With a little help from my friends: Can social navigation inform interpersonal privacy preferences? In Proc. CSCW ’11, pages 391394, New York: ACM, 2011.Google Scholar
Patil, S., Schlegel, R., Kapadia, A., and Lee, A. J.. Reflection or action? How feedback and control affect location sharing decisions. In Proc. CHI ’14, pages 101110, New York: ACM, 2014.Google Scholar
Patrick, A. and Kenny, S.. From privacy legislation to interface design: Implementing information privacy in human-computer interactions. In Proc. PET ’03, pages 107124, Berlin: Springer, 2003.Google Scholar
Peffers, K., Tuunanen, T., Rothenberger, M. A., and Chatterjee, S.. A design science research methodology for information systems research. Journal of Management Information Systems, 24(3):4577, 2007.Google Scholar
Peppet, S. R.. Regulating the Internet of Things: First steps toward managing discrimination, privacy, security, and consent. Texas Law Review, 93(85):85176, 2014.Google Scholar
Pinnick, T.. Privacy short notice design. TRUSTe blog, Feb. 2011. http://www.truste.com/blog/2011/02/17/privacy-short-notice-design/. Accessed: June 1, 2015.Google Scholar
Portnoff, R. S., Lee, L. N., Egelman, S., Mishra, P., Leung, D., and Wagner, D.. Somebody’s watching me? Assessing the effectiveness of webcam indicator lights. In Proc. CHI ’15, pages 16491658, New York: ACM, 2015.Google Scholar
President’s Concil of Advisors on Science and Technology. Big data and privacy: A technological perspective. Report to the President, Executive Office of the President, May 2014.Google Scholar
Ramirez, E.. Privacy and the IoT: Navigating policy issues. CES Opening Remarks, 2015. FTC public statement.Google Scholar
Raskin, A.. Privacy icons: Alpha release. http://www.azarask.in/blog/post/privacy-icons/. Accessed: June 1, 2015.Google Scholar
Raval, N., Srivastava, A., Lebeck, K., Cox, L., and Machanavajjhala, A.. Markit: Privacy markers for protecting visual secrets. In UbiComp ’14 Adjunct Proceedings, pages 12891295, New York: ACM, 2014.Google Scholar
Reidenberg, J. and Cranor, L. F.. Can user agents accurately represent privacy policies? Available at SSRN: http://papers.ssrn.com/abstract=328860, 2002.Google Scholar
Reidenberg, J. R., Breaux, T., Cranor, L. F., French, B., Grannis, A., Graves, J. T., Liu, F., McDonald, A. M., Norton, T. B., Ramanath, R., Russell, N. C., Sadeh, N., and Schaub, F.. Disagreeable privacy policies: Mismatches between meaning and users’ understanding. Berkeley Technology Law Journal, 30(1):3988, 2015.Google Scholar
Richthammer, C., Netter, M., Riesner, M., Sänger, J., and Pernul, G.. Taxonomy of social network data types. EURASIP Journal on Information Security, 11, 2014.Google Scholar
Schaub, F., Könings, B., and Weber, M.. Context-adaptive privacy: Leveraging context awareness to support privacy decision making. IEEE Pervasive Computing, 14(1):3443, 2015.Google Scholar
Schlegel, R., Kapadia, A., and Lee, A. J.. Eyeing your exposure: Quantifying and controlling information sharing for improved privacy. In Proc. SOUPS ’11, article 14, New York: ACM, 2011.Google Scholar
Schwartz, B.. The Paradox of Choice: Why More Is Less. HarperCollins Publishers, 2004.Google Scholar
Schwartz, P. M. and Solove, D.. Notice and choice. In The Second NPLAN/BMSG Meeting on Digital Media and Marketing to Children, 2009.Google Scholar
Sellen, A. J. and Whittaker, S.. Beyond total capture: A constructive critique of lifelogging. Commun. ACM, 53(5):7077, May 2010.Google Scholar
Shneiderman, B.. The eyes have it: A task by data type taxonomy for information visualizations. In Proc. Symp. on Visual Languages, pages 336343, New York: IEEE, 1996.Google Scholar
Singh, R. I., Sumeeth, M., and Miller, J.. Evaluating the readability of privacy policies in mobile environments. International Journal of Mobile Human Computer Interaction, 3(1):5578, 2011.Google Scholar
SOUPS 2014 organizing committee. Tenth symposium on usable privacy and security. http://cups.cs.cmu.edu/soups/2014/, July 9–11, 2014.Google Scholar
Tan, J., Nguyen, K., Theodorides, M., Negr´on-Arroyo, H., Thompson, C., Egelman, S., and Wagner, D.. The effect of developer-specified explanations for permission requests on smartphone user behavior. In Proc. CHI ’14, pages 91100, New York: ACM, 2014.Google Scholar
The White House. Consumer data privacy in a networked world. Technical report, Feb. 2012. http://www.whitehouse.gov/sites/default/files/privacy-final.pdf.Google Scholar
Turow, J., Hennessy, M., and Draper, N.. The tradeoff fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation. Technical report, Annenberg School for Communication, University of Pennsylvania, Philadelphia, PA, June 2015.CrossRefGoogle Scholar
Ur, B., Jung, J., and Schechter, S.. Intruders versus intrusiveness: Teens’ and parents’ perspectives on home-entryway surveillance. In Proc. UbiComp ’14, pages 129139, New York: ACM, 2014.Google Scholar
Ur, B., Sleeper, M., and Cranor, L. F.. {Privacy, Privacidad, Приватност} Policies in Social Media: Providing Translated Privacy Notice. I/S: A Journal of Law and Policy for the Information Society, 9(2), pages 201243, 2013.Google Scholar
U.S. Department of Health & Human Services. Notice of privacy practices for protected health information, April 2003, https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/privacy-practices-for-protected-health-information/index.html.Google Scholar
von Alan, R. H., March, S. T., Park, J., and Ram, S.. Design science in information systems research. MIS quarterly, 28(1):75105, 2004.Google Scholar
W3C. Tracking protection working group. http://www.w3.org/2011/tracking-protection/. Accessed: June 1, 2015.Google Scholar
W3C. Web accessibility and usability working together. http://www.w3.org/WAI/intro/usable. Accessed: June 1, 2015.Google Scholar
Wang, Y., Leon, P. G., Acquisti, A., Cranor, L. F., Forget, A., and Sadeh, N.. A field trial of privacy nudges on facebook. In Proc. CHI ’14, pages 23672376, New York: ACM, 2014.Google Scholar
Weber, S., Harbach, M., and Smith, M.. Participatory design for security-related user interfaces. In Proc. USEC ’15, 2015.Google Scholar
Wenning, R., Schunter, M., Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J., and Stampley, D. A.. The platform for privacy preferences 1.1 (P3P 1.1) specification. http://www.w3.org/TR/P3P11/, 2006.Google Scholar
Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., and Beznosov, K.. Android permissions remystified: A field study on contextual integrity. In Proc. USENIX Security, 2015.Google Scholar
Wijesekera, P., Baokar, A., Tsai, L., Reardon, J., Egelman, S., Wagner, D., and Beznosov, K.. The feasibility of dynamically granted permissions: Aligning mobile privacy with user preferences. In Proc. of the 2017 IEEE Symposium on Security and Privacy (Oakland ’17), 2017.Google Scholar
Wogalter, M. S., Conzola, V. C., and Smith-Jackson, T. L.. Research-based guidelines for warning design and evaluation. Applied Ergonomics, 33(3):219230, 2002.Google Scholar
Wogalter, M. S., Racicot, B. M., Kalsher, M. J., and Noel Simpson, S.. Personalization of warning signs: The role of perceived relevance on behavioral compliance. International Journal of Industrial Ergonomics, 14(3):233242, Oct. 1994.Google Scholar
Wright, D.. Should privacy impact assessments be mandatory? Communications of the ACM, 54(8):121131, Aug. 2011.Google Scholar
Wright, D.. Making privacy impact assessment more effective. The Information Society, 29(5):307315, Oct. 2013.Google Scholar
Wright, D., Wadhwa, K., Hert, P. D., Kloza, D., and Justice, D. G.. A Privacy Impact Assessment Framework for data protection and privacy rights. Deliverable September, PIAF project, 2011.Google Scholar
Xu, H., Crossler, R. E., and B´elanger, F.. A value sensitive design investigation of privacy enhancing tools in web browsers. Decision Support Systems, 54(1):424433, 2012.Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×