Annotation of Evaluation of Online Privacy Notices
This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. You can access the new platform at https://opencasebook.org. Thank you.
Annotation by Christian Nossokoff
This study was conducted by Carlos Jensen and Colin Potts of Georgia Institute of Technology and the paper presented at the Conference on Human Factors in Computing Systems (CHI2004) in Vienna, Australia.
It looks at the viability and practice of privacy policies, with a total of 64 analyzed.
It is described that 70% of respondants to a 2001 survey worry about their online privacy, and that 69% in another study said they take their own preventative action against online privacy invasions.
Privacy policies are unavoidable. They are implemented by the vast majority of websites. They're supposed to inform consumers and aid them in decision making. But it is challenging to put forth all of the necessary information without overwhelming users.
With so many different policies and no real standards or regulations on what needs to be in them, it is difficult for users to determine what the privacy policy is worth to them.
Two sets of websites were studied. The first set was made up of 47 of the 50 comScore Media Metrix Top 50 U.S. Internet Property Rankings. They were high-traffic sites, so the results would be practical for users because they frequently experience policies like these. The second set studied were health-care websites in order to examine the effect over time regulations have had on policy after HIPPA went into effect over July 2001-September 2003.
Policies were analyzed based on 4 criteria:
1. Accessibility
2. Readability
3. Content
4. Notification
The study determined that even if entities comply and follow all rules and regulations, privacy policies are unusable to consumers unless they check the policy in-depth, every time they visit the site.
The privacy policies were not easily accessible in many cases.
In a study done in a university setting, out of the 55,158 people who visited a set-up, standalone website, only 131 viewed the privacy policy.
Citation:
Jensen, C., & Potts, C. (2004). Privacy policies as decision-making tools. Proceedings of the 2004 Conference on Human Factors in Computing Systems - CHI '04. doi:10.1145/985692.985752
This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. If you would like access to the new version of the H2O platform and have not already been contacted by a member of our team, please contact us at h2o@cyber.law.harvard.edu. Thank you.