UPC Catalogue

The User Privacy Communication Catalogue (UPC Catalogue) provides research-based design guidelines for improving user-centred privacy interaction in digital systems.

Use keywords to search by title, problem, rationale, summary or use case.
Clear Filters

Improving Privacy Policy

Guidelines in the 'Improving Privacy Policy' category aim to enhance the effectiveness of privacy policies in communicating critical information to users. These research-based guidelines focus on transforming complex privacy information into more user-friendly and understandable formats. The objective is to foster transparent and user-centred communication that empowers users by improving their understanding of data-handling practices communicated in privacy policies.

Improving Privacy Policy Readability

Explores techniques such as machine learning, NLP and Information Extraction to extract and highlight key policy information.

Advancing Privacy Policy Assessment

Research-based guidelines in this category encompass efforts to evaluate policy compliance with regulations, compare various privacy policies and ensure they align with data protection principles.

  • GD5 — Enhance Privacy Policy Communication through Assessment Tools
    Users often face difficulties comparing and assessing privacy policies due to their complexity, length, and lack of standardization. Using assessment tools, organisations can offer clear, concise, and compliant privacy information, improving understanding of data practices, building trust, and ensuring legal compliance.

Controlling Information Disclosure

Research-based guidelines in this category aim to enhance mechanisms for users to manage and control the disclosure of their personal information within digital environments.

Managing App Permissions

The guidelines under "Managing App Permissions" are aimed at providing users with enhanced control and visibility over the permissions they grant to various apps.

  • GD6 — Enhance User Privacy Controls in Mobile Applications
    Mobile apps face privacy control gaps, such as limited visibility of third-party access, binary consent options, and insufficient user controls. To address this, more user-centric mechanisms are needed. Users can dynamically adjust permissions, make informed decisions, and better protect their data by incorporating contextual privacy controls, privacy-by-design principles, and user-friendly interfaces.
  • GD7 — Integrate Privacy Indicators for Informed App Selection
    Users often lack clear, accessible, and timely privacy information when selecting and managing apps, leading to uninformed decisions and over-privileged permissions. Offering users comprehensive insights into app permissions and data practices empowers them to make informed decisions about which apps to install and what permissions to grant.
  • GD8 — Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications
    Users face challenges in managing app permissions effectively. Advanced, context-aware, automated decision-making systems aim to help users manage app permissions effectively. These solutions provide tailored, dynamic privacy controls that align with user preferences and behaviours by employing machine learning, crowdsourcing, and personalised privacy assistants. This approach enhances user control, transparency, and security in mobile app interactions.
Managing Privacy Settings

Research-based guidelines in this subcategory refer to the mechanisms that allow users to control their privacy by adjusting privacy controls, such as the visibility of personal information or access to specific data.

  • GD9 — Enhance Parental Control in Smart Toys
    Smart toys raise significant privacy concerns about protecting children's data. Current privacy control tools are often too complex for parents and guardians, who may lack technical expertise. To improve children's privacy protection, these tools must be more user-friendly, standardised, and comprehensive.
  • GD10 — Explore Diverse Techniques for Privacy Control
    Users struggle to manage privacy settings across various smart devices and apps. Traditional models are cumbersome, causing fatigue, reduced awareness, and inadequate protection. Implementing diverse techniques can make privacy management more intuitive and less burdensome.
  • GD11 — Implement Integrated Personal Data Storage to Allow Users to Store and Manage Their Personal Data
    In the digital age, users generate vast amounts of personal data across various platforms, leading to fragmented storage managed by multiple providers. This fragmentation complicates privacy, security, and user control. Without proper tools, users face unintended data exposure and weak privacy protection. Personal data vaults (PDVs) can empower users by offering robust privacy settings, support for privacy rights (e.g., access, erasure, portability), and automated privacy decision-making, ensuring compliance while maintaining user control.
  • GD12 — Implement Interactive Consent Forms for Enhanced User Engagement
    Interactive consent forms, using drag-and-drop and question-and-answer formats, greatly improve user engagement and attention to privacy settings compared to traditional methods. Evaluations show these approaches enhance recall, understanding, and satisfaction, leading to more informed consent. While traditional checkboxes are quicker, they are less effective at engaging users and ensuring comprehension of data-sharing terms.
  • GD13 — Integrate Automated Tools and Custom Options for Privacy Settings
    Managing online privacy is challenging due to complex, hidden privacy settings and non-intuitive adjustments. Users often struggle to find options or understand their impact. This guideline focuses on simplifying privacy management by integrating automated tools and customisable options, making it easier to locate and adjust settings. The goal is to enhance user control, transparency, and awareness, allowing for informed decisions with less effort.
  • GD14 — Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings
    It is challenging to manually configure privacy settings for each shared piece of content, whether text-based posts or images. Automating privacy settings recommendations aims to enhance user privacy protection, reduce accidental data exposure, and ease the burden of navigating complex settings.
Managing Multiparty Privacy

This category explores collaborative and automated systems designed to meet the privacy needs of various stakeholders in shared digital content.

  • GD16 — Encourage the Consideration of Interdependent Privacy Management in Cloud Applications
    The interconnected nature of user data and shared files amplifies privacy risks in cloud storage services. Third-party apps often request full access to files, including those shared with collaborators, posing risks for all parties. Mitigating these risks requires mechanisms that address interdependent privacy concerns, inform users of collaborators' privacy decisions, and promote privacy-preserving behaviours.
  • GD17 — Enhance Collaborative Privacy Management in Photo Sharing
    Photo sharing in online social networks involves multiple stakeholders, requiring collaborative privacy management. Effective protection demands fine-grained control, context-aware enforcement, and scenario-based policies, as existing privacy controls are too coarse. Users need more intuitive, automated systems to manage their privacy without significant effort.
  • GD18 — Implement Collaborative Privacy Management for Shared Data in Social Networks
    Managing multiparty privacy in online social networks is essential due to collaborative data sharing. Effective management requires systems that support joint privacy settings, resolve conflicts, and offer user-friendly interfaces. These strategies can improve privacy protection and user trust.

Raising Privacy Awareness

Research-based guidelines on Raising Privacy Awareness emphasise educating users about privacy risks and careful information sharing, which directly supports making informed decisions. By raising awareness and understanding, this category aims to equip users with the knowledge needed to make informed choices about their privacy and data sharing.

Assessing Risk and Nudging Privacy Behaviour

Research-based guidelines in this subcategory encompass strategies and tools to evaluate potential privacy risks and actively guide users towards safer privacy practices. Through personalised notifications, risk scores, and interactive feedback mechanisms, these guidelines aim to promote privacy communication that enhances users’ awareness of their privacy exposure and encourages adjustments in their privacy settings and behaviours to mitigate risks.

  • GD19 — Communicate Privacy Risk with Colour-Coded Privacy Indicators
    For users to make privacy-informed decisions, information must be provided in an easily understandable way, with visual communication of privacy properties, direct feedback, and leveraging familiar concepts so that users can align their behaviour with their concerns. Providing visual privacy risk level indicators that are informative, simple, and easy to understand in decision-making situations (information disclosure, app permission granting, and so on) can help the user make privacy-informed decisions.
  • GD20 — Encourage Users to Consider Privacy Implications Before Sharing Online
    The online privacy decision-making process is complex, and users may not fully understand the audience and potential risks associated with sharing information online. This guideline supports users in making more informed and cautious privacy decisions by using mechanisms such as privacy awareness models, visual cues, interactive prompts and others.
  • GD21 — Enhance Privacy Awareness by Communicating Privacy Risks
    Users face privacy risks from sharing personal information across multiple platforms, often worsened by a lack of awareness about how others can access and use this data. The complexity of managing privacy settings and quantifying potential privacy leakage adds to the challenge. User-friendly interfaces can help users make more informed decisions about their information sharing by providing clear risk assessments and actionable insights.
  • GD22 — Implement User-Customisable Multi-View Privacy Notifications
    Single-view privacy notification interfaces offer limited information on privacy risks. Multi-view interfaces can improve users' understanding by tailoring privacy information to their interests and expertise.
  • GD23 — Promote User Awareness and Decision-Making on Permission/Authorisation Requests
    Users often lack awareness when disclosing personal information during permission or authorisation requests. This is due to factors like overlooking long permission lists, being unaware of third-party access, the sensitivity of disclosed data, and the risks of accepting requests. Offering clear insights into privacy threats from permission requests would enhance user awareness and guide privacy-informed decisions.