Problem Summary

Online privacy policies and software agreements are often not effectively communicated to consumers. These documents are typically difficult to navigate and understand, and they are time-consuming to read. This complexity makes it challenging for users to protect their privacy and make informed decisions about their data. While visual strategies can enhance understanding and engagement, balancing visual appeal with comprehensibility remains a challenge, highlighting the need for improved methods of presenting privacy information.

Rationale

User engagement is crucial in communicating privacy policies and EULAs (End-user license agreements). Creating more accessible and standardised formats for presenting privacy information enhances transparency and promotes user comprehension of data handling practices. This involves introducing user-friendly formats such as privacy labels inspired by familiar concepts, using visualisations to enhance attention and understanding, and considering a holistic approach that addresses comprehension, perceived control of privacy, and trust perception.

Solution

Create visual, user-friendly alternatives to traditional, lengthy privacy policies. These solutions aim to provide concise, more easily understandable, and standardised representations of privacy policies to improve user understanding, engagement, and transparency regarding data handling practices.

Kelley et al. [1] introduced the Privacy Nutrition Label, inspired by nutrition labelling principles to enhance the presentation and comprehension of privacy policies. The label features a bold title to set the context, with short labels for column and row headers and longer definitions available on a Useful Terms page. Information not collected is indicated with a saturated label and a row filled with the lightest symbol. A scale of four symbols, ranging from light to dark, represents the severity of certain privacy practices. Consistent row and column locations enable easy visual comparison of two policies side-by-side. Additionally, a legend explains the meaning of each symbol.

Reinhardt, Borchard, and Hurtienne [2] developed a Visual Interactive Privacy Policy (VIPP) to enhance the usability of online privacy policies through visual representation formats. They gathered qualitative feedback from users on typical privacy policy contents and evaluated both existing and newly designed visual formats. Based on this feedback, VIPP incorporated a Privacy Policy Nutrition Label enriched with control options and interactive elements, such as mouse-over help icons, expandable rows, and clickable cells for additional explanations and information. They avoided using legends (as in the Privacy Nutrition Label) in their VIPP prototype, considering that legends can be easily overlooked and add more clutter. They aimed for the representation to be self-explanatory or to contain contextual explanations.

Barth et al. [3] proposed the Privacy Rating visualisation tool. The development process began with identifying 12 key privacy attributes from extensive analysis and expert consultations [8]. After a card-sort study and further expert advice, these attributes were categorised into four main clusters: collection, sharing, control, and security. Each attribute was operationalised using a three-point scale (good-neutral-bad) to rate online services, which were then classified into seven privacy risk classes, from A (lowest risk) to G (highest risk). The visual design, created in collaboration with a professional design agency, prioritised simplicity, clarity, recognisability, and attractiveness. The design features an EU energy label-inspired format, using letters and colours to indicate privacy classes and icons for the four privacy aspects for quick understanding, with deeper, clickable layers for more detailed information. The practical application of the Privacy Rating involves a self-assessment form on a dedicated website, allowing service providers to generate a tailored privacy label in HTML and PNG formats for easy integration into online services.

Kay and Terry [4] proposed the Textured Agreements - visually enhanced software agreements that utilise visual design methods, like typography, layout, warning symbols, and visual diversity, to enhance software agreements' clarity and user engagement while preserving the original content. The visual diversity includes for example the use o factoids and vignettes. Factoides are small, distinct pieces of interesting or noteworthy information presented separately from the main text to emphasise and highlight relevant details within an agreement or document. They aim to draw attention to specific information, making it more noticeable and memorable for the reader. Vignettes are brief, illustrative narratives or visual stories that relate to the content of an agreement or document. They aim to engage users by depicting interactions or scenarios involving the software or the agreement itself, typically in a comic-like format. These vignettes serve to create a more direct and engaging connection with the reader, making the content more relatable and personally relevant.

Kitkowska et al. [5] investigated the impact of visual design on the effectiveness of privacy notices presenting privacy policy text for review. They explored visual strategies such as the use of framing, layout, and interactive elements to enhance user engagement and comprehension. Their study demonstrated that incorporating visual cues and controls, such as sliders and interactive icons, can significantly improve users’ understanding and management of their privacy. The research emphasised the role of visual design in activating curiosity, providing users with control, and inducing positive feelings towards privacy notices, ultimately leading to better privacy-aware behaviours.

Platforms: personal computers, mobile devices

Related guidelines: Enhance Privacy Policy Communication with Automated Information Extraction, Implement Interactive Privacy Policy Interfaces, Incorporate Icons to Improve Privacy Policy Communication

Example

A "nutrition label" for privacy [1]. (See enlarged)

Visual Interactive Privacy Policy (VIPP) [2]. (See enlarged)

Privacy Rating [3] (See enlarged)

Exemplo de Acordos Texturizados [4]. (See enlarged)

Excerpts of privacy notifications from [5]. (See enlarged)

• Participants experienced improved information retrieval, faster task completion, and comparable or superior accuracy when using the privacy label compared to a natural language policy, along with a more pleasant experience [1].
• Designed to be used on-screen and in print [1].
• User research findings indicated that the Privacy Rating is usable and useful and significantly impacts users' trust in online services, and participants expressed a desire for such a label to become an established standard [3].
• The Visual Interactive Privacy Policy (VIPP) builds upon the Privacy Nutrition Label proposal to address participants' concerns regarding missed information and direct privacy control options. Additionally, a pre-study indicated a preference for the simple table structure of the Privacy Nutrition Label, forming the foundation for VIPP [2].
• The VIPP was visually and textually simplified by removing unnecessary words and by replacing technical jargon (e.g., ‘opt-in’ or ‘profiling’) with more common words or universally understood icons [2].
• User focus is directed through the strategic use of coloured title rows and columns (in orange and blue) to highlight significant elements, such as a ranking of privacy policy terms derived from a user study, while less crucial aspects are nested within deeper layers [2].
• Textured agreements engage users more than plain-text ones, supported by experiment results [4].
• Visual designs activating curiosity and providing control could improve usability and strengthen privacy-conscious behaviours [5].

• Participants were confused by the terms 'in' and 'out' (rather than 'opt-in' and 'opt-out') [1], but they were also unfamiliar with 'opt-in' and 'opt-out' [2].
• Online service scores based on self-reporting can hold service providers accountable for discrepancies, yet the ideal approach would involve obtaining privacy ratings directly from policies, either through natural language processing or independent organisation (user study shows that they would prefer the independent organisation approach) [3].
• Although the VIPP showed improvements over the Long Text in several areas, it did not consistently demonstrate statistically significant advantages over the Nutrition Label, despite some noticeable positive changes in terms of stimulation, novelty, and perceived control [2].
• Long-term evaluations of textured agreements are needed to assess their resilience against user desensitisation and habituation [4].
• It could be misused as a "dark pattern" by malicious actors, manipulating users' attitudes towards privacy concerns to increase trust and disclosure, potentially tricking them into sharing more information than intended [5].

Such solutions aim to communicate personal data handling practices through privacy notices [6]. It can also be integrated with privacy choices [7], enabling users to make immediate decisions, which researchers find more effective. Considering the design space for privacy notices, this guideline can be applied to the following dimensions:

Transparency [8] is the main privacy attribute since the aim of the discussed solution is to make privacy policies more understandable and accessible to users, moving away from complex legal jargon and helping users make privacy-informed decisions. Other related privacy attributes: