Institute for Software Research
School of Computer Science, Carnegie Mellon University
Designing Privacy Notices
Patrick Gage Kelley
Users are increasingly expected to manage complex privacy settings in their normal online interactions. From shopping to social networks, users make decisions about sharing their personal information with corporations and contacts, frequently with little assistance. Current solutions require consumers to read long documents or go out of their way to manage complex settings buried deep in management interfaces, all of which lead to little or no actual control.
The goal of this work is to help people cope with the shifting privacy landscape. While our work looks at many aspects of how users make decisions regarding their privacy, this dissertation focuses on two specific areas: the current state of web privacy policies and mobile phone application permissions. We explored consumers' current understandings of privacy in these domains, and then used that knowledge to iteratively design and test more comprehensible information displays.
These prototyped information displays should not necessarily be seen as final commercially-ready solutions, but as examples of privacy notices that help users think about, cope with, and make decisions regarding their data privacy. We conclude with a series of design suggestions motivated by our findings.