This post is also available in:
עברית (Hebrew)
Whenever a user visits a new website, they are shown a privacy notice, and must click if they agree before being able to access the site’s content or services. This requirement stems from regulation that users must provide informed consent to the collection and use of their data by web services, stipulated by the European Union and the United Kingdom through General Data Protection Regulation (GDPR)
However, it was recently discovered that the language used in these privacy notices is often misleading and fails to provide important information. This, according to a study published in the journal Proceedings of the CHI Conference on Human Factors in Computing Systems by scientists at the Max Planck Institute for Security and Privacy, in collaboration with Utrecht University, University of Michigan, and the University of Washington.
According to Tech Xplore, participants in the study reported that privacy notices are a nuisance to them, and that they usually try to get rid of them quickly, without reading through them in detail. After carefully reviewing multiple notices at the request of the researchers, none of the participants felt well-informed about data practices, highlighting a lack of transparency about data collection purposes, storage duration, and deletion processes. Many believed organizations would still collect their data even if they opted out. Some sites would also require users to agree to data sharing in order to access certain services, and participants expressed being disappointed, and feeling manipulated into sharing their data.
The study found that another issue was the fact that the language used by companies was often confusing and unfamiliar to the users. For example, participants were unaware of the difference between “advertising” and “personalized advertising”, the second of which uses data collected from the user to curate ads, which was something many participants expressed their disapproval of.
In order to combat the problems that yielded from the interviews, the study offered several solutions, such as improving UI design in privacy notices to make information easier to find, as well as draw inspiration from fields established in informed consent such as human subject research and healthcare to clarify data handling and processing.
