Why Users Ignore Privacy Policies - A Survey and Intention Model for Explaining User Privacy Behavior

Privacy is a vital aspect of IT systems and services, and it is demanded from users and by law. Thus, most data-processing services provide interfaces for users to support transparency (e.g., privacy notices) and self-determination (e.g., privacy settings). In this paper, we present evidence that users do not make use of these privacy interfaces—although they generally would like to. Based on our findings, we present an intention model in order to explain this behavior. The model combines aspects such as privacy demands, motivation and barriers in order to argue about the resulting intention of the user regarding the application of privacy interfaces. We show the applicability of our model by instantiating it to a concrete use case.

[1]  Clare-Marie Karat,et al.  Optimizing a policy authoring framework for security and privacy policies , 2010, SOUPS.

[2]  A. Maslow A Theory of Human Motivation , 1943 .

[3]  Spyros Kokolakis,et al.  Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon , 2017, Comput. Secur..

[4]  I. Ajzen The theory of planned behavior , 1991 .

[5]  Benjamin Fabian,et al.  Readability of Privacy Policies of Healthcare Websites , 2015, Wirtschaftsinformatik.

[6]  Lorrie Faith Cranor,et al.  Disagreeable Privacy Policies: Mismatches between Meaning and Users’ Understanding , 2014 .

[7]  Anne Oeldorf-Hirsch,et al.  The Biggest Lie on the Internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services , 2020 .

[8]  A. Waldman Privacy, Notice, and Design , 2016 .

[9]  Danah Boyd,et al.  Facebook privacy settings: Who cares? , 2010, First Monday.

[10]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.

[11]  B. J. Fogg,et al.  A behavior model for persuasive design , 2009, Persuasive '09.

[12]  Sebastian Möller,et al.  An Experimental System for Studying the Tradeoff between Usability and Security , 2009, 2009 International Conference on Availability, Reliability and Security.

[13]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[14]  George R. Milne,et al.  A Longitudinal Assessment of Online Privacy Notice Readability , 2006 .

[15]  Clare-Marie Karat,et al.  Usability Challenges in Security and Privacy Policy-Authoring Interfaces , 2007, INTERACT.