The impact of transparency on mobile privacy decision making

Smart devices provide unprecedented access to users’ personal information, on which businesses capitalize to offer personalized services. Although users must grant permission before their personal information is shared, they often do so without knowing the consequences of their decision. Based on the EU General Data Protection Regulation, which mandates service providers to comprehensively inform users about the purpose and terms of personal data processing, this article examines how increased transparency regarding personal data processing practices in mobile permission requests impact users in making informed decisions. We conducted an online experiment with 307 participants to test the effect of transparency on users’ decisions about and comprehension of the requested permission. The results indicate increased comprehension of data processing practices when privacy policies are transparently disclosed, whereas acceptance rates do not vary significantly. We condense our findings into principles that service providers can apply to design privacy-transparent mobile apps.

[1]  Eoin Carolan,et al.  The continuing problems with online consent under the EU's emerging data protection principles , 2016, Comput. Law Secur. Rev..

[2]  David A. Wagner,et al.  The effect of developer-specified explanations for permission requests on smartphone user behavior , 2014, CHI.

[3]  Siddharth Suri,et al.  Conducting behavioral research on Amazon’s Mechanical Turk , 2010, Behavior research methods.

[4]  Iryna Pentina,et al.  Exploring privacy paradox in information-sensitive mobile app adoption: A cross-cultural comparison , 2016, Comput. Hum. Behav..

[5]  Ramnath K. Chellappa,et al.  Personalization versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma , 2005, Inf. Technol. Manag..

[6]  Peter Schaar,et al.  Privacy by Design , 2010 .

[7]  S. Gosling,et al.  Facebook as a research tool for the social sciences: Opportunities, challenges, ethical considerations, and practical guidelines. , 2015, The American psychologist.

[8]  Upkar Varshney,et al.  Challenges and business models for mobile location-based services and advertising , 2011, Commun. ACM.

[9]  Alessandro Acquisti,et al.  Nudging Privacy: The Behavioral Economics of Personal Information , 2009, IEEE Security & Privacy.

[10]  Pietro Ferrara,et al.  Visual Configuration of Mobile Privacy Policies , 2017, FASE.

[11]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[12]  Paul Benjamin Lowry,et al.  Information Disclosure on Mobile Devices: Re-Examining Privacy Calculus with Actual User Behavior , 2013, Int. J. Hum. Comput. Stud..

[13]  Bettina Grün,et al.  Including Don't know answer options in brand image surveys improves data quality , 2014 .

[14]  Matthew Smith,et al.  Using personal examples to improve risk communication for security & privacy decisions , 2014, CHI.

[15]  Henner Gimpel,et al.  The upside of data privacy – delighting customers by implementing data privacy measures , 2018, Electron. Mark..

[16]  Sterling A. Bone,et al.  Service encounters, experiences and the customer journey: Defining the field and a call to expand our lens , 2017 .

[17]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[18]  Mary Beth Rosson,et al.  The personalization privacy paradox: An exploratory study of decision making process for location-aware marketing , 2011, Decis. Support Syst..

[19]  Lorrie Faith Cranor,et al.  A Design Space for Effective Privacy Notices , 2015, SOUPS.

[20]  Alessandro Acquisti,et al.  Beyond the Privacy Paradox: Objective Versus Relative Risk in Privacy Decision Making , 2018, MIS Q..

[21]  P. Schwartz Property, Privacy, and Personal Data , 2004 .

[22]  P. Mayring Qualitative content analysis: theoretical foundation, basic procedures and software solution , 2014 .

[23]  A Min Tjoa,et al.  Security and privacy in business networking , 2014, Electron. Mark..

[24]  Devon S. Johnson,et al.  Cognitive and affective trust in service relationships , 2005 .

[25]  Tamara Dinev,et al.  An Extended Privacy Calculus Model for E-Commerce Transactions , 2006, Inf. Syst. Res..

[26]  Irina Shklovski,et al.  Leakiness and creepiness in app space: perceptions of privacy and mobile app use , 2014, CHI.

[27]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[28]  Alessandro Acquisti,et al.  Misplaced Confidences , 2013, WEIS.

[29]  J. R. Landis,et al.  The measurement of observer agreement for categorical data. , 1977, Biometrics.

[30]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[31]  Slava Kalyuga,et al.  When Dual Sensory Mode with Limited Text Presentation Enhance Learning , 2012 .

[32]  Rainer Böhme,et al.  The security cost of cheap user interaction , 2011, NSPW '11.

[33]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.

[34]  David A. Wagner,et al.  Short paper: location privacy: user behavior in the field , 2012, SPSM '12.

[35]  Paul Benjamin Lowry,et al.  Limited Information and Quick Decisions: Consumer Privacy Calculus for Mobile Applications , 2016, AIS Trans. Hum. Comput. Interact..

[36]  Lorrie Faith Cranor,et al.  The Impact of Timing on the Salience of Smartphone App Privacy Notices , 2015, SPSM@CCS.

[37]  Adam J. Berinsky,et al.  Evaluating Online Labor Markets for Experimental Research: Amazon.com's Mechanical Turk , 2012, Political Analysis.

[38]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[39]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[40]  Matthew S. Eastin,et al.  Living in a big data world: Predicting mobile commerce activity through privacy concerns , 2016, Comput. Hum. Behav..

[41]  Seungyeop Han,et al.  Privacy Revelations for Web and Mobile Apps , 2011, HotOS.

[42]  Daniel M. Oppenheimer,et al.  Instructional Manipulation Checks: Detecting Satisficing to Increase Statistical Power , 2009 .

[43]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[44]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[45]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[46]  Daniel Beverungen,et al.  Designing Multi-sided Community Platforms for Local High Street Retail , 2018, ECIS.

[47]  Lorrie Faith Cranor,et al.  "Little brothers watching you": raising awareness of data leaks on smartphones , 2013, SOUPS.

[48]  Jan Hendrik Betzing Beacon-based Customer Tracking across the High Street: Perspectives for Location-based Smart Services in Retail , 2018, AMCIS.

[49]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[50]  Edgar Erdfelder,et al.  G*Power 3: A flexible statistical power analysis program for the social, behavioral, and biomedical sciences , 2007, Behavior research methods.