Abstract

How can meaningful privacy policies best be provided to users of mobile devices with small screens? “Natural language” policies are far too long, according to the authors, so many app developers, particularly the “long tail” of smaller companies and individual developers, are likely to turn to free software services that automatically generate concise privacy policies. This article examines two of those tools, TRUSTe and Privacy Choice, which were used to create privacy policies that were then tested by the authors, with comparative results on formats, users' preferences, types of data collection, and personally identifiable information. The authors conclude with a discussion of policy implications and specific advice for designing such notices.

The text of this article is only available as a PDF.

Bibliography

Balebako, Rebecca, Pedro G. Leon, Hazim Almuhimedi, Patrick Gage Kelley, Jonathan Mugan, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh.
“Nudging Users towards Privacy on Mobile Devices.”
Paper presented at the ACM CHI Conference on Human Factors in Computing Systems, Vancouver, BC, May
2011
. Accessed June 21, 2013, http://www.andrew.cmu.edu/user/pgl/paper6.pdf.
Benjamin, Barry M., Stephen Feingold, Christina M. Gattuso, and J. Henry Walker IV.
“California Attorney General and Mobile Platform Providers Agree to Require Mobile Software Application Developers to Implement Privacy Policies.”
Legal notice,
Kilpatrick Townsend
, Feb. 29,
2012
. Accessed June 19, 2013, http://www.kilpatricktownsend.com/en/Knowledge_Center/Alerts_and_Podcasts/Legal_Alerts/2012/02/California_Mobile.aspx.
Boyles, Jan Lauren, Aaron Smith, and Mary Madden.
“Privacy and Data Management on Mobile Devices.”
Research report,
Pew Internet & American Life Project
, Sept. 5,
2012
. Accessed June 19, 2013, http://pewinternet.org/∼/media//Files/Reports/2012/PIP_MobilePrivacyManagement.pdf.
Calo, M. Ryan.
“People Can Be So Fake: A New Dimension to Privacy and Technology Scholarship.”
Penn State Law Review
114
(
2010
):
809
855
.
“European Union Issues Guidance on Privacy Notices; New Notices Make It Easier for Consumers to Understand, Compare Policies.”
Business Wire
, Jan. 4,
2005
. Accessed June 21, 2013, http://www.businesswire.com/news/home/20050104005447/en/European-Union-Issues-Guidance-Privacy-Notices-Notices.
Federal Trade Commission
.
Final Report of the FTC Advisory Committee on Online Access and Security
. Report, May 15,
2000
. Accessed June 19, 2013, http://www.ftc.gov/acoas/papers/finalreport.htm.
Federal Trade Commission
.
Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers
. Preliminary FTC Staff Report, Dec.
2010
. Accessed June 21, 2013, http://ftc.gov/os/2010/12/101201privacyreport.pdf.
Graber, Mark A., Donna M. D'Alessandro, and Jill Johnson-West.
“Reading Level of Privacy Policies on Internet Health Web Sites.”
Journal of Family Practice
51
,
no. 7
(July
2002
):
642
645
.
Kelley, Patrick Gage, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder.
“A ‘Nutrition Label’ for Privacy.”
SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security (
2009
): art.
4
.
Kumaraguru, Ponnurangam and Lorrie Faith Cranor.
“Privacy Indexes: A Survey of Westin's Studies.”
Technical report CMU-ISRI-5–138,
Carnegie Mellon University
, Dec.
2005
. Accessed July 9, 2013, http://reports-archive.adm.cs.cmu.edu/anon/usr0/anon/isri2005/CMU-ISRI-05–138.pdf.
Lemos, Robert.
“MSN Sites Get Easy-to-Read Privacy Label.”
CNET
, Mar. 11,
2005
. Accessed June 21, 2013, http://news.cnet.com/2100–1038_3–5611894.html.
McDonald, Aleecia M. and Lorrie Faith Cranor.
“Beliefs and Behaviors: Internet Users' Understanding of Behavioral Advertising.”
Paper presented at the Telecommunications Policy Research Conference, Arlington, VA, Sept.
2010
. Accessed June 19, 2013, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1989092.
McDonald, Aleecia M. and Lorrie Faith Cranor.
“The Cost of Reading Privacy Policies.”
I/S: A Journal of Law and Policy for the Information Society
4
,
no. 3
(
2008
):
540
565
.
McDonald, Aleecia M., Robert W. Reeder, Patrick Gage Kelley, and Lorrie Faith Cranor.
“A Comparative Study of Online Privacy Policies and Formats.”
PETS '09: Proceedings of the 9th International Symposium on Privacy Enhancing Technologies (
2009
):
37
55
.
Ohm, Paul.
“Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.”
UCLA Law Review
57
(
2010
):
1701
1777
.
Pollach, Irene.
“What's Wrong with Online Privacy Policies?”
Communications of the ACM
50
,
no. 9
(Sept.
2007
):
103
108
.
Privacy Rights Clearinghouse
.
“A Review of the Fair Information Principles: The Foundation of Privacy Public Policy,”
Apr.
2012
(revised). Accessed June 19, 2013, https://www.privacyrights.org/ar/fairinfo.htm.
Reips, Ulf-Dietrch.
“Privacy and the Disclosure of Information on the Internet: Issues and Measurement.”
In
Internet in Psychological Research
, edited by Agata Blachnio, Aneta Przepiorka, and Tomasz Rowinski,
67
100
.
Warsaw
:
Cardinal Stefan Wyszynski University
,
2010
.
Turow, Joseph.
“Americans and Online Privacy: The System is Broken.”
Research report,
The Annenberg Public Policy Center of the University of Pennsylvania
, June
2003
. Accessed June 19, 2013, http://www.asc.upenn.edu/usr/jturow/internet-privacy-report/36-page-turow-version-9.pdf.
Ware, Willis H.
“Records, Computers and the Rights of Citizens.”
White paper,
Rand Corporation
, Aug.
1973
. Accessed July 9, 2013, http://www.rand.org/content/dam/rand/pubs/papers/2008/P5077.pdf.

Author notes

*

Director of Privacy, Center for Internet & Society, Stanford Law School. This research was conducted while McDonald was Senior Privacy Researcher at Mozilla.

Former Senior Privacy Researcher, Mozilla.

This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.