A US-UK Usability Evaluation of Consent Management Platform Cookie Consent Interface Design on Desktop and Mobile

Elijah, Bouma-Sims,; Li, Megan; Lin, Yanzi; Sakura-Lemessy, Adia; Nisenoff, Alexandra; Young, Eleanor; Birrell, Eleanor; Cranor, Lorrie Faith; Habib, Hana

doi:10.1145/3544548.3580725

Cited by 6 publications

(4 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Very few participants read privacy notices regularly; almost all participants felt privacy notices were annoying and just usually do what it takes to get rid of them quickly, such as clicking "Accept all" or accepting only necessary cookies by default. This echoes findings from previous research which found that users tend to not interact with privacy notices very thoroughly [11,28,53].…”

Section: Perceptions Of Data Collection Practicessupporting

confidence: 88%

“…Bouma-Sims et al found that few users actually read purpose definitions, though no significant difference in comprehension was noted when definitions were provided [11]. Kyi et al found that users tended to be most accepting of sharing data for Strictly Necessary, Security and Debugging, and Fraud and Law Enforcement legitimate interest purposes, but least accepting of sharing data for Personalized Ads and Sharing Data with Third Parties legitimate interest purposes [45].…”

Section: Related Work On Data Collection Purposesmentioning

confidence: 99%

See 1 more Smart Citation

“It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes

Kyi,

Mhaidli,

Santos

et al. 2024

Proceedings of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Data collection purposes and their descriptions are presented on almost all privacy notices under the GDPR, yet there is a lack of research focusing on how effective they are at informing users about data practices. We fill this gap by investigating users' perceptions of data collection purposes and their descriptions, a crucial aspect of informed consent. We conducted 23 semi-structured interviews with European users to investigate user perceptions of six common purposes (Strictly Necessary, Statistics and Analytics, Performance and Functionality, Marketing and Advertising, Personalized Advertising, and Personalized Content) and identified elements of an effective purpose name and description.We found that most purpose descriptions do not contain the information users wish to know, and that participants preferred some purpose names over others due to their perceived transparency or ease of understanding. Based on these findings, we suggest how the framing of purposes can be improved toward meaningful informed consent. CCS CONCEPTS• Human-centered computing → Empirical studies in HCI; • Security and privacy → Usability in security and privacy; • Applied computing → Law.

show abstract

Section: Perceptions Of Data Collection Practicessupporting

confidence: 88%

Section: Related Work On Data Collection Purposesmentioning

confidence: 99%

“It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes

Kyi,

Mhaidli,

Santos

et al. 2024

Proceedings of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…Degeling et al [12] measures the impacts of the GDPR on web privacy by monitoring and analyzing changes in the privacy policies of websites in European countries over time. Some work, on the other hand, examines how privacy-related regulations aect the user experience on dierent services and apps, and also whether dierent apps or services are compliant with regulations such as the Children's Online Privacy Protection Act (COPPA) [4,21,49,59]. Some of these studies [45] also focus on the end-user's experiences with regulation-related interfaces such as consent notices and privacy policies.…”

Section: Privacy-related Regulationsmentioning

confidence: 99%

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

Tran,

Mehrotra,

Chetty

et al. 2024

Proceedings of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

The widespread sharing of consumers' personal information with third parties raises signicant privacy concerns. The California Consumer Privacy Act (CCPA) mandates that online businesses oer consumers the option to opt out of the sale and sharing of personal information. Our study automatically tracks the presence of the opt-out link longitudinally across multiple states after the California Privacy Rights Act (CPRA) went into eect. We categorize websites based on whether they are subject to CCPA and investigate cases of potential non-compliance. We nd a number of websites that implement the opt-out link early and across all examined states but also nd a signicant number of CCPA-subject websites that fail to oer any opt-out methods even when CCPA is in eect. Our ndings can shed light on how websites are reacting to the CCPA and identify potential gaps in compliance and optout method designs that hinder consumers from exercising CCPA opt-out rights.

show abstract

“…Cookie banners are another type of privacy-related communication that has been evaluated by researchers. Researchers have found that consumers largely do not understand the privacy decisions facilitated by these banners and that the banners often nudge users to make choices that do not align with their preferences [2,12].…”

Section: Evaluations Of Privacy Communicationsmentioning

confidence: 99%

Data Safety vs. App Privacy: Comparing the Usability of Android and iOS Privacy Labels

Lin,

Juneja,

Birrell

et al. 2024

PoPETs

View full text Add to dashboard Cite

Privacy labels---standardized, compact representations of data collection and data use practices---are often presented as a solution to the shortcomings of privacy policies. Apple introduced mandatory privacy labels for apps in its App Store in December 2020; Google introduced mandatory labels for Android apps in July 2022. iOS app privacy labels have been evaluated and critiqued in prior work. In this work, we evaluated Android Data Safety Labels and explored how differences between the two label designs impact user comprehension and label utility. We conducted a between-subjects, semi-structured interview study with 12 Android users and 12 iOS users. While some users found Android Data Safety Labels informative and helpful, other users found them too vague. Compared to iOS App Privacy Labels, Android users found the distinction between data collection groups more intuitive and found explicit inclusion of omitted data collection groups more salient. However, some users expressed skepticism regarding elided information about collected data type categories. Most users missed critical information due to not expanding the accordion interface, and they were surprised by collection practices excluded from Android's definitions. Our findings also revealed that Android users generally appreciated information about security practices included in the labels, and iOS users wanted that information added.

show abstract

A US-UK Usability Evaluation of Consent Management Platform Cookie Consent Interface Design on Desktop and Mobile

Cited by 6 publications

References 27 publications

“It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes

“It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

Data Safety vs. App Privacy: Comparing the Usability of Android and iOS Privacy Labels

Contact Info

Product

Resources

About