Author(s)
Alessandro Acquisti,
Lorrie Faith Cranor, Hana Habib,
Joel R. Reidenberg, Norman Sadeh, Florian Schaub, Yaxing Yao and Yixin Zou
Source
CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, Vol. 63, pp. 1-25, May, 2021
Summary
Websites often use icons to guide consumers to privacy choices. Designing effective icons can be difficult. Sites could improve results by testing icons before use.
Policy Relevance
Policymakers could require sites to guide consumers to a single privacy interface.
Main Points
- Some websites use icons to communicate privacy concepts quickly; icons can address the limitations of text-based privacy notices.
- Icons can communicate information despite cultural and language differences.
- Icons are easy to recognize.
- Icons can help users navigate through blocks of text.
- Testers developed icons to represent three key types of privacy choice: The idea of choice, the action of opting-out, and choices regarding the sale of personal information.
- Dollar signs, slashes, stop signs, and ID cards were tested to represent opt-out.
- A blue stylized toggle switch paired with the link text "privacy options" best represented "choice."
- Users confused a more realistic version of the toggle with an actual toggle switch.
- Participants were more likely to interpret icons correctly when the icon was paired with a link text; the link texts "do not sell my personal information" and "Do Not Sell My Info," effectively communicated opt-out options when paired with most icons.
- Study participants found some of the tested icons especially confusing.
- The icons developed to show opt-out options confused most study participants.
- To many participants, a dollar sign signified “payment,” although most participants favored a slashed dollar sign to represent "do not sell."
- Icons chosen to represent privacy choices should be inspired by simple, familiar concepts, neither too realistic or too abstract; also, icons should come with text descriptions to avoid confusion.
- Policymakers could test privacy interfaces as part of the policymaking process, and could mandate standardized privacy choice indicators to direct all users to all privacy choices in one place, such as a centralized privacy dashboard.