Usable and Useful Privacy Interfaces

Privacy and Security

Article Snapshot


Lorrie Faith Cranor and Florian Schaub


An Introduction to Privacy for Technology Professionals, Second Edition (2020)


Designing privacy interfaces for devices, software, and websites that are easy for people to understand and control is difficult. Designers should shift focus from information to people and their privacy needs.

Policy Relevance

Privacy notices should be integrated with the service or product interface. User testing is important to reveal problems.

Main Points

  • Improving users' experience of privacy interfaces requires designers to shift focus to people and to their privacy needs, preferences, understanding, and behavior.
  • When privacy interfaces are hard for users to understand and control, the user may later be surprised and angry to learn how the data is actually used, and lose trust in the organization.
  • The usability of a system is determined by factors such as the length of time it takes a new user to learn to perform a task, or the number of errors users make; the utility of a system depends on how well it meets the exact needs of users.
  • Privacy is a value that competes with other values and norms, and the desire for privacy is context sensitive; the question of how well an interface serves privacy needs can be hard to assess, compared to the efficiency of the interface, or error rates.
  • Usability problems result when designers assume that information needed for regulatory compliance and the information users need is the same, but this is often not true.
  • Permissions to share data should be unbundled, as in mobile phone systems, where users are presented with a prompt when an app wants to access a phone's location, contacts, or photos for the first time.
  • The privacy design process should include user testing.
    • Studies that reveal how users believe privacy settings should work help companies redesign controls in response to complaints.
    • User studies are important for understanding how privacy notices should be timed.
    • Small-scale user testing is inexpensive, quick, and can offer important insights.
  • The percentage of users who opt in or opt out does not show the privacy interface’s effectiveness; studies should measure user comprehension, and whether their personal preferences are in alignment with what the interface does.

Get The Article

Find the full article online

Search for Full Article