A Design Space for Effective Privacy Notices

Article Source: Eleventh Symposium on Usable Privacy and Security (SOUPS 2015), Ottawa, Canada, pp. 1-17, July 22-24, 2015
Publication Date:
Time to Read: 2 minute read
Written By:

 Florian Schaub

Florian Schaub

 Adam Durity

Adam Durity

 Rebecca Balebako

Rebecca Balebako



This paper surveys the literature on “best practices” for privacy policy design, and describes how to design useable privacy policies. Most policies are ineffective. Privacy policies should consist of multiple layers, offering information when it becomes relevant.


Policy Relevance:

Privacy notices should offer users real control over their information.


Key Takeaways:
  • Privacy notices should serve the needs of the system’s entire audience, which usually includes primary, secondary, and incidental users; for example, Google Glass collects information on bystanders as well as the wearer.
  • The privacy notice should highlight practices the audience is unlikely to expect.
  • Most notices should consist of multiple layers; the initial notice should be simple.
    • Further information should be delivered when it is relevant.
    • Facebook and Microsoft offer interactive privacy policies with multiple layers.
  • The timing of the privacy notice is important.
    • Notice can be given at setup (when the system is used for the first time), or just-in-time (when the information is being collected).
    • Systems can also provide persistent notice, periodic notice, or notice on demand.
  • When possible, privacy notices should include opt-in, opt-out, or other options so the user can control her level of privacy.
  • Android and Apple’s iOS take different approaches to privacy; iOS users may deny an app access to information but continue to use it, but Android users may not.
  • Privacy policies fulfil regulatory requirements, but are often ineffective or unsuitable for informing users.
  • New technologies like wearables or the Internet of Things will challenge designers of privacy policies; for example, small smartphone screens complicate the presentation of privacy notices.



Lorrie Faith Cranor

About Lorrie Faith Cranor

Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. She teaches courses on privacy, usable security, and computers and society.

See more with Lorrie Faith Cranor