ACADEMIC ARTICLE SUMMARY

“It’s a scavenger hunt”: Usability of Websites’ Opt-Out and Data Deletion Choices

Article Source: CHI '20: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, Paper No. 384, April, 2020
Publication Date:
Time to Read: 2 minute read
Written By:

 Florian Schaub

Florian Schaub

 Hana Habib

Hana Habib

 Norman Sadeh

Norman Sadeh

 Yixin Zou

Yixin Zou

 Jiamin Wang

Jiamin Wang

 Sarah Pearman

Sarah Pearman

Search for the full article on Bing

ARTICLE SUMMARY

Summary:

Privacy laws require websites to offer consumers options such as the choice to opt out of advertising or to delete account data. On many sites, these options are poorly labelled and hard to find.

POLICY RELEVANCE

Policy Relevance:

Websites should standardize and simplify privacy controls.

KEY TAKEAWAYS

Key Takeaways:
  • A study of 24 users showed that consumers struggle to locate and understand websites’ privacy controls; on the subject sites, participants were asked to complete two privacy-related tasks.
    • Sample tasks included opting out of email messages or targeted ads, requesting deletion of personal data, changing account settings, and reviewing the site's privacy policy.
    • Participants struggled most to find and recognize pages with opt-out information.
  • Europe's General Data Protection Regulation (GDPR) granted consumers an expanded menu of privacy choices, such as the requirement for consent to targeted marketing, resulting in a proliferation of cookie consent banners.
  • Almost all participants needed help to find the relevant account setting or privacy mechanism.
    • Mechanisms were poorly labelled; on one site, users seeking advertising controls often visited a page called "advertisers," intended for companies placing ads on the site.
    • Formatting issues caused confusion; one page offered an option to delete one's account, but the information that this also deleted the account data did not appear until after the user clicked.
    • Most users wanted more control over data deletion and tracking.
  • Most tasks required many clicks, scrolls, and form completions to complete; unsubscribe links within emails were easier to use, especially those that did not require extra confirmation.
  • Better design choices would help users complete privacy-related tasks; these include:
    • Unifying privacy choices into a single, standard location, such as a dashboard.
    • Offer multiple paths and links to privacy controls.
    • Place effort into packaging controls into simple toggles or buttons.
    • Bolster confidence that choices will be honored by offering confirmation messages.

QUOTE

TAGS

Alessandro Acquisti

About Alessandro Acquisti

Alessandro Acquisti is a Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University. He is the co-director of the CMU Center for Behavioral Decision Research (CBDR), a member of Carnegie Mellon Cylab, and is currently a Principal Investigator on the Usable Privacy Policy Project, a multi-year collaborative project funded by the National Science Foundation and involving Fordham Center on Law and Information Policy and computer scientists from Carnegie Mellon University and Stanford.

See more with Alessandro Acquisti

Lorrie Faith Cranor

About Lorrie Faith Cranor

Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. She teaches courses on privacy, usable security, and computers and society.

See more with Lorrie Faith Cranor