“It’s a scavenger hunt”: Usability of Websites’ Opt-Out and Data Deletion Choices

Privacy and Security, Networks, the Internet, and Cloud Computing and Search and Advertising

Article Snapshot

Author(s)

Alessandro Acquisti, Lorrie Faith Cranor, Hana Habib, Sarah Pearman, Norman Sadeh, Florian Schaub, Jiamin Wang and Yixin Zou

Source

CHI '20: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, Paper No. 384, April, 2020

Summary

Privacy laws require websites to offer consumers options such as the choice to opt out of advertising or to delete account data. On many sites, these options are poorly labelled and hard to find.

Policy Relevance

Websites should standardize and simplify privacy controls.

Main Points

  • A study of 24 users showed that consumers struggle to locate and understand websites’ privacy controls; on the subject sites, participants were asked to complete two privacy-related tasks.
     
    • Sample tasks included opting out of email messages or targeted ads, requesting deletion of personal data, changing account settings, and reviewing the site's privacy policy.
       
    • Participants struggled most to find and recognize pages with opt-out information.
       
  • Europe's General Data Protection Regulation (GDPR) granted consumers an expanded menu of privacy choices, such as the requirement for consent to targeted marketing, resulting in a proliferation of cookie consent banners.
     
  • Almost all participants needed help to find the relevant account setting or privacy mechanism.
     
    • Mechanisms were poorly labelled; on one site, users seeking advertising controls often visited a page called "advertisers," intended for companies placing ads on the site.
       
    • Formatting issues caused confusion; one page offered an option to delete one's account, but the information that this also deleted the account data did not appear until after the user clicked.
       
    • Most users wanted more control over data deletion and tracking.
       
  • Most tasks required many clicks, scrolls, and form completions to complete; unsubscribe links within emails were easier to use, especially those that did not require extra confirmation.
     
  • Better design choices would help users complete privacy-related tasks; these include:
     
    • Unifying privacy choices into a single, standard location, such as a dashboard.
       
    • Offer multiple paths and links to privacy controls.
       
    • Place effort into packaging controls into simple toggles or buttons.
       
    • Bolster confidence that choices will be honored by offering confirmation messages.
       

Get The Article

Find the full article online

Search for Full Article

Share