Usable Privacy: privacy settings, personal data sharing, data inference
Usable Privacy Basics
- Privacy is a kind of security;
- Users want to protect their information.
- Should have the right to understand what happens with their data.
- Should have as much control as possible over how it is used.
 
- Privacy Policies;
- Tell a user everything they need to know about how their data is collected, used, and shared.
- Can be analyzed for usability.
 
- Privacy Controls
- Should data be collected or not?
- Who has permission to see it?
 
- Going forward
- Privacy and security are part of the same issue.
- Analyzing usability is done the same way with privacy.
- Keep the user in mind first.
 
Privacy Policies and User Understanding
For user to control their privacy, they must understand privacy policies. Do they?
- What we know:
- Most people don’t read privacy policies.
- When people do read them, they don’t necessarily understand them.
 
- How to learn?
- Read privacy policies.
- Discover through other sources.
 
- Implications
- Privacy policies are boring and hard to read
 
- Poor usability
- They are really important.
- Are there more usable ways to convey the information in a privacy policy?
 
Informed Consent for Privacy
- User understand what data is being collected and shared, and they consent to how it is used.
- Six components
- Disclosure
- Comprehension
- Voluntariness
- Competence
- Agreement
- Minimal distraction
 
5 Pitfalls of Privacy
- Understanding
- Obscuring potential information flow.
- Obscuring actual information flow.
 
- Action
- Emphasizing configuration over action.
 
- Privacy management should be part of natural workflow
- Lacking coarse-grained control.
 
- Have an obvious, top-level control to turn sharing on and off
- Inhibiting established practice.
 
- What users expect from other experiences?
- Let them have it here too.
 
- Mental models, conventions
Information Flow
- Types of information
- Kinds of observers
- Media through which info is conveyed
- Length of retention
- Potential for unintended disclosure
- Collection of metadata