Nano-Notice: Privacy Disclosure at a Mobile Scale

29 Pages Posted: 31 Mar 2012 Last revised: 10 Sep 2012

See all articles by Aleecia McDonald

Aleecia McDonald

Stanford University

Tom Lowenthal

affiliation not provided to SSRN

Date Written: September 09, 2012


The trend toward mobile is clear: increasingly, people are accessing the Internet through smart phones and other mobile devices. Privacy notice, too, is going mobile. In February 2012, the California Attorney General’s office announced that application stores will ensure that mobile apps offer privacy policies. In March 2012, the Federal Trade Commission’s Protecting Consumer Privacy in an Era of Rapid Change report echoed the call for improved mobile notices.

Internet privacy notice is a difficult, well-studied problem. Mobile devices face the additional restriction of smaller screens and further limits to user attention. One approach to privacy notice in this context is to highlight only a small subset of relevant privacy policy information. But what subset? How do we go about isolating what information to surface? Another approach is to present information "just in time," as it is relevant, rather than present all information in a policy designed to be read prior to acquiring an application. When do users think privacy information is most relevant? Are there differences between types of information, and when they would prefer disclosure?

We performed a study aimed at exploring the question of what information mobile privacy notices should highlight, and when. Drawing in part from risk communication literature, the study focuses on the area of overlap between consumer assumptions and consumer preferences: what is it that consumers simultaneously (1) do not realize about mobile data practices and (2) would care about if they did realize it?

We recruited participants (n=534) from Mozilla's "Test Pilot" program. Participants were not primed that we were studying privacy. In addition to testing user knowledge, we asked questions to determine users’ priorities: which practices actually bother users when they are aware of them? Which practices would surprise users? Finally, in a between-subjects design, we tested comprehension of proposed formats for privacy polices from TRUSTe, Privacy Choice, and a Natural Language mobile privacy policy designed without using either format. We conclude with observations and suggestions for policy makers and technology developers.

Keywords: privacy, notice, mobile

JEL Classification: 033, 038

Suggested Citation

McDonald, Aleecia and Lowenthal, Tom, Nano-Notice: Privacy Disclosure at a Mobile Scale (September 09, 2012). 2012 TRPC, Available at SSRN: or

Aleecia McDonald (Contact Author)

Stanford University ( email )

Stanford, CA 94305
United States

Tom Lowenthal

affiliation not provided to SSRN ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics