Designing Privacy Policies
50 Pages Posted: 30 Mar 2016
Date Written: March 29, 2016
To argue that the design of privacy policies can coerce and deceive Internet users, I show the following: Relying on extensive social science, art, architecture, and urban design scholarship and several illustrative examples, I show that the underlying design of a built environment can be used to manipulate an audience or users of the space. I then present evidence from a review of the designs of 200 privacy policies from diverse websites and show that most privacy policies are designed in ways that make them difficult to read. Finally, I present results of a 2000-person MTurk empirical study showing the effects of different designs on user privacy choices. The survey, which was divided into four parts, asked individuals to choose to trust or do business with one of two websites (users could also choose “neither” or “indifferent”) based on the websites’ privacy policies. The results suggest that both current and supposedly user-friendly designs can manipulate and coerce users into making risky privacy choices: users overwhelmingly chose to trust websites with policies that were designed in graphical or user-friendly ways even when those policies contained invasive data use practices.
The paper concludes with a discussion of the implications of this research. Most notably, user-friendly designs are not always boons to consumers; effective design can manipulate users into making bad choices just as easily as they can enhance transparency. Deception is based on how the website deploys design strategies. Therefore, privacy regulators, including the Federal Trade Commission and state attorneys-general and legislators, must look at how websites design their privacy policies to determine if design is being used in such a way as to coerce users into making choices they would others not have made.
Suggested Citation: Suggested Citation