Privacy, Notice, and Design

56 Pages Posted: 6 Oct 2016 Last revised: 10 Dec 2019

See all articles by Ari Ezra Waldman

Ari Ezra Waldman

Northeastern University School of Law and Khoury College of Computer Sciences, Center for Law, Information and Creativity (CLIC)

Date Written: March 16, 2016


Design configures our relationship with a space, whether offline or online. In particular, the design of built online environments can constrain our ability to understand and respond to websites’ data use practices or it can enhance agency by giving us control over information. Design, therefore, poses dangers and offers opportunity to protect privacy online. This Article is a comprehensive theoretical and empirical approach to the design of privacy policies.

Privacy notices today do not convey information in a way understandable to most internet users. This is because they are designed without the needs of real people in mind. They are written by lawyers and for lawyers, and they ignore the way most of us make disclosure decisions online. They also ignore design. This Article argues that in addition to focusing on content, privacy regulators and technology companies must also consider the ways that privacy policy design — the artistic and structural choices that frame and present a company’s privacy terms to the public — can manipulate or coerce users into making risky privacy choices. I present empirical evidence of the designs currently employed by privacy policies and the effect of different designs on user choices. This research shows that supposedly “user-friendly” designs are not always boons to consumers; design strategies can manipulate users into making bad choices just as easily as they can enhance transparency. This suggests that recommending “user-friendly” design is not enough. Rather, privacy regulators, including the Federal Trade Commission and state attorneys general and legislators, must ensure that privacy policies, and the websites that display them, are designed in ways that enhance transparency. And corporations must institutionalize the importance of notice design throughout the organizations.

Suggested Citation

Waldman, Ari Ezra, Privacy, Notice, and Design (March 16, 2016). Stanford Technology Law Review, Vol. 21, 2018, Available at SSRN: or

Ari Ezra Waldman (Contact Author)

Northeastern University School of Law and Khoury College of Computer Sciences, Center for Law, Information and Creativity (CLIC) ( email )

416 Huntington Avenue
Boston, MA 02115
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics