Privacy Preserving Policy Framework: User-Aware and User-Driven

11 Pages Posted: 3 Sep 2019 Last revised: 5 Sep 2019

See all articles by Sanchari Das

Sanchari Das

Indiana University Bloomington, School of Informatics and Computing

Jayati Dev

Indiana University Bloomington - School of Informatics and Computing

L. Jean Camp

Indiana University Bloomington - School of Informatics and Computing

Date Written: August 31, 2019

Abstract

Privacy policies outline and structure data collection and access management for online services or websites. These policies are often too long, complex, and convoluted for an average internet user to understand which is a factor in why these policies are ignored. Prior work has mostly focused on improving the accessibility of these privacy policies. Here we focus on making the policies more resemble the negotiation they are supposed to represent by proving flexibility to people. An example is a website which offers various services such as photo, video, or location sharing, where the people are required to either accept the privacy policy to access all the services provided by the website or be prevented from using any of the services. Our goal is to map privacy policy statements to the distinct services offered by a website allowing people to agree for only the services they wish to use. By not agreeing to a policy statement, the access would be denied only on the corresponding service instead of following the all or none mechanism. Additionally, this would also prevent the website from collecting data from people for a particular service which they have no current or future desire to use, in accordance with the principle of data collection minimization.

We propose a privacy policy framework to promote transparency for consumers, credibility and trust building for the organization, and clarity in data storage for the developers. Our modular service-policy map for developers allow them to easily associate new features to the corresponding privacy policy section. Modularizing enables developers, organizations, customers, and other stakeholders to understand how specific services correspond with individual data compilations. With the current ongoing debate of data access strategies in social media platforms, our initial framework is based on Facebook’s privacy policy because of the diversity in services that the platform offers. However, the framework can be widely applied across various social media, business, and health care policies. Finally, through pilot interviews with existing consumers, we report on the initial validity testing of our proposed framework. Our early findings are promising in terms of meeting the goals of promoting privacy awareness and increasing trust in organizations' privacy policies.

Keywords: privacy policy, compliance, social media, Facebook, privacy preserving, human factors

Suggested Citation

Das, Sanchari and Dev, Jayati and Camp, L. Jean, Privacy Preserving Policy Framework: User-Aware and User-Driven (August 31, 2019). Available at SSRN: https://ssrn.com/abstract=3445942 or http://dx.doi.org/10.2139/ssrn.3445942

Sanchari Das (Contact Author)

Indiana University Bloomington, School of Informatics and Computing ( email )

Bloomington, IN
United States

Jayati Dev

Indiana University Bloomington - School of Informatics and Computing ( email )

Informatics West, Room 204
901 E. 10th Street
Bloomington, IN 47408
United States

L. Jean Camp

Indiana University Bloomington - School of Informatics and Computing ( email )

901 E 10th St
Bloomington, IN 47401
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
50
Abstract Views
313
PlumX Metrics