Societal Computing Thesis Defense
- Remote Access - Zoom
- Virtual Presentation - ET
- HANA HABIB
- Ph.D. Candidate
- Ph.D Program in Societal Computing
- Institute for Sofware Research, Carnegie Mellon University
Evaluating the Usability of Privacy Choice Mechanisms
Notice and choice has dominated the discourse on consumer privacy protection and is the foundation of existing privacy regulation in the United States. Under this paradigm, companies disclose their data handling practices to consumers, who in turn are expected to make decisions according to their privacy preferences. As such, many companies have incorporated consent notices and other privacy choices into their web interfaces. The notice and choice model presents several challenges for providing effective consumer privacy protection, one of which is related to the usability of privacy choice mechanisms. The design of consent and privacy choice interfaces can significantly affect consumer choices and their privacy outcomes. This thesis will highlight usability issues related to existing privacy choice mechanisms, as well as provide guidance for conducting usability evaluations of such interactions.
In this thesis, I will first describe a series of studies examining different usability aspects of existing privacy choices. The first two studies present an overview of how privacy choices related to email marketing, targeted advertising, and data deletion are commonly offered to consumers on the web and provide insight into the usability of these implementations. Among other shortcomings, these studies found discoverability issues with existing privacy choices. One potential means of making privacy choices more visible to consumers is through the use of icons. The third study described in this thesis explains the design and evaluation of new icons and accompanying text descriptions to effectively communicate the presence of privacy choices. In addition to discoverability issues, privacy choices may not always align well with user needs. The fourth study in this thesis explored this aspect of usability, and evaluated whether existing controls related to targeted advertising on a social networking platform actually address user goals related to their advertising experience on the platform.
My prior work, as well as previous studies from the literature, emphasize the importance of usability testing with regards to privacy choice and consent interfaces. Despite increased regulatory requirements and consumer pressure for privacy choice mechanisms, there is little direction for design and privacy practitioners on how to systematically evaluate such interfaces. To address this need, I developed comprehensive guidance for conducting such evaluations that pertain to different aspects of usability, such as user awareness and comprehension of privacy choice interfaces. This guidance provides an overview of HCI research methods, as well as example heuristics, prompts, and metrics, for measuring specific usability problems in privacy choice interfaces. To demonstrate the application of this guidance, the final study described in this thesis evaluated the impact of different design aspects of cookie consent notices, providing actionable recommendations that would improve the usability of these interfaces.
Lorrie Faith Cranor (Chair)
Rebecca Balebako (Google)
Zoom Participation. See announcement.