[page 116↓]

Contextualized communication of privacy practices and personalization benefits

The meta-study of consumer privacy surveys in Chapter 5 demonstrated that today’s Web users are becoming increasingly privacy-conscious and less willing to disclose personal data to companies. Thus, respecting privacy requirements in data usage as described in Chapter 4 is not enough. A Web site must also effectively communicate these privacy practices to its users in order to increase trust and willingness to buy online respectively.

As discussed in Chapter 5, privacy protection is particularly important in user-adaptive Web sites, as they require more detailed user information than regular sites and therefore pose higher privacy risks. Thus, Web sites need more advanced methods for communicating to users both their privacy practices and the benefits that users can expect by providing personal data. In this chapter, we will discuss and analyze such methods in the context of personalized Web sites [Kobsa,et al., 2001].

More than two-thirds of the respondents in Ackerman et al. [1999] indicated that knowing how their data will be used would be an important factor in their decision on whether or not to disclose personal data. It seems, though, that the communication of privacy practices on the Internet has so far not been very effective in alleviating consumer concerns: 64% of Internet users surveyed in Culnan and Milne [2001] indicated having decided in the past not to use a Web site, or not to purchase something from a Web site, because they were not sure about how their personal information would be used.

Currently, the predominant way for Web sites to communicate how they handle users’ data is to post comprehensive privacy statements. 76% of users find privacy policies very important [Department for Trade and Industry, 2001], and 55% stated that a privacy policy makes them more comfortable disclosing personal information [GartnerG2, 2001 Roy Morgan Research, 2001]. However, privacy statements today are usually written in a form that gives the impression that they are not really supposed to be read. And this is indeed not the case: whereas 73% of the respondents in Harris Interactive [2000] indicate having viewed Web privacy statements in the past (and 26% of them claim to always read them), Web site operators report that users hardly pay any attention to them [Kohavi, 2001]. Abrams [2003] criticizes that people are turned off by long, legalistic privacy notices whose complexity makes them wonder what the organization is hiding. We clearly need better means for communicating corporate privacy practices than what is afforded by today’s privacy statements on the Web.

Communicating a company’s privacy policy alone is not sufficient though. In situated [page 117↓]interviews [Brodie, et al., 2004], users pointed out that “in order to trust an e-commerce company, they must feel that the company is doing more than just protecting their data – it must also be providing them with functionality and service that they value”. The way in which personal data is used for the provision of these services must be clearly explained. Current Web privacy statements hardly address the connection between personal data and user benefits.

The following section will survey existing approaches to communicating privacy practices to Web site visitors that go beyond the posting of privacy statements, and indicate their merits and shortcomings. Section 6.2 proposes a new contextualized strategy to communicate privacy practices and personalization benefits. Section 6.3 presents a new interface design approach for a sample Web site. In Section 6.4, we describe a between-subjects experiment in which we compare this approach with a traditional form of disclosure. We focus on differences between users’ willingness to share personal data, differences in their purchase behavior, and differences in their perception of a site’s privacy practices as well as the benefits they received by sharing their data. Section 6.5 concludes this chapter with a discussion of results.

6.1  Existing approaches and their shortcomings

As discussed in Section 4.2.2, the currently predominant approach to communicating privacy practices to Web site visitors besides privacy statements is the Privacy Preferences Protocol (P3P). However, the current P3P adoption rate is stagnating [Ernst&Young, May 2004]. One reason may be due to P3P’s problematic legal implications (as discussed in Section 4.2.2) and the insufficient support to users in evaluating a Web site’s P3P policy.

The latter problem is partly addressed by the AT&T Privacy Bird [AT&T, 2002], which allows users to specify their own privacy preferences, compares them with a site’s P3P-encoded privacy policy when users visit this site, and alerts them when this policy does not meet their standards. Upon request, the Privacy Bird also provides a summary of a site’s privacy policy and a statement-by-statement comparison with the user’s privacy preferences.

A few browsers also allow users to specify certain limited privacy preferences and to compare them with the P3P policies of visited Web sites. For example, Internet Explorer 6 allows users to initially state a few privacy preferences and blocks cookies from sites that do not adhere to these preferences. The Mozilla browser goes one step further and allows users to enter privacy settings for cookies, images, popup windows, certificates and smart cards.


[page 118↓]

Finally, a simple non-technical approach is suggested by [Abrams, 2001 Abrams, 2003]. The author correctly points out that the current lengthy and legalistic privacy statements “don’t work”. As an alternative, he suggests a “layered approach” which includes: one short concise notice with standardized vocabulary that is easy to follow and highlights the important information, and an additional long, “complete” policy that includes the details.

All these approaches suffer from the following major shortcomings though:

  1. They require users to make privacy decisions upfront, without regard to specific circumstances in the context of a particular site or of individual pages at a site. This disregards the situational nature of privacy [Palen and Dourish, 2002]. In fact, privacy preferences stated upfront and actual usage behavior often seem to differ significantly [Berendt,et al., 2005 Spiekermann, et al., 2001].
  2. The systems do not inform about the benefits of providing the requested data. For instance, respondents in (Personalization Consortium, 2000) indicate to be willing to share personal data if the site offered personalized services.
  3. They do not enhance users’ understanding of basic privacy settings. For example, most users still do not know what a cookie is and what it can do.

Very recent work takes first steps to address some of these deficiencies. Friedman, Howe and Felten [2002] aim at further enhancing the above-mentioned management of cookies and users’ privacy in the Mozilla browser. Among other things, the authors study contextual issues such as how to enhance users’ understanding of cookie settings, at the time when cookie-related events occur and in a form that is least distractive. Patrick and Kenny [2003] is concerned with the communication of privacy choices under the European Data Protection Directive [EU, 2002]. From the privacy principles of this Directive, the authors derive four HCI guidelines for effective privacy interface design: (1) comprehension, (2) consciousness, (3) control, and (4) consent. Since single large click-through privacy policies or agreements do not meet the spirit of the Directive, the authors propose “just-in-time click-through agreements” on an as-needed basis instead of a large, complete list of service terms. These small agreements would facilitate a better understanding of decisions since they are made in-context.

6.2  A communication design pattern

To adequately address privacy concerns of users of personalized Web sites, we propose user interface design patterns that communicate the privacy practices of a site both at a global and a local level. Similar to design patterns in object-oriented programming, interface design patterns constitute descriptions of best practices within a given design domain based on research and application experience [van Duyne,et al., 2002]. They [page 119↓]give designers guidelines for the efficient and effective design of user interfaces.

6.2.1  Global communication

Global communication of privacy practices currently takes place by posting privacy statements on a company’s home page or on all its Web pages. As pointed out in Section 4.2 privacy statements on the Web are legally binding in many jurisdictions. Privacy policies are therefore carefully crafted by legal council. Rather than completely replacing them by something new whose legal impact is currently unclear at best, our approach keeps current privacy statements in the “background” for legal reference and protection. However, we argue to enhance this kind of disclosure by additional information that explains privacy practices and user benefits, and their relation to the requested personal data, in the given local context.

6.2.2  Local communication

As discussed in Section 6.1, tailored in-context explanation of privacy practices and personalization benefits can be expected to address users’ privacy concerns much better than global contextless disclosures. Such an approach would break long privacy policies into smaller, more understandable pieces, refer more concretely to the current context, and thereby allow users to make situated decisions regarding the disclosure of their personal data considering the explicated privacy practices and the explicated personalization benefits.

It is unclear yet at what level of granularity the current context should be taken into account. Should privacy practices and personalization benefits be explained at the level of single entry fields (at the risk of being redundant), or summarized at the page level or even the level of several consecutive pages (e.g., a page sequence for entering shipping, billing and payment data)? Several considerations need to be taken into account:

Closure: Input sequences should be designed in such a way that their completion leads to (cognitive) closure [Shneiderman and Plaisant, 2004]. The coarsest level at which closure should be achieved is the page level. This therefore should also be the coarsest level for the provision of information about privacy and personalization, even if this information is redundant across several pages.

Separation: Within a page, sub-contexts often exist that are supposed to be visually separated from each other (e.g. simply by white space). Ideally, the completion of each sub-context should lead to closure. Information about privacy and personalization should therefore be given at the level of such visually separated sub-contexts, even if this leads to redundancy across different contexts on a page.


[page 120↓]

Different sensitivity: Ackerman et al. [1999] found that users indicated different degrees of willingness to give out personal data, depending on the type of data and whether the data was about them or their children. For instance, 76% of the respondents felt comfortable giving out their own email addresses, 54% their full names, but only 11% their phone numbers. Even when entry fields for such data fall into the same sub-context (which is likely in the case of this example), users’ different comfort levels suggest to treat each data field separately and to provide separate explanations of privacy practices and personalization benefits that can address these different sensitivity levels.

Legal differences: From a legal perspective, not all data may be alike. For instance, the European Data Protection Directive distinguishes “sensitive data” (such as race, ethnic origin, religious beliefs and trade union membership) whose processing require the user’s explicit consent. This calls for a separate explanation of privacy practices and personalization benefits of data that are different from a legal stand­point, possibly combined with a “just-in-time click-through agreement” as proposed by Patrick and Kenny [2003].

The safest strategy is seemingly to communicate privacy practices and personalization benefits at the level of each individual entry field for personal data. If a number of such fields form a visually separate sub-context on a page, compiled explanations may be given only if the explanations for each individual field are not very different (due to legal differences, different sensitivity levels, privacy practices or personalization benefits). A page is the highest possible level at which compiled contextual explana­tions may be given (again, only if the field-level explanations are relatively similar). Visually separate sub-contexts on a page should be preferred though, due to the closure that they require.

6.3  Interface design pattern of an example Web site

Figure 6-1 shows the application of the proposed interface design pattern to a Web bookstore that offers personalized services. The top three links in the left-hand frame lead to the global disclosures (to facilitate comprehension, we decided to split the usual contents of current privacy statements into three separate topics: privacy, personalization benefits, and security). The main frame contains input fields and checkboxes for entering personal data. Each of them is accompanied by an explanation of the site’s privacy practices regarding the respective personal data (which focuses specifically on usage purposes), and the personalized services that these data afford.


[page 121↓]

Figure 6-1: Global and contextual communication of privacy practices and personalization benefits

As in the theoretical model of Lederer, Dey and Mankoff [2002], a user achieves an understanding of the privacy implications of the displayed situation both intuitively (taking the overall purpose of the site and page into account) and through adequate contextual notice. The traditional link to a privacy policy can still be accessed if so desired.

6.4  Impacts on users’ data sharing behavior

We conducted a user experiment to empirically verify the merits of our proposed user interface design pattern in comparison with traditional approaches for the communication of privacy practices. In Section 6.4.1 we will motivate the specific research strategy that we pursued. Sections 6.4.2-6.4.5 describe the materials, subjects, design and procedures, and the results of our study.

6.4.1  Background

Two kinds of methods can be applied to study users’ reaction to different interface designs: inquiry-based and observational methods. In the first approach, users are being interviewed about their opinions with regard to the questions at hand. These interviews may be supported by representations of the proposed designs, ranging in fidelity from paper sketches to prototypes and real systems. In the second approach, users are being observed while carrying out tasks (either their customary ones or synthetic tasks). Both approaches complement each other: while inquiries may reveal aspects of users’ rationale [page 122↓]that cannot be inferred from mere observation, observations allow one to see actual user behavior which may differ from self-reported behavior.

This latter problem seems to prevail in the area of privacy. Berendt et al. [2005] and Spiekermann et al. [2001] found that users’ stated privacy preferences deviate significantly from their actual behavior, and an enormous discrepancy can be observed between the number of people who claim to read privacy policies and the actual access statistics of these pages. Solely relying on interview-based techniques for analyzing privacy impacts on users, as is currently nearly exclusively the case, must therefore be viewed with caution. Our empirical studies therefore gravitated towards an observational approach, which we complemented by questionnaires. We designed an experiment to determine whether users exhibit different data sharing behavior depending on the type of explanation about privacy practices and personalization benefits that they receive (global alone versus global plus contextual). Our hypothesis was that users would be more willing to share personal data in the condition with contextual explanations, and that they would also view sites more favorably that use this type of disclosure.

6.4.2  Materials

We developed a fake book recommendation and sales Web site whose interface was designed to suggest an experimental future version of a popular online bookstore. Two variants of this system were created, one with contextual explanations of privacy practices and personalization benefits, and one without. Figure 6-1 shows an excerpt of the first variant, translated from German into English. The contextual explanations are given for each entry field (which is the safest of the strategies discussed in Section 6.2.2), under the headings “What are your benefits?” and “What happens with your data?” In the version without contextual explanations, these explanations are omitted.

In both conditions, the standard privacy policy of the Web retailer is used. The three left-hand links labeled “Privacy”, “Personalization” and “Our Security Guarantee” lead to the original company privacy statement (we split it into these three topics though and left out irrelevant text). In the condition with contextual explanations, the central policies that are relevant in the current situation are explained under “What happens with your data?” Such explanations state, for instance, that the respective piece of personal data will not be shared with third parties, or that some personal data will be stored under a pseudonym and then aggregated and analyzed. The explanation of the usage purpose is concise and kept in the spirit of P3P specifications [Cranor,et al., 2002].

A counter was visibly placed on each page that purported to represent the size of the currently available selection of books. Initially the counter is set to one million books. Data [page 123↓]entries in Web forms (both via checkboxes and radio buttons and through textual input) decrease the counter after each page by an amount that depends on the data entries made. The Web forms ask a broad range of questions relating to users’ interests. A few sensitive questions on users’ political interests, religious interests and adherence, their literary sexual preferences, and their interest in certain medical subareas (including venereal diseases) are also present. All questions “make sense” in the context of filtering books in which users may be interested. For each question, users have the option of checking a “no answer” box or simply leaving the question unanswered. The personal information that is solicited in the Web forms was chosen in such a way that it may be relevant for book recommendations and/or general customer and market analysis. Questions without any clear relation to the business goals of an online bookstore are not being asked. A total of 32 questions with 86 answer options are presented. Ten questions allow multiple answers, and seven questions have several answer fields with open text entries (each of which we counted as one answer option). The complete set of questions and their contextual explanations are provided in the Appendix to Chapter 6.

After nine pages of data entry (with a decreased book selection count after each page), users are encouraged to review their entries and then to retrieve books that purportedly match their interests. 50 predetermined and invariant books are then displayed that were selected based on their low price and their presumable attractiveness for students (book topics include popular fiction, politics, tourism, and sex and health advisories). The prices of all books are visibly marked down by 70%, resulting in out-of-pocket expenses between 2 and 12 euros for a book purchase. For each book, users can retrieve a page with bibliographic data, editorial reviews, and ratings and reviews by readers.

Users are free to choose whether or not to buy one single book. Those who do are asked for their shipping and payment data (a choice of bank account withdrawal and credit card charge is offered). Those who do not buy may still register with their postal and email addresses, to receive personalized recommendations in the future as well as newsletters and other information.

6.4.3 Subjects

58 subjects participated in the experiment. They were students of Humboldt University in Berlin, mostly in the areas of Business Administration and Economics. The data of six subjects were eventually not used, due to a computer failure or familiarity with the student experimenters.

6.4.4 Experimental design and procedures

The experiment was announced electronically in the School of Economic Sciences of [page 124↓]Humboldt University. Participants were promised a 6 euros coupon for a nearby popular coffee shop as a compensation for their participation, and the option to purchase a book with a 70% discount. Prospective participants were asked to bring their IDs and credit or bank cards to the experiment.

When subjects showed up for the experiment, they were reminded to check whether they had these credentials with them, but no data was registered at this time. Paraphernalia that are easily associated with the Web book retailer, such as book cartons and logos, were casually displayed.

In the instructions part of the experiment, subjects were informed that they would test an experimental new version of the online bookstore with an intelligent book recommendation engine inside. Users were told that the more and the better data they provided, the better would be the book selection. They were made aware that their data would be given to the book retailer after the experiment. It was explicitly pointed out though that they were not required to answer any question. Subjects were asked to work with the prototype to find books that suited their interests, and to optionally pick and purchase one of them at a 70% discount. They were instructed that payments could be made by credit card or by withdrawal from their bank accounts. The student briefing is provided in the Appendix of Chapter 6.

A between-subjects design was used for the subsequent experiment, with the system version as the independent variable: one variant featured non-contextual explanations of privacy practices and personalization benefits only, and the other additionally contextualized explanations (see Section 4.2 for details). Subjects were randomly assigned to one of the two conditions (we will abbreviate them by “no-ctxt-expl” and “ctxt-expl” in the following). They were separated by screens, to bar any communication between them. After searching for books and possibly buying one, subjects filled in a post-questionnaire on paper. The questionnaire is provided in the Appendix of Chapter 6. Finally, the data of those users who had bought a book or had registered with the system were compared with the credentials that subjects had brought with.

6.4.5  Results

Data Sharing Behavior. We analyzed the data of 26 participants in the conditions “no-ctxt-expl” and “ctxt-expl”. We first dichotomized their responses by counting whether a question received at least one answer or was not answered at all. Whereas on average 84% of the questions were answered in condition “no-ctxt-expl”, this rose to 91% in the second condition (see Table 6-1). A Chi-Square test on a contingency table with the total number of questions answered and not answered in each condition showed that the [page 125↓]difference between conditions was statistically significant (p < 0.001).

The two conditions also differed with respect to the number of answers given (see Table 6-2). The maximum number of answers that any subject could give was 64, and we used this as the maximum number of possible answers. In condition “no-ctxt-expl”, subjects gave 56% of all possible responses on average (counting all options for multiple answers), while they gave 67% of all possible answers in condition “no-ctxt-expl”. A Chi-Square contingency test showed again that the difference between the two conditions is highly significant (p < 0.001). The relative difference between the number of answers provided in the two conditions is even higher than in the dichotomized case (19.6% vs. 8.3% increase).

Table 6-1: Percentage of questions answered and results of Chi-Square test

 

w/o contextual explanations

with contextual explanations

df

Chi-Square

p

N

% Questions answered

84%

91%

1

16.42

< 0.001

1664

Table 6-2: Percentage of checked answer options and results of Chi-Square test

 

w/o contextual explanations

with contextual explanations

df

Chi-Square

p

N

% Answers given

56%

67%

1

42.68

< 0.001

3432

The results demonstrate that the contextual communication of privacy practices and personalization benefits has a significant positive effect on users’ willingness to share personal data. The effect is even stronger when users can give multiple answers. We found no evidence for a significant difference of this effect between questions that we regarded as more sensitive and less sensitive questions.

Purchases. Table 6-3 shows that the purchase rate in condition “ctxt-expl” is 33% higher than in condition “no-ctxt-expl” (note that all subjects saw the same set of 50 books in both conditions). A t-test for proportions indicates that this result approaches significance
(p < 0.07). We regard this as an important confirmation of the success of our proposed contextual explanation of privacy practices and personalization benefits. In terms of privacy, the decision to buy is a significant step since at this point users reveal personally identifiable information (name, shipment and payment data) and risk that previously pseudonymous information may be linked to their identities. A contextual explanation of [page 126↓]privacy practices seemingly alleviates such concerns much better than a traditional global disclosure of privacy practices.

Table 6-3: Purchase ratio and result of t-test for frequencies

 

w/o contextual explanations

with contextual explanations

df

t

p(t) (1‑tailed)

N

Purchase ratio

0.58

0.77

48

1.51

0.07

52

Access to the global company disclosures. We also monitored how often subjects clicked on the links “Privacy”, “Personalization” and “Our Security Guarantee” in the left side panel (which lead to the respective original global company disclosures): merely one subject in each condition clicked on the “Privacy” link.

Rating of privacy practice and perceived benefit resulting from data disclosure. The paper questionnaire that was administered to each subject at the end of the study contains five Likert questions (whose possible answers range from “strongly agree” to “strongly disagree”), and one open question for optional comments. It examines how users perceive the level of privacy protection at the Web site as well as the expediency of their data disclosure in helping the company recommend better books.

The responses to the five attitudinal questions were encoded on a one to five scale. A one-tailed t-test revealed that the agreement with the statement “Privacy has priority at <book retailer>” was significantly higher in condition “ctxt-expl” than in condition “no-ctxt-expl” (p < 0.01). The same applies to subjects’ perception of whether their data disclosure helped the bookstore in selecting interesting books for them (p < 0.05). Note again that all subjects were offered the same set of books. The difference between the two conditions in the statement “<book retailer> uses my data in a responsible manner” approached significance (p < 0.12). More details about these results can be found in Table 6-4.


[page 127↓]

Table 6-4: Users’ perception of privacy practice and benefit of data disclosure

 

no-ctxt-expl 

ctxt-expl

    

p(t)

1-tailed

Item

N

Means

Std Dev

Means

Std Dev

Meansdif

Std Devdif

t

df

Privacy has priority

41

3.35

0.88

3.94

0.87

0.60

0.28

2.16

39

0.01

Data helped site to select better books

56

2.85

0.97

3.40

1.10

0.51

0.28

1.85

54

.035

Data is used responsibly

47

3.62

0.85

3.91

0.83

0.29

0.25

1.17

45

0.12

6.5  Discussion and open research questions

Our experiment was designed so as to ensure that subjects had as much “skin in the game” as possible, and thereby to increase its ecological relevance. The incentive of a highly discounted book and the extremely large selection set that visibly decreased with every answer given was chosen to incite users to provide ample and truthful data about their interests. The perceptible presence of the Web book retailer, the claim that all data would be made available to them, and the fact that names, addresses and payment data were verified (which ensured that users could not use escape strategies such as sending books to Post Office boxes or someone they know) meant that users really had to trust the privacy policy that the Web site promised when deciding to disclose their identities.

The results demonstrate that the contextualized communication of privacy practices and personalization benefits has a significant positive effect on users’ data sharing behavior, and on their perception of the Web site’s privacy practices as well as the perceived benefit resulting from data disclosure. The additional finding that this form of explanation also leads to more purchases approached significance. The adoption by Web retailers of interface design patterns that contain such explanations therefore seems clearly advisable.

While the experiment does not allow for substantiated conclusions regarding the underlying reasons that link the two conditions with the observed effects, the results are by all means consistent with recent models in the area of personalization research that include the notion of ‘trust’ in a company (cf. Chapter 2). One may speculate whether the significantly higher perceived usefulness of data disclosure in condition “ctxt-expl” can be explained by a positive transfer effect.

Other characteristics of our experiment are also in agreement with the literature. Hine and Eve [1998] found in their study of consumer privacy concerns that “in the absence of straightforward explanations on the purposes of data collection, people were able to [page 128↓]produce their own versions of the organization’s motivation that were unlikely to be favorable. Clear and readily available explanations might alleviate some of the unfavorable speculation” [emphasis ours]. Culnan and Bies [2003] postulate that consumers will “continue to disclose personal information as long as they perceive that they receive benefits that exceed the current or future risks of disclosure. Implied here is an expectation that organizations not only need to offer benefits that consumers find attractive, but they also need to be open and honest about their information practices so that consumers […] can make an informed choice about whether or not to disclose.” The readily available explanations of both privacy practices and personalization benefits in our experiment meet the requirements spelled out in the above quotations, and the predicted effects could be indeed observed.

Regarding our results, we would like to point out that additional factors may also play a role in users’ data disclosure behavior, which were kept constant in our experiment due to the specific choice of the Web retailer, its privacy policy, and a specific instantiation of our proposed interface design pattern. We will discuss some of these factors in the following.

Reputation of a Web site. We chose a Web store that enjoys a relatively high reputation in Germany (we conducted surveys that confirmed this). It is well known that reputation increases users’ willingness to share personal data with a Web site [cf. CG&I-R, 2001 Earp and Baumer, 2003 Teo, et al., 2004]. Our high response rates of 84% without and specifically 91% with contextual explanation suggest that we may have already experienced some ceiling effects (after all, some questions may have been completely irrelevant for the interests of some users so that they had no reason to answer them). An experiment with a retailer who has a lower perceived reputation should be conducted.

Stringency of a Web site’s data handling practices. The privacy policy of the Web site that we mimicked is comparatively strict. Putting this policy upfront and explaining it in-context in a comprehensible manner is more likely to have a positive effect on customers than couching it in legalese and hiding it behind a link. Chances are that this may change if a site’s privacy policy is not so customer-friendly.

Permanent visibility of contextual explanations. In our experiment, the contextual explanations were permanently visible. This uses up a considerable amount of screen real estate. Can the same effect be achieved in a less space-consuming manner, for instance with icons that symbolize the availability of such explanations? If so, how can the contextual explanations be presented so that users can easily access them and at the same time will not be distracted by them? Should this be done through regular page links, links to pop-up windows, or rollover windows that pop up when users brush over an icon?


[page 129↓]

References to the full privacy policy. Privacy statements on the Web currently constitute important and comprehensive legal documents. Contextual explanations will in most cases be incomplete since they need to be short and focused on the current situation, so as to ensure that users will read and understand them. For legal protection, it is advisable to include in every contextual explanation a proviso such as “This is only a summary explanation. See <link to privacy statement> for a full disclosure.” Will users then be concerned that a Web site is hiding the juicy part of its privacy disclosure in the “small print”, and therefore show less willingness to disclose their personal data? Additional user experiments will be necessary to obtain answers or at least a clearer picture with regard to these questions.


© Die inhaltliche Zusammenstellung und Aufmachung dieser Publikation sowie die elektronische Verarbeitung sind urheberrechtlich geschützt. Jede Verwertung, die nicht ausdrücklich vom Urheberrechtsgesetz zugelassen ist, bedarf der vorherigen Zustimmung. Das gilt insbesondere für die Vervielfältigung, die Bearbeitung und Einspeicherung und Verarbeitung in elektronische Systeme.
DiML DTD Version 4.0Zertifizierter Dokumentenserver
der Humboldt-Universität zu Berlin
HTML generated:
14.08.2006