Defining Privacy: How Users Interpret Technical Terms in Privacy Policies

Authors: Jenny Tang (Wellesley College), Hannah Shoemaker (Pomona College), Ada Lerner (Wellesley College), Eleanor Birrell (Pomona College)

Volume: 2021
Issue: 3
Pages: 70–94
DOI: https://doi.org/10.2478/popets-2021-0038

Download PDF

Abstract: Recent privacy regulations such as GDPR and CCPA have emphasized the need for transparent, understandable privacy policies. This work investigates the role technical terms play in policy transparency. We identify potentially misunderstood technical terms that appear in privacy policies through a survey of current privacy policies and a pilot user study. We then run a user study on Amazon Mechanical Turk to evaluate whether users can accurately define these technical terms, to identify commonly held misconceptions, and to investigate how the use of technical terms affects users’ comfort with privacy policies. We find that technical terms are broadly misunderstood and that particular misconceptions are common. We also find that the use of technical terms affects users’ comfort with various privacy policies and their reported likeliness to accept those policies. We conclude that current use of technical terms in privacy policies poses a challenge to policy transparency and user privacy, and that companies should take steps to mitigate this effect.

Keywords: privacy policies, policy transparency

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.