ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Improving understanding of website privacy policies with fine-grained policy anchors
Full text PdfPdf (462 KB)
Source International World Wide Web Conference archive
Proceedings of the 14th international conference on World Wide Web table of contents
Chiba, Japan
SESSION: Security through the eyes of users table of contents
Pages: 480 - 488  
Year of Publication: 2005
ISBN:1-59593-046-9
Authors
Stephen E. Levy  Watson Research Center, IBM, Hawthorne, NY
Carl Gutwin  University of Saskatchewan, Saskatoon, SK, Canada
Sponsor
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 1,   Downloads (12 Months): 54,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1060745.1060816
What is a DOI?

ABSTRACT

Website privacy policies state the ways that a site will use personal identifiable information (PII) that is collected from fields and forms in web-based transactions. Since these policies can be complex, machine-readable versions have been developed that allow automatic comparison of a site's privacy policy with a user's privacy preferences. However, it is still difficult for users to determine the cause and origin of conformance conflicts, because current standards operate at the page level - they can only say that there is a conflict on the page, not where the conflict occurs or what causes it. In this paper we describe fine-grained policy anchors, an extension to the way a website implements the Platform for Privacy Preferences (P3P), that solves this problem. Fine grained policy anchors enable field-level comparisons of policy and preference, field-specific conformance displays, and faster access to additional conformance information. We built a prototype user agent based on these extensions and tested it with representative users. We found that fine-grained anchors do help users understand how privacy policy relates to their privacy preferences, and where and why conformance conflicts occur.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
W3C (2002) P3P 1.0 Recommendation, www.w3.org/TR/ /P3P, accessed May 15, 2004
 
2
W3C (2002) APPEL 1.0 Working Draft, www.w3.org/TR/ /P3P-preferences, accessed May 15, 2004.
 
3
AT&T Corp. (2002) Privacy Bird, www.privacybird.com.
4
Julia B. Earp , David Baumer, Innovative web use to learn about consumer behavior and online privacy, Communications of the ACM, v.46 n.4, p.81-83, April 2003  [doi>10.1145/641205.641209]
5
Michael Boyle , Saul Greenberg, The language of privacy: Learning from video media space analysis and design, ACM Transactions on Computer-Human Interaction (TOCHI), v.12 n.2, p.328-370, June 2005  [doi>10.1145/1067860.1067868]
 
6
Westin, A. (1967) Privacy and Freedom. New York, NY: Bodley Head, 1967.
 
7
European Union (2000) On the protection of individuals with regard to the processing of personal data. Council of the European Union Act No. 77, 2000.
 
8
Aberdeen Group (2002) Federated Identity Systems, Technical Report, Aberdeen Group, Boston, MA, 2002.
9
Ben Shneiderman, Designing trust into online experiences, Communications of the ACM, v.43 n.12, p.57-59, Dec. 2000  [doi>10.1145/355112.355124]
10
Keng Siau , Zixing Shen, Building customer trust in mobile commerce, Communications of the ACM, v.46 n.4, p.91-94, April 2003  [doi>10.1145/641205.641211]
 
11
Behrens, L. (2001) Privacy and Security: The Hidden Growth Strategy. In Gartner G2 Report, 2001.
 
12
Privacy Commisioner of New Zealand (2001) Privacy Concerns Loom Large, www.privacy.org/nz/privword/ /42pr.html, accessed May 15, 2004
 
13
Fox, S. and Rainie, L. (2000) Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Pew Internet & American Life Report, www.pewinternet.org/reports/, accessed May 15, 2004
14
Joseph Reagle , Lorrie Faith Cranor, The platform for privacy preferences, Communications of the ACM, v.42 n.2, p.48-55, Feb. 1999  [doi>10.1145/293411.293455]
 
15
Ipsos-Reid and Columbus Group (2001) Privacy Policies Critical to Online Consumer Trust. Canadian Inter@active Reid Report, www.ipsos-na.com/news/pressrelease.cfm?id=1171, accessed May 15, 2004
 
16
Culnan, M., and Milne, G. (2001) The Culnan-Milne Survey on Consumers & Online Privacy. In Get Noticed: Effective Financial Privacy Notices, 2001.
17
Donna L. Hoffman , Thomas P. Novak , Marcos Peralta, Building consumer trust online, Communications of the ACM, v.42 n.4, p.80-85, April 1999  [doi>10.1145/299157.299175]
18
Carlos Jensen , Colin Potts, Privacy policies as decision-making tools: an evaluation of online privacy notices, Proceedings of the SIGCHI conference on Human factors in computing systems, p.471-478, April 24-29, 2004, Vienna, Austria  [doi>10.1145/985692.985752]
 
19
Lorrie Faith Cranor , Lawrence Lessig, Web Privacy with P3p, O'Reilly & Associates, Inc., Sebastopol, CA, 2002
 
20
Constantine, L. (2002) Devilish Details: Best Practices in Web Design. forUse 2002, www.foruse.com/articles /details.pdf , accessed May 15, 2004.
 
21
Barnum, C. (2003) Usability Interface -- What's in a Number?, STC Usability SIG Newsletter, January 2003, Vol 9, No. 3
 
22
IBM Corp. (2003) P3P Policy Editor, www.alphaworks.ibm.com/tech/p3peditor.
 
23
Eclipse Editor (2004), www.eclipse.org.

CITED BY  2
Jan Camenisch , Dieter Sommer , Roger Zimmermann, Securing user inputs for the web, Proceedings of the second ACM workshop on Digital identity management, November 03-03, 2006, Alexandria, Virginia, USA
Umesh Shankar , Chris Karlof, Doppelganger: Better browser privacy without the bother, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
          Subjects: Privacy

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.4 Hypertext/Hypermedia
          Subjects: User issues


General Terms:
Design, Human Factors, Security


Keywords:
APPEL, P3P, conformance conflicts, e-commerce, privacy policies, privacy preferences, user agents

Collaborative Colleagues:
Stephen E. Levy: colleagues
Carl Gutwin: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player