Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Motivating Users to Attend to Privacy: A Theory-Driven Design Study (2405.03915v1)

Published 7 May 2024 in cs.HC

Abstract: In modern technology environments, raising users' privacy awareness is crucial. Existing efforts largely focused on privacy policy presentation and failed to systematically address a radical challenge of user motivation for initiating privacy awareness. Leveraging the Protection Motivation Theory (PMT), we proposed design ideas and categories dedicated to motivating users to engage with privacy-related information. Using these design ideas, we created a conceptual prototype, enhancing the current App Store product page. Results from an online experiment and follow-up interviews showed that our design effectively motivated participants to attend to privacy issues, raising both the threat appraisal and coping appraisal, two main factors in PMT. Our work indicated that effective design should consider combining PMT components, calibrating information content, and integrating other design elements, such as visual cues and user familiarity. Overall, our study contributes valuable design considerations driven by the PMT to amplify the motivational aspect of privacy communication.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (72)
  1. Andrick Adhikari and Rinku Dewri. 2021. Towards Change Detection in Privacy Policies with Natural Language Processing. In 2021 18th International Conference on Privacy, Security and Trust (PST). Institute of Electrical and Electronics Engineers, New York, NY, 1–10. https://doi.org/10.1109/PST52912.2021.9647767
  2. Icek Ajzen. 1985. From Intentions to Actions: A Theory of Planned Behavior. In Action Control: From Cognition to Behavior, Julius Kuhl and Jürgen Beckmann (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 11–39. https://doi.org/10.1007/978-3-642-69746-3_2
  3. Interactive Privacy Management: Toward Enhancing Privacy Awareness and Control in the Internet of Things. ACM Trans. Internet Things 4, 3, Article 18 (sep 2023), 34 pages. https://doi.org/10.1145/3600096
  4. ”…Better to Use a Lock Screen than to Worry about Saving a Few Seconds of Time”: Effect of Fear Appeal in the Context of Smartphone Locking Behavior. In Proceedings of the Thirteenth USENIX Conference on Usable Privacy and Security (SOUPS ’17). USENIX Association, USA, 49–63. https://www.usenix.org/conference/soups2017/technical-sessions/presentation/albayram
  5. Catherine Anderson and Ritu Agarwal. 2010. Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions. MIS Quarterly 34 (09 2010), 613–643. https://doi.org/10.2307/25750694
  6. Privacy Policies of Mobile Apps - A Usability Study. In IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). Institute of Electrical and Electronics Engineers, New York, NY, 1–2. https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484434
  7. Roy F. Baumeister and Mark R. Leary. 1997. Writing Narrative Literature Reviews. Review of General Psychology 1, 3 (1997), 311–320. https://doi.org/10.1037/1089-2680.1.3.311
  8. The Effect of Providing Visualizations in Privacy Policies on Trust in Data Privacy and Security. In 2014 47th Hawaii International Conference on System Sciences. Institute of Electrical and Electronics Engineers, New York, NY, 3224–3233. https://doi.org/10.1109/HICSS.2014.399
  9. Karen J. Bigrigg and Michael W. Bigrigg. 2017. Active Dissection of Privacy Policies: Why Johnny Doesn’t Read Privacy Policies. SIGCAS Comput. Soc. 46, 4 (jan 2017), 5–11. https://doi.org/10.1145/3040489.3040491
  10. What About My Privacy?Helping Users Understand Online Privacy Policies. In Proceedings of the International Conference on Software and System Processes and International Conference on Global Software Engineering (ICSSP’22). ACM, New York, NY, USA, 56–65. https://doi.org/10.1145/3529320.3529327
  11. Philip J. Cash. 2018. Developing theory-driven design research. Design Studies 56 (2018), 84–119. https://doi.org/10.1016/j.destud.2018.03.002
  12. Anitha Chennamaneni and Babita Gupta. 2022. The privacy protection behaviours of the mobile app users: exploring the role of neuroticism and protection motivation theory. Behaviour & Information Technology 0, 0 (2022), 1–19. https://doi.org/10.1080/0144929X.2022.2106307
  13. Christy M. K. Cheung and Dimple R. Thadani. 2012. The impact of electronic word-of-mouth communication: A literature analysis and integrative model. Decis. Support Syst. 54, 1 (dec 2012), 461–470. https://doi.org/10.1016/j.dss.2012.06.008
  14. User Interfaces for Privacy Agents. ACM Trans. Comput.-Hum. Interact. 13, 2 (jun 2006), 135–178. https://doi.org/10.1145/1165734.1165735
  15. A Run a Day Won’t Keep the Hacker Away: Inference Attacks on Endpoint Privacy Zones in Fitness Tracking Social Networks. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS ’22). ACM, New York, NY, USA, 801–814. https://doi.org/10.1145/3548606.3560616
  16. Bolder is Better: Raising User Awareness through Salient and Concise Privacy Notices. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI ’21). ACM, New York, NY, USA, Article 67, 12 pages. https://doi.org/10.1145/3411764.3445516
  17. European Parliament and Council of the European Union. 2016. General Data Protection Regulation. https://gdpr-info.eu
  18. Yang Feng and Quan Xie. 2019. Privacy Concerns, Perceived Intrusiveness, and Privacy Controls: An Analysis of Virtual Try-On Apps. Journal of Interactive Advertising 19, 1 (2019), 43–57. https://doi.org/10.1080/15252019.2018.1521317
  19. A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI ’21). ACM, New York, NY, USA, Article 64, 16 pages.
  20. Leon Festinger. 1954. A Theory of Social Comparison Processes. Human Relations 7, 2 (1954), 117–140. https://doi.org/10.1177/001872675400700202
  21. A meta-analysis of research on protection motivation theory. Journal of applied social psychology 30, 2 (2000), 407–429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x
  22. Smartphone Security and Privacy – A Gamified Persuasive Approach with Protection Motivation Theory. In Persuasive Technology: 17th International Conference, PERSUASIVE 2022, Virtual Event, March 29–31, 2022, Proceedings. Springer-Verlag, Berlin, Heidelberg, 89–100. https://doi.org/10.1007/978-3-030-98438-0_7
  23. Kambiz Ghazinour and Tahani Albalawi. 2016. A Usability Study on the Privacy Policy Visualization Model. In 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech). Institute of Electrical and Electronics Engineers, New York, NY, 578–585. https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2016.109
  24. Writing narrative literature reviews for peer-reviewed journals: secrets of the trade. Journal of Chiropractic Medicine 5, 3 (2006), 101–117. https://doi.org/10.1016/S0899-3467(07)60142-6
  25. Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI ’21). ACM, New York, NY, USA, Article 63, 25 pages. https://doi.org/10.1145/3411764.3445387
  26. Chang-Dae Ham. 2017. Exploring how consumers cope with online behavioral advertising. International Journal of Advertising 36, 4 (2017), 632–658. https://doi.org/10.1080/02650487.2016.1239878
  27. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 531–548. https://www.usenix.org/conference/usenixsecurity18/presentation/harkous
  28. Karen Holtzblatt and Hugh Beyer. 2017. 6 - The Affinity Diagram. In Contextual Design (Second Edition) (second edition ed.), Karen Holtzblatt and Hugh Beyer (Eds.). Morgan Kaufmann, Boston, 127–146. https://doi.org/10.1016/B978-0-12-800894-2.00006-5
  29. “Why Should I Read the Privacy Policy, I Just Need the Service”: A Study on Attitudes and Perceptions Toward Privacy Policies. IEEE Access 9 (2021), 166465–166487. https://doi.org/10.1109/ACCESS.2021.3130086
  30. Princely Ifinedo. 2012. Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Comput. Secur. 31, 1 (feb 2012), 83–95. https://doi.org/10.1016/j.cose.2011.10.007
  31. Jeffrey Gainer Proudfoot Jeffrey L. Jenkins, Mark Grimes and Paul Benjamin Lowry. 2014. Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals. Information Technology for Development 20, 2 (2014), 196–213. https://doi.org/10.1080/02681102.2013.814040
  32. Vitor Jesus and Harshvardhan J. Pandit. 2022. Consent Receipts for a Usable and Auditable Web of Personal Data. IEEE Access 10 (2022), 28545–28563. https://doi.org/10.1109/ACCESS.2022.3157850
  33. A ”Nutrition Label” for Privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS ’09). ACM, New York, NY, USA, Article 4, 12 pages. https://doi.org/10.1145/1572532.1572538
  34. Standardizing privacy notices: an online study of the nutrition label approach. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’10). ACM, New York, NY, USA, 1573–1582. https://doi.org/10.1145/1753326.1753561
  35. iPri: Context-Aware Access Control and Privacy Policy Recommendation. In 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom). Institute of Electrical and Electronics Engineers, New York, NY, 370–370. https://doi.org/10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.83
  36. Understanding Challenges for Developers to Create Accurate Privacy Nutrition Labels. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI ’22). ACM, New York, NY, USA, Article 588, 24 pages. https://doi.org/10.1145/3491102.3502012
  37. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX Association, Denver, CO, 27–41. https://www.usenix.org/conference/soups2016/technical-sessions/presentation/liu
  38. Aleecia M. McDonald and Lorrie Faith Cranor. 2008. The Cost of Reading Privacy Policies. I/S: A Journal of Law and Policy for the Information Society, vol. 4, no. 3 (2008), 543-568. 4 (2008), 25 pages.
  39. OECD. 2023. OECD Guidelines for Multinational Enterprises on Responsible Business Conduct. , 79 pages. https://doi.org/10.1787/81f92357-en
  40. Government of Canada. 2021. Canada’s Privacy Act. https://www.justice.gc.ca/eng/csj-sjc/pa-lprp/pa-lprp.html
  41. An Interface without A User: An Exploratory Design Study of Online Privacy Policies and Digital Legalese. In Proceedings of the 2018 Designing Interactive Systems Conference (DIS ’18). ACM, New York, NY, USA, 1345–1358. https://doi.org/10.1145/3196709.3196818
  42. Motivating the Insider to Protect Organizational Information Assets: Evidence from Protection Motivation Theory and Rival Explanations. In The Dewald Roode Workshop in Information Systems Security 2011. Social Science Research Network, Blacksburg, Virginia, USA, 1–51. https://ssrn.com/abstract=2273594
  43. The Effectiveness of Fear Appeals in Increasing Smartphone Locking Behavior among Saudi Arabians. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Baltimore, MD, 31–46. https://www.usenix.org/conference/soups2018/presentation/qahtani
  44. Question Answering for Privacy Policies: Combining Computational and Legal Perspectives. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), Kentaro Inui, Jing Jiang, Vincent Ng, and Xiaojun Wan (Eds.). Association for Computational Linguistics, Hong Kong, China, 4947–4958. https://doi.org/10.18653/v1/D19-1500
  45. Visual Interactive Privacy Policy: The Better Choice?. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI ’21). ACM, New York, NY, USA, Article 66, 12 pages. https://doi.org/10.1145/3411764.3445465
  46. M. Athar Ali Robert W. Proctor and Kim-Phuong L. Vu. 2008. Examining Usability of Web Privacy Policies. International Journal of Human–Computer Interaction 24, 3 (2008), 307–328. https://doi.org/10.1080/10447310801937999
  47. Ronald W. Rogers. 1975. A Protection Motivation Theory of Fear Appeals and Attitude Change1. The Journal of Psychology 91, 1 (1975), 93–114. https://doi.org/10.1080/00223980.1975.9915803
  48. Ronald W. Rogers. 1983. Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. Social Psychology: A Source Book 1 (1983), 153–176.
  49. Designing Effective Privacy Notices and Controls. IEEE Internet Computing 21, 3 (2017), 70–77. https://doi.org/10.1109/MIC.2017.75
  50. Google Scholar. 2024. Human-Computer Interaction – Google Scholar Metrics. Retrieved May, 2024 from https://scholar.google.ca/citations?view_op=top_venues&hl=en&vq=eng_humancomputerinteraction
  51. Himani Singh and Mamta Bhusry. 2017. Privacy policy inference of multiple user-uploaded images on social context websites (Automated generation of privacy policy). In 2017 3rd International Conference on Computational Intelligence & Communication Technology (CICT). Institute of Electrical and Electronics Engineers, New York, NY, 1–5. https://doi.org/10.1109/CIACT.2017.7977304
  52. The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences. Proceedings on Privacy Enhancing Technologies 2020 (01 2020), 195–215. https://doi.org/10.2478/popets-2020-0011
  53. Daniel Solove. 2020. The Myth of the Privacy Paradox. SSRN Electronic Journal 89 (01 2020). https://doi.org/10.2139/ssrn.3536265
  54. A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behavior. In International Journal of Information Security and Privacy (IJISP), Vol. 9. IGI Global, Hershey, PA, 26–46. https://api.semanticscholar.org/CorpusID:189804062
  55. From Intent to Action: Nudging Users Towards Secure Mobile Payments. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, Berkeley, CA, 379–415. https://www.usenix.org/conference/soups2020/presentation/story
  56. Increasing Adoption of Tor Browser Using Informational and Planning Nudges. Proceedings on Privacy Enhancing Technologies 2022 (04 2022), 152–183. https://doi.org/10.2478/popets-2022-0040
  57. Perception analysis of social networks’ privacy policy: Instagram as a case study. In The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M). Institute of Electrical and Electronics Engineers, New York, NY, 1–5. https://doi.org/10.1109/ICT4M.2014.7020612
  58. Automated Categorization of Privacy Policies Based on User Perspective. In 2021 10th International Conference on Information and Automation for Sustainability (ICIAfS). Institute of Electrical and Electronics Engineers, New York, NY, 54–59. https://doi.org/10.1109/ICIAfS52090.2021.9606158
  59. Automatic Summarization of Privacy Policies Using Ensemble Learning. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY ’16). ACM, New York, NY, USA, 133–135. https://doi.org/10.1145/2857705.2857741
  60. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research 22, 2 (2011), 254–268. http://www.jstor.org/stable/23015560
  61. Content analysis and thematic analysis: Implications for conducting a qualitative descriptive study. Nursing & Health Sciences 15, 3 (2013), 398–405. https://doi.org/10.1111/nhs.12048
  62. Enhancing Password Security through Interactive Fear Appeals: A Web-Based Field Experiment. In 2013 46th Hawaii International Conference on System Sciences. Institute of Electrical and Electronics Engineers, New York, NY, 2988–2997. https://doi.org/10.1109/HICSS.2013.196
  63. Are Those Steps Worth Your Privacy? Fitness-Tracker Users’ Perceptions of Privacy and Utility. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 4, Article 181 (dec 2022), 41 pages. https://doi.org/10.1145/3494960
  64. Daricia Wilkinson and Bart Knijnenburg. 2022. Many Islands, Many Problems: An Empirical Examination of Online Safety Behaviors in the Caribbean. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI ’22). ACM, New York, NY, USA, Article 102, 25 pages. https://doi.org/10.1145/3491102.3517643
  65. Analyzing Privacy Policies at Scale: From Crowdsourcing to Automated Annotations. ACM Trans. Web 13, 1, Article 1 (dec 2018), 29 pages. https://doi.org/10.1145/3230665
  66. Crowdsourcing Annotations for Websites’ Privacy Policies: Can It Really Work?. In Proceedings of the 25th International Conference on World Wide Web (WWW ’16). International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, CHE, 133–143. https://doi.org/10.1145/2872427.2883035
  67. Automating Contextual Privacy Policies: Design and Evaluation of a Production Tool for Digital Consumer Privacy Awareness. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI ’22). ACM, New York, NY, USA, Article 34, 18 pages. https://doi.org/10.1145/3491102.3517688
  68. DescribeCtx: Context-Aware Description Synthesis for Sensitive Behaviors in Mobile Apps. In 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). Institute of Electrical and Electronics Engineers, New York, NY, 685–697. https://doi.org/10.1145/3510003.3510058
  69. Impact of gamification elements on user satisfaction in health and fitness applications: A comprehensive approach based on the Kano model. Computers in Human Behavior 128 (2022), 107106. https://doi.org/10.1016/j.chb.2021.107106
  70. How Usable Are iOS App Privacy Labels? Proc. Priv. Enhancing Technol. 2022, 4 (2022), 204–228. https://doi.org/10.56553/popets-2022-0106
  71. Shikun Zhang and Norman Sadeh. 2023. Do Privacy Labels Answer Users’ Privacy Questions?. In Workshop on Usable Security and Privacy (USEC 2023). Network and Distributed System Security (NDSS) Symposium, San Diego, CA. https://doi.org/10.14722/usec.2023.232482
  72. Automated analysis of privacy requirements for mobile apps. In 2016 AAAI Fall Symposium Series. Network and Distributed System Security (NDSS) Symposium, San Diego, CA, 15 pages. http://dx.doi.org/10.14722/ndss.2017.23034

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets