Defining Privacy: How Users Interpret Technical Terms in Privacy Policies

• Main Authors: Tang Jenny, Shoemaker Hannah, Lerner Ada, Birrell Eleanor
• Format: Article
• Language: English
• Published: Sciendo 2021-07-01
• Series: Proceedings on Privacy Enhancing Technologies
• Subjects: privacy policies; policy transparency
• Online Access: https://doi.org/10.2478/popets-2021-0038

Recent privacy regulations such as GDPR and CCPA have emphasized the need for transparent, understandable privacy policies. This work investigates the role technical terms play in policy transparency. We identify potentially misunderstood technical terms that appear in privacy policies through a survey of current privacy policies and a pilot user study. We then run a user study on Amazon Mechanical Turk to evaluate whether users can accurately define these technical terms, to identify commonly held misconceptions, and to investigate how the use of technical terms affects users’ comfort with privacy policies. We find that technical terms are broadly misunderstood and that particular misconceptions are common. We also find that the use of technical terms affects users’ comfort with various privacy policies and their reported likeliness to accept those policies. We conclude that current use of technical terms in privacy policies poses a challenge to policy transparency and user privacy, and that companies should take steps to mitigate this effect.