Improving understanding of website privacy policies

Machine-readable privacy policies have been developed to help reduce user effort in understanding how websites will use personally identifiable information (PII). The goal of these policies is to enable the user to make informed decisions about the disclosure of personal information in web-based tra...

Full description

Bibliographic Details
Main Author: Levy, Stephen Eric
Other Authors: Vassileva, Julita
Format: Others
Language:en
Published: University of Saskatchewan 2005
Subjects:
P3P
Online Access:http://library.usask.ca/theses/available/etd-01212005-144210/
Description
Summary:Machine-readable privacy policies have been developed to help reduce user effort in understanding how websites will use personally identifiable information (PII). The goal of these policies is to enable the user to make informed decisions about the disclosure of personal information in web-based transactions. However, these privacy policies are complex, requiring that a user agent evaluate conformance between the users privacy preferences and the sites privacy policy, and indicate this conformance information to the user. The problem addressed in this thesis is that even with machine-readable policies and current user agents, it is still difficult for users to determine the cause and origin of a conflict between privacy preferences and privacy policies. The problem arises partly because current standards operate at the page level: they do not allow a fine-grained treatment of conformance down to the level of a specific field in a web form. In this thesis the Platform for Privacy Preferences (P3P) is extended to enable field-level comparisons, field-specific conformance displays, and faster access to additional field-specific conformance information. An evaluation of a prototype agent based on these extensions showed that they allow users to more easily understand how the website privacy policy relates to the users privacy preferences, and where conformance conflicts occur.