Read the Label

Lorrie CranorLorrie  Cranor

Lorrie Cranor

Ever go to purchase something online and feel that twinge of guilt for not reading a company's privacy policy?

You're not the only one.

According to Carnegie Mellon University's Lorrie Cranor, it's impossible — even for the most diligent of privacy enthusiasts.

Cranor is an associate professor of Engineering and Public Policy and Computer Science at CMU, as well director of the CyLab Usable Privacy and Security Laboratory (CUPS).

She and a research team conducted a study to estimate the time and cost of actually reading all of those privacy policies.

They found that if you consistently read the policies for the sites you visit "you would spend more hours reading than most people spend online each year."

"Most people claim that they care a lot about privacy," said Cranor. And yet, "most people have very little idea of what types of information they're giving away and what happens to it."

Privacy policies, in their current state, are inefficient for the rapid way users typically interact with the internet.

That is why CUPS has been conducting research that helps understand and improve the usability of privacy and security software and systems.

One of their recent projects was designing and conducting usability studies on an easy-to-read "nutrition label" for privacy.

"We looked at nutrition label literature to help us understand some of the lessons learned from food nutrition labels and how to apply them to the design of privacy labels," said Cranor.

The creation of the nutrition label privacy statement was an iterative process.

Students with design expertise looked at how to best convey information visually. They created multiple drafts that were tested in focus groups and lab studies.

The final drafts were used in a large online study that tested for accuracy, speed of finding information and reader enjoyment. All showed improved results when compared to traditional privacy statements.

CUPS has not yet tested whether the nutrition label statements affect consumer decisions to use a particular site.

But Cranor's previous research shows that users do change their behavior when privacy information is displayed clearly in search results.

"There's definitely a buzz in Washington about the idea of privacy nutrition labels," said Cranor.

The Federal Trade Commission wrote a report in December citing the CUPS studies on the topic and recommending standardized privacy notices.

There is still work to be done, but CMU is paving the way, demonstrating effective testing methodologies and sparking national interest in an important topic that affects all internet users.


Related Links: About Lorrie | CUPS | Engineering & Public Policy