From Design Requirements to Effective Privacy Notifications: Empowering Users of Online Services to Make Informed Decisions

Abstract

Privacy notifications issued by Transparency-Enhancing Tools (TETs) constitute a conceptual means of informing users of online data services about how their personal data are processed. We elicit a set of design requirements that reflect the particularities of privacy notifications received on mobile phones. Pursuing the principles of human-centered design, we evaluate the efficacy of a prototypical implementation for the context of personal health tracking in an iterative lab study. Our findings show that privacy notifications have the potential to facilitate usable transparency and informed decision-making in terms of improving privacy in the designated usage context. The feedback obtained during the evaluation of the prototype lends itself to a refined set of design requirements. We discuss these requirements as building blocks that can help designers create usable artifacts that accommodate the needs of users of mobile health services.