A user study of the expandable grid applied to P3P privacy policy visualization

Abstract

Displaying website privacy policies to consumers in ways they understand is an important part of gaining consumers' trust and informed consent, yet most website privacy policies today are presented in confusing, legalistic natural language. Moreover, because website privacy policy presentations vary from website to website, policies are difficult to compare and it is difficult for consumers to determine which websites offer the best privacy protections. The Platform for Privacy Preferences P3P) addresses part of the problem with natural language policies by providing a formal, machine-readable language for expressing privacy policies in a manner that is standardized across websites. To address remaining problems, an automated tool must be developed to read P3P policies and display them to users in a comprehensible way. To this end, we have developed a P3P policy presentation tool based on the Expandable Grid, a visualization technique for displaying policies in an interactive matrix. In prior work, the Expandable Grid has been shown to work well for displaying file permissions policies, so it appears to hold promise for presenting online privacy policies as well. To evaluate our Expandable Grid interface, we conducted two user studies, an online study with 520 participants and a laboratory study with 12 participants. The studies compared participants' comprehension of privacy policies presented with the Grid interface with their comprehension of the same policies presented in natural language. To our surprise, comprehension of policies was, for the most part, no better with the Grid interface than with natural language. We describe why the Grid interface did not perform well in our study and discuss implications for when and how the Expandable Grid concept can be usefully applied.