Privacy, Notice, and Design

56 Pages Posted: 6 Oct 2016 Last revised: 10 Dec 2019

See all articles by Ari Ezra Waldman

Ari Ezra Waldman

University of California, Irvine School of Law

Date Written: March 16, 2016

Abstract

Design configures our relationship with a space, whether offline or online. In particular, the design of built online environments can constrain our ability to understand and respond to websites’ data use practices or it can enhance agency by giving us control over information. Design, therefore, poses dangers and offers opportunity to protect privacy online. This Article is a comprehensive theoretical and empirical approach to the design of privacy policies.

Privacy notices today do not convey information in a way understandable to most internet users. This is because they are designed without the needs of real people in mind. They are written by lawyers and for lawyers, and they ignore the way most of us make disclosure decisions online. They also ignore design. This Article argues that in addition to focusing on content, privacy regulators and technology companies must also consider the ways that privacy policy design — the artistic and structural choices that frame and present a company’s privacy terms to the public — can manipulate or coerce users into making risky privacy choices. I present empirical evidence of the designs currently employed by privacy policies and the effect of different designs on user choices. This research shows that supposedly “user-friendly” designs are not always boons to consumers; design strategies can manipulate users into making bad choices just as easily as they can enhance transparency. This suggests that recommending “user-friendly” design is not enough. Rather, privacy regulators, including the Federal Trade Commission and state attorneys general and legislators, must ensure that privacy policies, and the websites that display them, are designed in ways that enhance transparency. And corporations must institutionalize the importance of notice design throughout the organizations.

Suggested Citation

Waldman, Ari Ezra, Privacy, Notice, and Design (March 16, 2016). Stanford Technology Law Review, Vol. 21, 2018, Available at SSRN: https://ssrn.com/abstract=2780305 or http://dx.doi.org/10.2139/ssrn.2780305

Ari Ezra Waldman (Contact Author)

University of California, Irvine School of Law ( email )

401 E. Peltason Dr.
Ste. 1000
Irvine, CA 92697-1000
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
289
Abstract Views
1,387
Rank
192,349
PlumX Metrics