Skip to main content
Springer Nature Link
Log in

Making EULA Great Again: A Novel Nudge Mechanism to Improve Readability, User Attention and Awareness

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15416))

Included in the following conference series:

  • 367 Accesses

Abstract

Software End User License Agreements (EULAs) are notoriously dense legal documents that users often skim over without fully understanding their implications, including privacy-related clauses. This research proposes a novel approach to improve the readability and privacy awareness of EULAs by implementing a nudge tool to improve user attention and comprehension of EULA contents. Through natural language processing technique, privacy-sensitive keywords within EULAs are identified and visually emphasized for users. By drawing attention to EULA clauses related to data collection, sharing, and security, users can make more informed decisions about their privacy when agreeing to software terms. Detailed user experiments involving 173 participants are performed to evaluate the effectiveness of the proposed approach demonstrating significant improvements in comprehension and awareness of privacy implications compared to traditional EULAs. The developed nudge tool is released and made freely available for the interesting readers (https://github.com/Data-and-Design-Lab/EULA-plugin/).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users’ choices online. ACM Comput. Surv. (CSUR) 50(3), 1–41 (2017)

    Article  Google Scholar 

  2. Alabduljabbar, A., Abusnaina, A., Meteriz-Yildiran, Ü., Mohaisen, D.: TLDR: deep learning-based automated privacy policy annotation with key policy highlights. In: Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society, pp. 103–118 (2021)

    Google Scholar 

  3. Anderson, J.: Nudge: improving decisions about health, wealth, and happiness, Richard H. Thaler and Cass R. Sunstein. Yale University Press, 2008. x+ 293 pages. [paperback edition, penguin, 2009, 320 pages.]. Econ. Philos. 26(3), 369–376 (2010)

    Google Scholar 

  4. Binns, R., Matthews, D.: Community structure for efficient information flow in ‘tos; dr’, a social machine for parsing legalese. In: Proceedings of the 23rd International Conference on World Wide Web, pp. 881–884 (2014)

    Google Scholar 

  5. Brunotte, W., Chazette, L., Kohler, L., Klunder, J., Schneider, K.: What about my privacy? Helping users understand online privacy policies. In: Proceedings of the International Conference on Software and System Processes and International Conference on Global Software Engineering, pp. 56–65 (2022)

    Google Scholar 

  6. Bui, D., Shin, K.G., Choi, J.-M., Shin, J.: Automated extraction and presentation of data practices in privacy policies. In: Proceedings on Privacy Enhancing Technologies (2021)

    Google Scholar 

  7. Butters, R.R.: Trademark linguistics: trademarks: language that one owns. In: The Routledge Handbook of Forensic Linguistics, pp. 364–381. Routledge (2020)

    Google Scholar 

  8. Campos, R., Mangaravite, V., Pasquali, A., Jorge, A., Nunes, C., Jatowt, A.: Yake! keyword extraction from single documents using multiple local features. Inf. Sci. 509, 257–289 (2020)

    Article  Google Scholar 

  9. Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2013)

    Article  Google Scholar 

  10. Caraban, A., Karapanos, E., Gonçalves, D., Campos, P.: 23 ways to nudge: a review of technology-mediated nudging in human-computer interaction. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–15 (2019)

    Google Scholar 

  11. Castleman, B.L., Page, L.C.: Summer nudging: can personalized text messages and peer mentor outreach increase college going among low-income high school graduates? J. Econ. Behav. Organ. 115, 144–160 (2015)

    Article  Google Scholar 

  12. Cherry, M.A.: A eulogy for the Eula. Duq. L. Rev. 52, 335 (2014)

    Google Scholar 

  13. Cranor, L.F.: P3P: making privacy policies more useful. IEEE Secur. Privacy 1(6), 50–55 (2003)

    Article  Google Scholar 

  14. Cranor, L.F., Reagle, J., Ackerman, M.S.: Beyond concern: understanding net users’ attitudes about online privacy (2000)

    Google Scholar 

  15. Cutler, A., Rivest, J., Cavanagh, P.: The role of memory color in visual attention. Attention Perception Psychophysics 86(1), 28–35 (2024)

    Article  Google Scholar 

  16. Desautels, E.: Software license agreements: ignore at your own risk

    Google Scholar 

  17. Dowthwaite, L., et al.: “It’s your private information. it’s your life”. Young people’s views of personal data use by online technologies. In: Proceedings of the Interaction Design and Children Conference, pp. 121–134 (2020)

    Google Scholar 

  18. Ericson, J.D., Albert, W.S., Bernard, B.P., Brown, E.: End-user license agreements (eulas) investigating the impact of human-centered design on perceived usability, attitudes, and anticipated behavior. Inf. Des. J. 26(3), 193–215 (2021)

    Google Scholar 

  19. Grootendorst, M.: Keyword extraction with BERT. Towards Data Science (2021)

    Google Scholar 

  20. Halpern, D., Sanders, M.: Nudging by government: progress, impact, & lessons learned. Behav. Sci. Policy 2(2), 53–65 (2016)

    Article  Google Scholar 

  21. Hardeniya, N., Perkins, J., Chopra, D., Joshi, N., Mathur, I.: Natural Language Processing: Python and NLTK. Packt Publishing Ltd. (2016)

    Google Scholar 

  22. Hsieh, P.-H., Hsu, P.-I.: Displaying software installation agreements to motivate users’ reading. Int. J. Hum.-Comput. Interact. 1–18 (2022)

    Google Scholar 

  23. Jacowitz, K.E., Kahneman, D.: Measures of anchoring in estimation tasks. Pers. Soc. Psychol. Bull. 21(11), 1161–1166 (1995)

    Article  Google Scholar 

  24. Khan, B., Syed, T., Khan, Z., Rafi, M.: Textual analysis of end user license agreement for red-flagging potentially malicious software. In: 2020 International Conference on Electrical, Communication, and Computer Engineering (ICECCE), pp. 1–5. IEEE (2020)

    Google Scholar 

  25. Kortum, P.T., Bangor, A.: Usability ratings for everyday products measured with the system usability scale. Int. J. Hum.-Comput. Interact. 29(2), 67–76 (2013)

    Article  Google Scholar 

  26. Kretschmer, M., Pennekamp, J., Wehrle, K.: Cookie banners and privacy policies: measuring the impact of the GDPR on the web. ACM Trans. Web (TWEB) 15(4), 1–42 (2021)

    Article  Google Scholar 

  27. Liu, F., Wilson, S., Story, P., Zimmeck, S., Sadeh, N.: Towards automatic classification of privacy policy text. School of Computer Science Carnegie Mellon University (2018)

    Google Scholar 

  28. Manandhar, S., Singh, K., Nadkarni, A.: Towards automated regulation analysis for effective privacy compliance. In: ISOC Network and Distributed System Security Symposium (2024)

    Google Scholar 

  29. McDonald, A.M., Reeder, R.W., Kelley, P.G., Cranor, L.F.: A comparative study of online privacy policies and formats. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 37–55. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_3

    Chapter  Google Scholar 

  30. Nowrozy, R., Ahmed, K., Kayes, A.S.M., Wang, H., McIntosh, T.R.: Privacy preservation of electronic health records in the modern era: a systematic survey. ACM Comput. Surv. (2024)

    Google Scholar 

  31. Obar, J.A., Oeldorf-Hirsch, A.: The biggest lie on the internet: ignoring the privacy policies and terms of service policies of social networking services. Inf. Commun. Soc. 23(1), 128–147 (2020)

    Article  Google Scholar 

  32. Ortloff, A.-M., Zimmerman, S., Elsweiler, D., Henze, N.: The effect of nudges and boosts on browsing privacy in a naturalistic environment. In: Proceedings of the 2021 Conference on Human Information Interaction and Retrieval, pp. 63–73 (2021)

    Google Scholar 

  33. Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)

    Article  Google Scholar 

  34. Regulwar, G.B., Majji, R., Kottu, S.K., Kachi, A., Sureddy, R.R.: Content analysis and visualization of privacy policy using privacy management. In: AIP Conference Proceedings, vol. 2942. AIP Publishing (2024)

    Google Scholar 

  35. Reinhardt, D., Borchard, J., Hurtienne, J.: Visual interactive privacy policy: the better choice? In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2021)

    Google Scholar 

  36. Richardson, L.: Beautiful soup documentation (2007)

    Google Scholar 

  37. Stiglitz, J., Barkley Rosser, J., et al.: A Nobel prize for asymmetric information: the economic contributions of George Akerlof, Michael Spence and Joseph Stiglitz. In: Leading Contemporary Economists, pp. 162–181. Routledge (2008)

    Google Scholar 

  38. Rossi, A., Palmirani, M.: A visualization approach for adaptive consent in the European data protection framework. In: 2017 Conference for E-Democracy and Open Government (CeDEM), pp. 159–170. IEEE (2017)

    Google Scholar 

  39. Schellekens, M.: Is an icon worth a thousand words? Grounded legal strategies for standardised icons under the GDPR (2023)

    Google Scholar 

  40. Schufrin, M., Reynolds, S.L., Kuijper, A., Kohlhammer, J.: A visualization interface to improve the transparency of collected personal data on the Internet. IEEE Trans. Vis. Comput. Graph. 27(2), 1840–1849 (2020)

    Article  Google Scholar 

  41. Simon, H.A.: Models of Bounded Rationality: Empirically Grounded Economic Reason, vol. 3. MIT Press, Cambridge (1997)

    Book  Google Scholar 

  42. Solove, D.J.: The myth of the privacy paradox. Geo. Wash. L. Rev. 89(1) (2021)

    Google Scholar 

  43. Tversky, A., Kahneman, D.: Judgment under uncertainty: heuristics and biases: biases in judgments reveal some heuristics of thinking under uncertainty. Science 185(4157), 1124–1131 (1974)

    Article  Google Scholar 

  44. Waddell, T.F., Auriemma, J.R., Sundar, S.S.: Make it simple, or force users to read? paraphrased design improves comprehension of end user license agreements. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pp. 5252–5256 (2016)

    Google Scholar 

  45. Zhang, S., Sadeh, N.: Do privacy labels answer users’ privacy questions? In: Workshop on Usable Security and Privacy (2023)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Dhaka, Dhaka, 1000, Bangladesh

    Shamim Bin Zahid, Aishwarya Ghosh Bristy, Md. Musfikur Hasan Oli, Md. Fahim, Sarker Tanveer Ahmed Rumee & Moinul Islam Zaber

  2. Data and Design Lab, University of Dhaka, Dhaka, 1000, Bangladesh

    Sarker Tanveer Ahmed Rumee & Moinul Islam Zaber

Authors
  1. Shamim Bin Zahid
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aishwarya Ghosh Bristy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Md. Musfikur Hasan Oli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Md. Fahim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sarker Tanveer Ahmed Rumee
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Moinul Islam Zaber
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sarker Tanveer Ahmed Rumee .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Bombay, Mumbai, Maharashtra, India

    Vishwas T. Patil

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Ram Krishnan

  3. Indian Institute of Technology Bombay, Mumbai, Maharashtra, India

    Rudrapatna K. Shyamasundar

Ethics declarations

Ethics and Safety

For the user studies described in this paper, we received an Institutional Review Board (IRB) certificate for human subjects research, approved study questionnaire, and ensured no personally identifiable data was collected from the participants.

Appendices

A Privacy Sensitive Keywords in EULA

Table 4. Privacy Sensitive Keyword List
Full size table

B Snapshot of Proposed Nudge Tool in Alerting Users on EULA Contents

Fig. 8.
figure 8

Nudge tool (Browser extension) to generate categorized and color-coded warnings of privacy issues in EULA (Color figure online)

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zahid, S.B., Bristy, A.G., Oli, M.M.H., Fahim, M., Rumee, S.T.A., Zaber, M.I. (2025). Making EULA Great Again: A Novel Nudge Mechanism to Improve Readability, User Attention and Awareness. In: Patil, V.T., Krishnan, R., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2024. Lecture Notes in Computer Science, vol 15416. Springer, Cham. https://doi.org/10.1007/978-3-031-80020-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-80020-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-80019-1

  • Online ISBN: 978-3-031-80020-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics