Abstract
Privacy policies are supposed to provide transparency about a service's data practices and help consumers make informed choices about which services to entrust with their personal information. In practice, those privacy policies are typically long and complex documents that are largely ignored by consumers. Even for regulators and data protection authorities privacy policies are difficult to assess at scale. Crowdsourcing offers the potential to scale the analysis of privacy policies with microtasks, for instance by assessing how specific data practices are addressed in privacy policies or extracting information about data practices of interest, which can then facilitate further analysis or be provided to users in more effective notice formats. Crowdsourcing the analysis of complex privacy policy documents to non-expert crowdworkers poses particular challenges. We discuss best practices, lessons learned and research challenges for crowdsourcing privacy policy analysis.
About the authors
Dr. Florian Schaub is a postdoctoral fellow in the School of Computer Science at Carnegie Mellon University. His research focuses on empowering users to effectively manage their privacy in complex socio-technological systems. His research interests span privacy, human-computer interaction, mobile and ubiquitous computing, and the Internet of Things. He received his Doctorate and Diplom in Computer Science from the University of Ulm, Germany, and a Bachelor in Information Technology from Deakin University, Australia.
Carnegie Mellon University, School of Computer Science, Pittsburgh, PA 15213, USA
Dr. Travis D. Breaux is an Assistant Professor appointed to the Institute for Software Research at Carnegie Mellon University. Dr. Breaux's research program searches for new methods and tools for developing correct software specifications and ensuring that software systems conform to those specifications in a transparent, reliable and trustworthy manner. His research on privacy and security has been recognized by the NSF Early CAREER award and best paper nominations from the IEEE International Requirements Engineering Conference. Dr. Breaux is a Senior member of the ACM SIGSOFT and IEEE Computer Society, he served as Chair of the USACM Privacy and Security Committee and on the USACM Executive Council.
Carnegie Mellon University, School of Computer Science, Pittsburgh, PA 15213, USA
Dr. Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University, where he leads the Usable Privacy Policy Project, currently one of the largest privacy research projects in the United States. He also directs the Mobile Commerce Lab and co-directs the School's Master's Program in Privacy Engineering. He received his PhD in Computer Science at Carnegie Mellon University with a Major in Artificial Intelligence.
Carnegie Mellon University, School of Computer Science, Pittsburgh, PA 15213, USA
Acknowledgement
The authors would like to thank all members of the Usable Privacy Policy Project for their contributions and input. This research is partially funded by the National Science Foundation under grant agreement CNS-1330596.
©2016 Walter de Gruyter Berlin/Boston