This paper from Carnegie Mellon University’s CyLab by Patrick Gage Kelley, Lucian Cesca, Joanna Bresee and Lorrie Faith Cranor compares this standardized format and two short variants (one tabular, one text) with the current status quo of privacy notices: full text natural language policies and layered policies. The researchers conducted an online user study of 789 participants to test if these three more intentionally designed, standardized privacy policy formats, assisted by consumer education, can benefit consumers. Our results show that providing standardized privacy policy presentations can have significant positive effects on accuracy of information finding, overall speed and reader enjoyment with privacy policies. (Revised January 12, 2010).
Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach
Related Stories
U.S. State Data Breach Lists
Many U.S. state agencies publish lists of reported data breaches in their respective state. Below are links to the published lists. We welcome the assistance of IAPP members. If critical resources are missing or become available, please let us know at research@iapp.org.
Please note this resource ...
eBook – Top 10 operational responses to the GDPR
In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the EU General Data Protection Regulation. Now, with the May 25, 2018, GDPR-implementation deadline looming, the IAPP is releasing a companion series to present common p...
GDPR: How to create best practice privacy notices (with examples)
This econsultancy.com article offers guidance on creating GDPR-compliant privacy notices, including examples of user interfaces that fit with the GDPR's requirements that notices are clear, concise and easily understandable....
Article 49 Derogations — Summary Table with Examples
There are specific recitals that relate to the derogations in Article 49, as well as detailed guidance from the EDPB. Before attempting to rely on the derogations, organizations need to be aware of these additional considerations. This table summarizes this material so readers can see at a glance th...
State Data Breach Notification Chart
U.S. data breach notification laws vary across all 50 states and U.S. territories. Each law must be applied to every factual scenario to determine if a notification requirement is triggered. To assist practitioners, the IAPP created a chart containing information from each state or territory’s data ...