Abstract
Privacy notices and consent forms are the means of conveying privacy policy information to users. In Europe, a valid consent needs to be confirmed by a clear affirmative action. Despite previous research, it is not yet clear whether user engagement with consent forms via different types of interactions for confirming consent may play a significant role in effectively drawing user attention to the content, even after repeated exposure. We investigate, in a laboratory study, how different types of interactions that engage users with consent forms differ in terms of their effectiveness, efficiency, and user satisfaction. In addition, we examine if and how habituation affects user attention and satisfaction, and the time they spend on giving their consent. We conducted a controlled experiment with 80 participants in four different groups where people either were engaged actively with the policy content via Drag and Drop (DAD), Swipe, or Checkboxes, or were not actively engaged with the content (as the control condition) in a first-exposure phase and in a habituation phase. We measured user attention to consent forms along multiple dimensions, including direct, objective measurements and indirect, self-reported measures. Our results show that the different types of interactions may affect user attention to certain parts of policy information. In particular, the DAD action results in significantly more user attention to the data items compared to other groups. However, with repeated exposure to consent forms, the difference disappears. We conclude that user engagement with policy content needs to be designed with care, so that attention to substantial policy information is increased and not negatively affected.
Highlights
Given the number of online services users access through different channels, the numerous digital trails they leave, and the amount of data processed by service providers, it comes as no surprise that researchers are actively seeking to devise guidelines and solutions for protecting users’ data privacy
6 RESULTS we report the results of indirect measures of attention to consent forms in Phase 1 and Phase 2 and compare them with the results concerning direct measures of user attention
The results showed that, in Phase 2, after repeated exposure to the consent forms, the initially significantly more fixations observed in Phase 1 on data items in the Drag and Drop (DAD) group and those on the purposes of processing in the DAD, Swipe, and Checkbox groups disappeared and fixations on content became more similar across all groups
Summary
Given the number of online services users access through different channels, the numerous digital trails they leave, and the amount of data processed by service providers, it comes as no surprise that researchers are actively seeking to devise guidelines and solutions for protecting users’ data privacy. The problems with privacy notices, in addition, influence service providers that rely on informed consent as the legal basis for processing personal data, because they cannot fully depend on the consent they obtain [50]. Ex-ante transparency concerns the information that should be provided to users before collecting any of their personal data and it is a precondition for consent. The individuals’ intention of agreeing to the processing of their personal data, given by a statement or a clear affirmative action, is considered consent if it is unambiguous, specific, informed and freely given (Article 4 (11) GDPR). Ticking a box, choosing technical settings or any other statements that clearly show the individuals’ acceptance of the processing of their personal data are valid affirmative actions, according to Recital 32 GDPR. Silence, pre-selected checkboxes or inactivity are inadequate for inferring consent, according to Recital 32 GDPR
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
