Search the site

The University of Manchester Library

In April 2016 Manchester eScholar was replaced by the University of Manchester’s new Research Information Management System, Pure. In the autumn the University’s research outputs will be available to search and browse via a new Research Portal. Until then the University’s full publication record can be accessed via a temporary portal and the old eScholar content is available to search and browse via this archive.

USER CENTRIC PRIVACY POLICY MODELLING

Kununka, Sophia

[Thesis]. Manchester, UK: The University of Manchester; 2019.

Access to files

Abstract

The growing uptake of mobile applications (apps) has significant implications for end user privacy. The default solution is the provision of mobile privacy policies which serve as a contract between users and app service providers. However, privacy policies have been critiqued as difficult to understand by users and not providing any degree of control over personal privacy. This is because policies are written by service providers and are legal-like and technical motivated by requirements for compliance rather than users ability to understand. Research into the design of alternative policy representations exists yet the involvement of users in the design of alternative representations has generally been limited. This work aims to design effective representation of a privacy policy by incorporating the end users perspective into the design of policies. An exploration of the privacy policy domain was conducted through the analysis of 100 representative app privacy policies from which a reference model of privacy terms was developed. The end users perspective has been explored through an early user study set to establish users mental models, control needs and representation preferences. Findings show that whilst initial mental models are largely reflective of the predominant conventional full length privacy policies, users are open to innovations and in fact show clear preference for alternative policy representations that are more structured and visual in nature. The reference model of privacy terms and the findings of the early user study enabling user centric design of privacy policy are two of the contributions of this thesis. The third and main contribution of this thesis is the integration of these two results in the user-centred design of an effective privacy policy representation. Effectiveness means the representation is comprehensive, informative and facilitates greater user control over privacy. The representation developed in this thesis is evaluated against the conventional policy. Results demonstrate that the representation’s comprehensiveness is rated 10% better and was tested by measuring users’ accuracy in information finding, certainty of finding desired information, and appeal in information finding. Its informativeness was rated 59% better and was tested by measuring users’ likelihood to read policies if they resembled the representation and the time needed to find information. Its level of user control over privacy was rated 32% better and was tested by measuring users’ ability to specify and alter privacy options. Overall, the proposed policy representation meets the aim of this thesis by incorporating the user perspectives allowing the creation of privacy policies which facilitate informed consent and user control over personal information.

Bibliographic metadata

Type of resource:
Content type:
Administered thesis
Form of thesis:
Traditional
Type of submission:
Doctoral level ETD - final
Thesis title:
USER CENTRIC PRIVACY POLICY MODELLING
Degree type:
Doctor of Philosophy
Degree programme:
PhD Business and Management
Publication date:
2019-05-20T14:47:05
Institution:
The University of Manchester
Location:
Manchester, UK
Total pages:
203
Abstract:
The growing uptake of mobile applications (apps) has significant implications for end user privacy. The default solution is the provision of mobile privacy policies which serve as a contract between users and app service providers. However, privacy policies have been critiqued as difficult to understand by users and not providing any degree of control over personal privacy. This is because policies are written by service providers and are legal-like and technical motivated by requirements for compliance rather than users ability to understand. Research into the design of alternative policy representations exists yet the involvement of users in the design of alternative representations has generally been limited. This work aims to design effective representation of a privacy policy by incorporating the end users perspective into the design of policies. An exploration of the privacy policy domain was conducted through the analysis of 100 representative app privacy policies from which a reference model of privacy terms was developed. The end users perspective has been explored through an early user study set to establish users mental models, control needs and representation preferences. Findings show that whilst initial mental models are largely reflective of the predominant conventional full length privacy policies, users are open to innovations and in fact show clear preference for alternative policy representations that are more structured and visual in nature. The reference model of privacy terms and the findings of the early user study enabling user centric design of privacy policy are two of the contributions of this thesis. The third and main contribution of this thesis is the integration of these two results in the user-centred design of an effective privacy policy representation. Effectiveness means the representation is comprehensive, informative and facilitates greater user control over privacy. The representation developed in this thesis is evaluated against the conventional policy. Results demonstrate that the representation’s comprehensiveness is rated 10% better and was tested by measuring users’ accuracy in information finding, certainty of finding desired information, and appeal in information finding. Its informativeness was rated 59% better and was tested by measuring users’ likelihood to read policies if they resembled the representation and the time needed to find information. Its level of user control over privacy was rated 32% better and was tested by measuring users’ ability to specify and alter privacy options. Overall, the proposed policy representation meets the aim of this thesis by incorporating the user perspectives allowing the creation of privacy policies which facilitate informed consent and user control over personal information.
Keyword(s):
Thesis main supervisor(s):
Thesis co-supervisor(s):
Degree grantor:
Language:
en

Institutional metadata

University researcher(s):
Academic department(s):

Record metadata

Manchester eScholar ID:
uk-ac-man-scw:319522
Created by:
Kununka, Sophia
Created:
20th May, 2019, 13:47:05
Last modified by:
Kununka, Sophia
Last modified:
3rd June, 2019, 10:55:36

Can we help?

The library chat service will be available from 11am-3pm Monday to Friday (excluding Bank Holidays). You can also email your enquiry to us.