Home → Opinion → Articles → Metrics for Success: Why and How to Evaluate Privacy... → Abstract

Metrics for Success: Why and How to Evaluate Privacy Choice Usability

By Lorrie Faith Cranor, Hana Habib

Communications of the ACM, Vol. 66 No. 3, Pages 35-37

[article image]

Privacy regulations around the world frequently include requirements for websites and apps to obtain informed consent from users prior to collecting, processing, or sharing their personal information, or to provide easy opportunities for users to opt-out of certain uses of their data. This has led to a proliferation of privacy choice and consent interfaces, many of which provide consent opportunities that are hardly informed, frequently difficult to find and use,5 and all-too-often deceptive.7

Examples of bad privacy choice and consent mechanisms are easy to find, and figure prominently in recent regulatory actions. Cookie consent banners frequently nudge users to accept all cookies by making that choice most prominent and requiring users to follow a link to a secondary interface if they want to take any other action.2 In December 2022, the U.S. Federal Trade Commission secured two settlements with Fortnite video game creator Epic Games, totaling $520 million in fines and refunds due to a number of violations, including some related to deceptive interface design. Among other problems, the FTC explained, "Fortnite's counterintuitive, inconsistent, and confusing button configuration led players to incur unwanted charges based on the press of a single button."3


No entries found