Evaluating the Readability of Privacy Policies in Mobile Environments

Introduction

Computing is undergoing a trend-shift from an environment dominated by desktops and servers to mobile environments such as smart phones, PDA’s, and various handheld devices. The success of mobile commerce has led to the large-scale development of applications for mobile users, providing easy access to the purchase of products using such devices. Most companies or organizations post one or more privacy policy documents on their websites to educate users and enhance security. A privacy policy can be described as a comprehensive description of a website’s practices on collecting, using and protecting user information. A privacy policy defines what information is collected, the purpose of information collection, and how this will be handled, stored, and used. Furthermore, it provides information on whether customers are allowed to access the collected information and to resolve privacy-related disputes with the website, etc (Story, 2007, para. 1). A poll conducted by CBS News (CBS) and The New York Times (Wobbrock, 2007) showed that 82% of respondents believe that the right to privacy is either under serious threat or is already lost. In addition, Internet users are concerned about companies collecting personal information and any risk that information may be shared with others inappropriately (Roberts, 2005, para. 1).

Unfortunately, the current privacy policies published on websites are usually long, complex and difficult for the end users to read and comprehend. Research has found that many online privacy policies lack clarity and most require a reading skill considerably higher than the Internet population’s average literacy level (Jensen & Potts, 2004). For privacy policies to be useful, they must be readable by online users who visit and use the website. This means that the privacy notice should be written at an appropriate level, and should be easy to navigate for information. There is a need to improve the current policies to help Internet users to read and understand website privacy policies and increase privacy awareness. A privacy policy must contain the following information for users (Federal Trade Commission, 2007):

• ❖ How and where collected user information is used?

• ❖ Whether the information can be linked to an individual

• ❖ What happens to the information that has been collected?

• ❖ If the information is shared with other websites or companies

• ❖ Does the website install any software on the user system?

In this paper, we shall address the following fundamental question: Is readability affected in a mobile environment? More precisely, we shall focus on understanding the impact of display constraints of mobile devices on the readability of privacy policies. In this work, we shall study readability of policies in mobile devices and compare the results of mobile and desktop environments. The remainder of this paper is organized as follows: the next section provides an introduction to the issues and current directions associated with improving the readability of privacy policies. Next, the obvious readability challenge of mobile devices, namely screen size, is covered and others such as connection fees, lack of standards, and how user mobility affects readability. Then we explain some of the serious shortcomings of readability formulas and propose the Cloze test as a reliable replacement. The section concludes with a practical example of a Cloze test. Then, the readability of privacy policies on mobile devices is empirically explored. Next, we ask the question, do people prefer the mobile or desktop environments for readability? Not surprisingly, readers find the mobile environment significantly more difficult to comprehend privacy policies. Then suggestions are made in terms of what directions may be viable to resolve this problem; finally, the paper is concluded.