Online services collect an increasing amount of data about their users. Privacy policies are currently the only common way to inform users about the kinds of data collected, stored, and processed by online services. Previous work showed that users do not read and understand privacy policies, due to their length, difficult language, and often non-prominent location (see e.g. [5]). A promising approach is embedding privacy-relevant information directly in the context of use to help users understand the privacy implications of using online services [2, 3]. This has been coined Contextual Privacy Policies (CPPs). By prototypically implementing CPPs as a browser extension we showed, that they are generally well-received by participants [1].
In our previous work, we evaluated CPPs in a natural setting over multiple days with a prototypical implementation for seven common websites. Which and where we showed privacy information was, however, hardcoded. Supporting an additional website required to manually retrieve the site’s privacy policy, identifying relevant information that can be shown in context as well as identifying anchors to show the CPP. Thus, the approach was sufficient to study the effects of CPPs but does not scale to real-world use.
This thesis aims to evolve CPPs from a prototypical implementation to a real-world browser extension to show that CPPs are indeed a feasible approach to make privacy policies accessible to the average web users. The CPPs will be evaluated through a naturalistic deployment.
Experience with browser extension development for Chrome/Firefox