Related papers: Fighting the Fog: Evaluating the Clarity of Privacy Disclosures in the Age of CCPA

Fighting the Fog: Evaluating the Clarity of Privacy Disclosures in the Age of CCPA

URL: http://arxiv.org/abs/2109.13816v1
Date: Tue, 28 Sep 2021 15:40:57 GMT
Title: Fighting the Fog: Evaluating the Clarity of Privacy Disclosures in the Age of CCPA
Authors: Rex Chen, Fei Fang, Thomas Norton, Aleecia M. McDonald, Norman Sadeh
Abstract summary: Vagueness and ambiguity in privacy policies threaten the ability of consumers to make informed choices about how businesses collect, use, and share personal information. The California Consumer Privacy Act (CCPA) of 2018 was intended to provide Californian consumers with more control by mandating that businesses clearly disclose their data practices. Our results suggest that CCPA's mandates for privacy disclosures, as currently implemented, have not yet yielded the level of clarity they were designed to deliver.
Score: 29.56312492076473
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Vagueness and ambiguity in privacy policies threaten the ability of consumers to make informed choices about how businesses collect, use, and share their personal information. The California Consumer Privacy Act (CCPA) of 2018 was intended to provide Californian consumers with more control by mandating that businesses (1) clearly disclose their data practices and (2) provide choices for consumers to opt out of specific data practices. In this work, we explore to what extent CCPA's disclosure requirements, as implemented in actual privacy policies, can help consumers to answer questions about the data practices of businesses. First, we analyzed 95 privacy policies from popular websites; our findings showed that there is considerable variance in how businesses interpret CCPA's definitions. Then, our user survey of 364 Californian consumers showed that this variance affects the ability of users to understand the data practices of businesses. Our results suggest that CCPA's mandates for privacy disclosures, as currently implemented, have not yet yielded the level of clarity they were designed to deliver, due to both vagueness and ambiguity in CCPA itself as well as potential non-compliance by businesses in their privacy policies.

Related papers

Collection, usage and privacy of mobility data in the enterprise and public administrations [55.2480439325792]
Security measures such as anonymization are needed to protect individuals' privacy. Within our study, we conducted expert interviews to gain insights into practices in the field. We survey privacy-enhancing methods in use, which generally do not comply with state-of-the-art standards of differential privacy.
arXiv Detail & Related papers (2024-07-04T08:29:27Z)
Measuring Compliance with the California Consumer Privacy Act Over Space and Time [7.971611687303297]
The California Consumer Privacy Act (CCPA) mandates that online businesses offer consumers the option to opt out of the sale and sharing of personal information. Our study automatically tracks the presence of the opt-out link longitudinally across multiple states after the California Privacy Rights Act (CPRA) went into effect. We find a number of websites that implement the opt-out link early and across all examined states but also find a significant number of CCPA-subject websites that fail to offer any opt-out methods even when CCPA is in effect.
arXiv Detail & Related papers (2024-03-25T21:57:31Z)
Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z)
Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA) [4.429726534947266]
The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA. We compare the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies.
arXiv Detail & Related papers (2023-04-03T13:02:49Z)
A Value-Centered Exploration of Data Privacy and Personalized Privacy Assistants [0.0]
I suggest instead of utilizing informed consent we could create space for more value-centered user decisions. I utilize Suzy Killmister's four-dimensional theory of autonomy to operationalize value-centered privacy decisions.
arXiv Detail & Related papers (2022-12-01T14:26:33Z)
Privacy Explanations - A Means to End-User Trust [64.7066037969487]
We looked into how explainability might help to tackle this problem. We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required. Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
arXiv Detail & Related papers (2022-10-18T09:30:37Z)
An Empirical Evaluation of the Implementation of the California Consumer Privacy Act (CCPA) [0.0]
On January 1, 2020, California passed the California Consumer Privacy Act (CCPA) by more than 56% of voters. This paper was about an empirical evaluation of the implementation of the California Consumer Privacy Act.
arXiv Detail & Related papers (2022-05-19T23:28:41Z)
Is Downloading this App Consistent with my Values? Conceptualizing a Value-Centered Privacy Assistant [0.0]
I propose that data privacy decisions can be understood as an expression of user values. I further propose the creation of a value-centered privacy assistant (VcPA)
arXiv Detail & Related papers (2021-06-23T15:08:58Z)
PCAL: A Privacy-preserving Intelligent Credit Risk Modeling Framework Based on Adversarial Learning [111.19576084222345]
This paper proposes a framework of Privacy-preserving Credit risk modeling based on Adversarial Learning (PCAL) PCAL aims to mask the private information inside the original dataset, while maintaining the important utility information for the target prediction task performance. Results indicate that PCAL can learn an effective, privacy-free representation from user data, providing a solid foundation towards privacy-preserving machine learning for credit risk analysis.
arXiv Detail & Related papers (2020-10-06T07:04:59Z)
A vision for global privacy bridges: Technical and legal measures for international data markets [77.34726150561087]
Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil" An open conflict is arising between business demands for data and a desire for privacy. We propose and test a vision of a personal information market with privacy.
arXiv Detail & Related papers (2020-05-13T13:55:50Z)
Beyond privacy regulations: an ethical approach to data usage in transportation [64.86110095869176]
We describe how Federated Machine Learning can be applied to the transportation sector. We see Federated Learning as a method that enables us to process privacy-sensitive data, while respecting customer's privacy.
arXiv Detail & Related papers (2020-04-01T15:10:12Z)

This list is automatically generated from the titles and abstracts of the papers in this site.