Content uploaded by Nima Zargham
Author content
All content in this area was uploaded by Nima Zargham on Oct 11, 2022
Content may be subject to copyright.
It’s Long and Complicated! Enhancing One-Pager Privacy Policies
in Smart Home Applications
Mehrdad Bahrini
Digital Media Lab
University of Bremen
Bremen, Germany
mbahrini@uni-bremen.de
Nima Zargham
Digital Media Lab
University of Bremen
Bremen, Germany
zargham@uni-bremen.de
Alexander Wol
Digital Media Lab
University of Bremen
Bremen, Germany
awol@uni-bremen.de
Dennis-Kenji Kipker
Certavo GmbH - International
Compliance Management
Bremen, Germany
dennis.kipker@certavo.de
Karsten Sohr
Digital Media Lab
University of Bremen
Bremen, Germany
sohr@tzi.de
Rainer Malaka
Digital Media Lab
University of Bremen
Bremen, Germany
malaka@tzi.de
ABSTRACT
With the proliferation of smart home devices, domains where users’
data is processed are becoming an important issue for data protec-
tion authorities. Regulations such as the EU-GDPR obligate smart
home providers to inform users about the processing of personal
data. However, due to the long and complex format of the privacy
policies, users often overlook reading them. There have been at-
tempts to make privacy policies more user-friendly. The one-pager
approach has shown to be eective in gathering users’ attention. We
present an empirical study of one-pager privacy policy templates
in a smart home application. Three dierent versions are compared
in a within-group study: a list, a tab-based, and a device-based. Our
results show that the tab-based condition outperformed the others
in terms of usability, workload, and user preference. Furthermore,
we discuss the potentials and challenges of designing one-pager
privacy policy representation formats in the context of smart home
applications.
CCS CONCEPTS
•Security and privacy
→
Usability in security and privacy;•
Human-centered computing →User interface design.
KEYWORDS
Privacy Policy, User Interface, One-Pager, Smart home
ACM Reference Format:
Mehrdad Bahrini, Nima Zargham, Alexander Wol, Dennis-Kenji Kipker,
Karsten Sohr, and Rainer Malaka. 2022. It’s Long and Complicated! En-
hancing One-Pager Privacy Policies in Smart Home Applications. In Nordic
Human-Computer Interaction Conference (NordiCHI ’22), October 8–12, 2022,
Aarhus, Denmark. ACM, New York, NY, USA, 13 pages. https://doi.org/10.
1145/3546155.3546657
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specic permission
and/or a fee. Request permissions from permissions@acm.org.
NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark
©2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ACM ISBN 978-1-4503-9699-8/22/10. . . $15.00
https://doi.org/10.1145/3546155.3546657
1 INTRODUCTION
The way people live and accommodate themselves has changed con-
siderably in recent years. Playing music and searching for answers
on the internet using smart speakers, regulating the temperature
and adjusting lighting conditions through an application oer users
the opportunity to develop their own customised environments
conveniently. Smart homes are characterised by particularly com-
prehensive equipment of the living space with human-machine in-
terfaces and information and communication technologies [
10
,
17
].
These technological gadgets empower residents to enhance their
quality of life and promote autonomous living. Making a smart en-
vironment requires a system that is likely to consist of distributed
sensors and devices to gather a whole range of information about
the physical environment and its users. The more helpful informa-
tion a smart home system has, the greater the chance it will succeed
and adapt appropriately. Therefore, huge amounts of end-user data
are collected and aggregated by smart home service providers [
3
].
Although users may be aware of data collection by their smart
home devices, they often have no control over what companies do
with their digital footprints once they disclose them, which leads
to a notable asymmetry of information [14, 39, 69].
Tackling such concerns, the EU General Data Protection Regu-
lation (GDPR) has established a set of legal requirements (which
came into eect on May 25, 2018) for processing personal data for
any business that operates wholly or partly in the EU or handles
data of EU citizens. The goal of this legislation is to achieve the
highest level of transparency and control by striking a balance
between those whose data is collected and the recipients of their
information. The advent of the GDPR highlights the importance of
providing stakeholders with the necessary information about data
protection, enhances the requirements for legally eective consent
of data subjects and expands their rights, especially to information
and disclosure [
70
]. As a result, privacy policies have eectively
become the place which service providers communicate their data
processing practices. Since smart home controls systems with a
user interface (UI) that interacts with a tablet, smartphone, or com-
puter, the GDPR regulation requires that application users, like
web surfers, have a right to be informed about what personal data
is being collected, used and processed. Articles 12, 13, and 14 of
NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark Bahrini, et al.
the GDPR propose detailed instructions on how to create policies,
with a particular focus on making them easily understandable and
accessible.
It is essential for smart home vendors to ensure that their data
privacy policies are compliant with the GDPR. However, in addition
to regulatory constraints, manufacturers or trusted third parties
should provide smart home users with reliable and objective in-
formation to reduce the risk of making uninformed decisions on
their personal data [
33
] and should be adapted to the needs of re-
cipients [
48
]. User-friendly privacy policies are therefore necessary
to inform smart home users comprehensively about the nature
and scope of data processing and to give them the opportunity to
exercise their rights.
There are, however, well-documented user experience issues
with the current privacy policies [
38
,
47
,
51
]. A survey on data
protection by the European Commission one year after the appli-
cation of the GDPR shows that from the 60% of Europeans who
read the privacy policies online, only 13% read them completely.
This is because the explanations are still too long or too dicult
to understand
1
. Considering the development before and after the
GDPR, positive eects on the general inclusion of data protection
rights and information have been achieved, although this has not
been necessarily benecial for users. The policies have become
signicantly longer regarding the number of syllables, words, and
sentences [
49
]. Since people usually use their smartphones to in-
teract with their smart home devices, it might also be dicult and
not ecient to read such long texts on a small screen [60].
Attempts have been made to present the most important parts of
a privacy statement’s content on just one page. These one-pagers,
which are promoted by the German Federal Ministry of Justice
and Consumer Protection [
7
], are merely an additional source of
information; they are not intended to replace a formal privacy
statement, as they summarise and inevitably simplify it to some
extent.
Building on previous work on the one-pager concept, using ap-
plicable techniques and approaches which are simple to implement
and preserve policies’ eectiveness and transparency, this paper in-
vestigates three dierent one-pager representations, including a list,
atab-based, and a device-based version in an attempt to make them
more usable and keep the content clear and easy to understand.
In this work, we specically pursue the following research question:
RQ: What are the impacts of using a list, a tab-based, or a device-
based representation for a one-pager privacy policy on users’ per-
ceived usability and workload in a smart home application?
Results derived from the study show that while the list condition
was considered to have average usability, the tab-based and the
device-based conditions were highly rated in this regard. The tab-
based condition proved to be the most user-friendly and required
less workload from users. Our contribution contains design recom-
mendations for one-pager privacy policy representation that could
improve the existing design. Adopting this approach could also
assist smart home manufacturers in making smart home privacy
more visible in their general privacy statements.
1https://ec.europa.eu/commission/presscorner/detail/en/IP_19_2956
2 RELATED WORK
Privacy policies are commonly lengthy and have a dicult-to-
understand language [
20
,
21
], and this complex and wordy format
leads to users ignoring such information [
53
] in order to contain
digital production objectives [
55
,
56
,
68
]. Users often think of the
privacy policy as a nuisance or an obstacle to their way of ac-
cessing a specic service and do not see any uses or benets in
reading them [
29
,
55
]. With the increase of emphasis on the data
protection coming from the regulators, these texts are only getting
longer [
4
]. In order to engage users with privacy policies and pro-
vide signicant benets to their awareness, it is critical to make
such information more understandable and user-friendly. The de-
veloping adoption of privacy policies and constant changes in the
regulations have led to a large body of research. In this section,
we discuss previous work on user-friendly privacy policy and the
one-pager concept.
2.1 User-Friendly Privacy Policy
Several approaches have been taken to help users understand pri-
vacy policies in an organised and interactive way [
8
,
42
,
63
]. Studies
suggest that users prefer a compact, contextual presentation of
privacy policies that includes a simple abstract of all statements,
summarised by short labels [
50
,
62
]. Kelley et al. developed a stan-
dardised table format for privacy policies in a readable and concise
form. They found that their representation enabled users to bet-
ter and more quickly understand privacy policies [
43
]. The visual
interactive design of privacy policies leads to higher levels of at-
tractiveness, stimulation, novelty, and transparency compared to a
standard policy with long text [63].
Moreover, researchers looked at dierent approaches to textual
standardisation to improve the privacy policies in terms of read-
ability and decrease the mental demand [
43
,
52
]. Eorts have been
made to improve the readability and comprehensibility of privacy
policies by using modality methods, such as combining images
with text [
12
], and personalisation through the use of personal
pronouns [
54
] and highlighting text [
13
] to illustrate potential
consequences for data subjects. Visual textured consents that use
factoids, vignettes, and iconic symbols to underline information
and emphasize its personal relevance signicantly increase user
engagement compared to plain-text [41].
In order to motivate users to pay more attention to the privacy
policies and raise awareness, enhancing them with more visual
approaches and dierent representation formats has shown to be
specically benecial [
68
]. Visual assistance such as animations or
comics in consenting digital products provides distinct motivation
and convenient understanding [46, 57].
Traditional usability guidelines in their current form may not be
eective for smart home users [
26
], and it is necessary to be aware
of which target groups are to be addressed by privacy policies [
40
].
It might also lead to the elimination or misrepresentation of impor-
tant information, which could tempt consumers to believe that the
term “privacy policy” means that their privacy is protected [
67
].
Therefore, it is a considerable challenge for companies and organi-
sations to design their data protection policies in such a way that
they are easy to understand and usable.
Enhancing One-Pager Privacy Policies in Smart Home Applications NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark
2.2 One-Pager Concept
The main requirements of the GDPR applicable to organisations
that process personal data consist of specifying the data which
is being collected, the reasons for the data collection, explaining
how this data will be processed, indicating how long this data
will be retained, indicating who to contact in order to have data
removed or produced, and communicating the privacy information
in an easy-to-understand language [
71
]. These are the information
that the customers must be informed about in regard to their data
processing.
Researchers compiled these GDPR requirements into a one-page
privacy policy checklist and user guide and contributed a privacy
policy template [
64
]. The policy was simple and straightforward,
with icons to highlight dierent sections and images to inspire user
condence. Building on this one-page template, Faurie et al. inves-
tigated whether dierent ways of presenting the privacy policy to
the user could change this behaviour and lead to increased user
awareness in terms of what they consent to [
23
]. Results showed
that the policy template, along with videos, signicantly increased
user awareness of the policy content and increased user satisfac-
tion in terms of the usability of the privacy policy. The rise of new
communications and information technologies, all with privacy im-
plications and, in most cases, associated with commercial objectives
in dierent countries, lead to privacy policies regularly containing
longer texts with pre-formulated declarations [
6
]. The one-pager
approach attempts to reduce the text length of privacy policies, sim-
plify the language, and increase clarity [
24
]. According to an online
experiment [
15
], although more people read the one-pagers com-
pared to the long version, informativeness and comprehensibility
are only slightly improved depending on the specic implementa-
tion of the one-pager. In an attempt to evaluate the eectiveness
of dierent privacy policy designs in a realistic setting, Ebert et
al. included concise privacy notices in a non-real tness tracking
app and asked participants in an online study to provide feedback
on the app’s usability and to recall the data practices described in
the notices [
18
]. Their results showed that privacy notices on a
single dedicated screen had a signicant impact on user awareness.
They also found that embedding privacy policies at the bottom of a
screen along with other contextually relevant information seems
to be less eective.
To manage and insert more text or media on a single screen,
various graphical user interface (GUI) designs and input methods for
mobile devices have been explored, focusing on the overall layout
of the user interface, including scrolling and tabs [
5
,
59
]. Harms et
al. compared scrolling, tabs, menus, and collapsible elds in terms
of navigating long forms on devices with small screens [
35
]. They
found that scrolling performed the worst of all possible methods,
while the other three designs performed equally well and provided
a better overview. The tab-based prototype allows users to easily
and quickly navigate through the system and get a snapshot of
the information they need [
45
]. It works very well when having a
limited number of (ve or fewer) groups (or tabs) of content [
31
].
Furthermore, since the tab-based approach divides the long forms
into dierent tabs with labels, the user’s cognitive load can be
minimised by avoiding a long list of choices on the screen [72].
Building on the previous work, we present a novel design whose
goal is to explore the usability and workload of a one-pager policy
through a usable design space, which contains visual modality, and
follows channel and timing guidelines for privacy policies [
66
].
Using visualisation and formatting recommendations, we compare
three presentation formats for displaying one-pager privacy policies
on a smartphone app.
3 PROTOTYPE DESIGN
To answer our research question, we designed a mobile applica-
tion where participants can organise their smart home devices and
access their associated privacy policy. To develop the prototype,
we applied a user-centered approach to gather requirements in
an iterative process [
1
], along with guidelines for designing user
interfaces for mobile devices [
28
]. We created the content of the
prototype based on an existing smart home supplier
2
and imple-
mented the devices as well as their privacy policies. This prototype
is an addition to a common smart home app which further assists
users regarding their data protection, and it was not meant to be a
replicated version of the supplier’s smart home app. In this section,
we explain the implementation process and our three versions of
the prototype.
3.1 Implementation
The application was implemented for iOS devices. In order to log
into the app, users rst had to create a new account and register
within the app. Once the registration process was done, a privacy
policy declaration based on the prototype version would be shown
to the users, requiring them to give consent to it. This includes the
rights of the user, contact persons, and what happens to the data
provided during registration.
In the main menu, four sections are displayed at the bottom of
the app in which you can navigate, including devices, user, privacy
policy, and further information. Our three prototypes only diered
in the privacy policy section of the app. All the other aspects of the
prototypes were identical.
3.1.1 Devices Section. The device section allowed users to add
certain smart home devices to their virtual smart home. Users could
search for specic devices or simply type their names in order to
nd them and add them (see Figure 1). Once a device is added,
the user should consent to the respective privacy policy of that
device. The consented privacy statements would also be added to
the privacy policy section of the app.
3.1.2 User Profile Section. In the user section, the personal infor-
mation of the currently logged-in user, such as rst name, last name,
username, and email, was displayed.
3.1.3 Further Information Section. On this screen, users could ei-
ther log out of the application or reset it, which would lead to
the removal of all added devices and their associated privacy poli-
cies. The reset feature was mainly designed for the purpose of the
experiment (see Figure 2).
2https://www.bosch-smarthome.com/
NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark Bahrini, et al.
Figure 1: The screens on the left and the right display the
devices section, where the participants had to look for certain
devices and add them to their smart home.
3.2 Icons
Based on recommendations from the previous research, we included
an icon to describe further each heading [
19
,
25
,
34
,
65
]. Across all
three versions of the piracy policy presentations, we utilised four
types of icons, namely a green thumb, an exclamation mark, a blue
gavel, and a person. If a green thumb is visible, then no personal
data of the user is stored, either directly or via third parties. If
there is an exclamation mark, either personal or sensitive data of
the user is stored. In addition, this also draws attention to when
data is passed on to third parties, which may be inside the country,
or if the data storage takes place abroad. The exclamation mark
also implies that when the privacy policy is changed, users are not
notied about it. The blue gavel is intended to draw attention to
user rights [
65
]. If users click on such segments, they are rst told
what their rights are and what they have to do to make use of them.
Once a person is shown as an indicator, the segment will list the
contact persons (see Figure 2). Information about the individual
indicators could be accessed by clicking the information button in
the upper right corner of any app screen.
3.3 Privacy Policy Section
Based on previous research and design guidelines regarding UI
navigation [
5
,
35
,
59
], we developed three dierent versions of the
privacy policy section for this app. In all three versions, the privacy
policy has been summarised and divided into segments. The head-
ings and the texts for the individual segments were written in easy-
to-understand language. In order to maximise comprehensibility,
acronyms and technical terms were avoided, and only meaningful
phrases were used. In our approach, we employed personalised
Figure 2: The screen on the left shows further information
where participants could log out or reset the app. The screen
on the right side shows the explanation for the icons used in
the prototypes to further describe each heading.
wording, which is useful in communication and helps the user not
to feel overwhelmed with reading the privacy policy [
61
]. Instead
of general statements, we often used second-person narratives and
personal phrases in the privacy policies, including “Your personal
data...” and “You can...”. We used one-line sentences to summarise a
segment of the privacy policy, which highlights the most important
information. By clicking on a segment, users could read the rest of
the text related to the heading.
3.3.1 List Prototype. Navigating on mobile devices is challenging
when presenting a large amount of information on a small screen.
Scrolling is a common UI design choice for browsing content, such
as in list view, and is considered easier than pagination [
58
]. In
this version, the whole privacy policies are in view with scrolling
(see Figure 3). It provides users with what happens with their data,
why this is necessary, what rights they have and whom they can
contact. Each segment has a linguistically simplied heading and an
indicator and can be clicked on to show a summarised text which
should give more information about the selected segment. This
prototype version served as the control group for the experiment.
3.3.2 Tab-based Prototype. In line with the design recommenda-
tions by Zhang and Adipat
[72]
, in this representation, the entire
privacy policy is divided into three tabs to t the information on one
screen and minimising scrolling. It includes the data, the rights, and
the person tabs. In the tab of data, all points of data protection are
shown, which is about the processing and the reasons for it, storage,
deletion, and disclosure of the data. If the user wants to know what
happens to the data that the smart home company stores, they can
Enhancing One-Pager Privacy Policies in Smart Home Applications NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark
Figure 3: The privacy policy section of the app: the List (left)
and the Tab-based prototype (Right)
read everything about it in this section. In the rights tab, all the
rights of the user are shown. This includes all rights which the user
has according to the GDPR. The last tab shows persons that the
user can contact with any questions about data protection. The
entries are structured in the same way as in the previous layout.
The dierence with the presentation from the previous layout is
the policy divisions into three tabs (see Figure 3).
3.3.3 Device-based Prototype. This representation contains two
tabs. In the basic tab, the data protection can be seen, which was
accepted during the registration. This includes the rights that the
user has according to the GDPR, the contact persons, and all points
that are basically stored during registration, as well as the reasons
and duration for the data storage. In the devices tab, all devices
that the user has added so far are listed. This representation relies
on just-in-time notices [
2
,
26
,
66
]. Instead of displaying a single
privacy policy when launching the smart home application, privacy
policies are integrated into the function of the smart home app.
By selecting one of the devices, the privacy policy relative to the
corresponding device will be displayed. This is updated when a
device is added to the devices list (see Figure 4).
4 EXPERIMENT
In order to assess which presentation format of the privacy pol-
icy is the most usable and user-friendly, we conducted an online
within-subjects user study using our three prototype versions. We
chose a within-subjects design format for this study as we explic-
itly wanted the participants to interact with all the three versions,
compare them, and choose the most suitable one in their opinions.
Furthermore, this also required a smaller sample size and minimised
Figure 4: The privacy policy section of the app: the Device-
based prototype
random noise. For this experiment, participants had to virtually
set up several smart home devices inside the app and answer a
set of questions regarding the respective devices’ data protection
using the privacy policy implemented in the app in the respective
format. Participants did not need to install the application on their
own smartphones. Instead, they had to control the app remotely
using the study conductor’s emulator. This was accessible to the
participant via Zoom’s
3
remote control feature. Users were given a
link to the survey in order to answer the study questions on their
personal devices.
4.1 Procedure
The study was conducted with 30 participants, where we anony-
mously collected their responses. After they gave informed consent,
participants answered a set of questions regarding their demograph-
ics. Following that, a welcome text was shown, and the participants
were given an introduction to the app, where they learned about
the functionalities of the app and how to interact with it. Users
would receive specic information regarding their registration in
the app, which was provided beforehand by the experimenter in
an attempt to keep anonymity. Afterwards, they had to use the
app to set up three new devices and answer a set of ve questions
regarding the data protection of the installed devices. To be able
to answer the questions, the participants had to search for them in
the privacy policy of the app. Once they answered these questions,
participants had to ll in the post-exposure questionnaires. This
process was repeated three times for each participant. Every time,
they had to install three dierent devices and answer a new set of
3https://zoom.us/
NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark Bahrini, et al.
questions using a dierent format of the privacy policy, meaning
every participant had to go through all three prototype versions.
We designed three sets of questionnaires, each containing ve
multiple-choice questions. The rst questionnaire contained ques-
tions about general policies, the second one included questions
about user rights, and the third questionnaire contained device-
specic policies. The complete list of all the questions is available in
the appendix of this work. For all the participants, these question-
naires had a xed sequence. However, the order of the conditions
was counterbalanced through Latin squares to avoid learning eects.
This resulted in an equal number of responses to each question-
naire across every condition. In the end, participants had to answer
a series of customised questions where they were asked to give
their opinion on the three representations. This includes which
representation appeals to the users the most and why. In addition, the
participants were inquired about the advantages and disadvantages
of the individual representations as well as possible suggestions for
improvement. One question also specically asked for a perfect rep-
resentation based on the participant’s preferences. The experiment
sessions lasted approximately 45 to 75 minutes.
4.2 Pre-Study
We rst conducted a preliminary study with three participants
to nd possible issues and aws within the study design and see
whether the structure is sucient and works as planned. The pre-
study was carried out online, where the study conductor shared
the screen with the participants and gave them remote control
over the prototype. Although we witnessed some delays with the
screen sharing due to connection problems and high latency at
times, the participants were able to adapt to this and complete
the study without experiencing major problems. The pre-study
revealed a few mistakes within the questionnaires, such as typos
and formatting issues. The participants did not experience any
issues while interacting with the app. After evaluating the results of
the pre-study, we made the nal adjustments to the questionnaires
to prepare them for the main experiment.
4.3 Participants
An a priori power analysis was conducted using G*Power [
22
] to de-
termine the minimum sample size required to answer our research
question. Results indicated the required sample size to achieve 80%
power for detecting a medium eect, at a signicance criterion of
𝛼=
0
.
05, was
𝑁=
27 for a repeated measures ANOVA within factors.
We recruited 30 participants from which 11 self-identied as female
and 19 as male, surpassing the minimum sample size. The Partici-
pants ranged between 23 and 55 years of age (
𝑀=
28
,
73,
𝑆𝐷 =
8
.
19).
We used a quota sampling approach for participant recruitment. The
acquisition was based on mailing lists, social networks and word-
of-mouth. Participation was voluntary and uncompensated. All of
the participants had sucient knowledge in terms of computer and
mobile interaction and usage. However, none of them were privacy
experts. In terms of experience with smart home devices, 23
.
3% of
the participants had more than four years of experience, 36
.
7% had
between one and four years, 36
.
7% had less than a year, and one
person had no previous experience with smart home devices. With
regard to the privacy policy of their smart home devices, 73% of the
participants stated that they have not read it at all, 27% have read
only parts of it, while none of the participants had read the entire
declaration for a smart home device. The user study was conducted
in German, including only German-speaking participants.
4.4 Measures & Data Analysis
We used standardised questionnaires as well as a customised ques-
tionnaire to assess users’ workload and the perceived usability
of the app. Our standardised questionnaires included raw NASA-
TLX [
36
] and the System Usability Scale (SUS) [
9
], both of which
are validated and established measurement instruments that ensure
high comparability. NASA-TLX is divided into six items of Mental
Demand,Physical Demand,Temporal Demand,Performance,Eort,
and Frustration, to quantify the degree of subjective workload. The
SUS was developed as a measure for evaluating the ISO standards
for usability, which include eectiveness, eciency, and satisfac-
tion. In order to check whether there is a statistically signicant
dierence between the conditions, a repeated measures ANOVA
test [
27
] was carried out. For all statistical tests, we applied an alpha
level of .05.
To evaluate the answers to the open-ended customised questions,
we adopted a summative approach to content analysis which “in-
volves counting and comparisons, usually of keywords or content,
followed by the interpretation of the underlying context” [
37
]. The
entire responses to the questions were examined, and the semantic
units were marked as codes and classied into dierent categories
by three researchers [
30
]. Then the numbers in each category were
counted and explained in an underlying context to gain a better
understanding of the participant’s perceptions.
4.5 User Privacy Considerations
As HCI research becomes more complex and the environments in
which it takes place more diverse, privacy issues are constantly
changing. This requires the use of data protection experts and the
sharing of experiences to protect participants’ privacy. To prevent
any unintended personal data processing, the study design was
carried out with data protection experts. The study was designed
in a way that no personal data of the participants were processed.
Furthermore, we have considered whether the collection of data
may harm the individual and follow the principle of benecence
as stated by [
44
]. Subjects were required to change their name to
anonymous before participating in the study. To inform attendees
of Zoom’s privacy policy, the study consent form included a link
to the Zoom privacy statement web page. During the Zoom call,
participants were muted and not allowed to turn on their cameras.
If they had questions, they could write them in the chat. The study
director could answer them over the microphone.
5 RESULTS
Participants answered the privacy-related questions and rated the
app in all three conditions. The results indicate some signicant dif-
ferences in terms of usability and workload between the conditions.
Following, we report our ndings on user performance, the usability
of the app, users’ workload, and exploratory user responses.
Enhancing One-Pager Privacy Policies in Smart Home Applications NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark
5.1 User Performance
All participants responded to the questions regarding data protec-
tion in each condition. In the list condition, the participants on
average correctly answered 82% of the time. This was 90% for the
tab-based condition, and 87% for the device-based condition. We did
not witness any signicant dierences between the three conditions
in terms of correct answers.
Table 1 displays the average times it took participants to answer
the questions regarding data protection in each condition. The tab-
based condition recorded the fastest time to complete the questions
with an average of 6 minutes and 12 seconds, followed by the
device-based condition with 6 minutes and 20 seconds, and the list
condition with 7 minutes and 16 seconds. No signicant dierences
in terms of time to answer the questions were found between the
conditions.
Table 1: Mean completion times and correct answers
List Tab-based Device-based
Correct Answers 82% 90% 87%
Mean Time 7:16 6:12 6:20
SD 3:53 2:15 2:35
5.2 Usability
Regarding the usability of the app, SUS scores reached an average
of 68
.
25 (
𝑆𝐷 =
23
.
32) within the list condition, 86
.
33 (
𝑆𝐷 =
18
.
64)
within the tab-based condition, and 78
.
83 (
𝑆𝐷 =
19
.
68) within the
device-based condition. A repeated measures ANOVA test was con-
ducted to determine whether there were statistically signicant
dierences in SUS scores between the three conditions. The assump-
tion of sphericity was violated, as assessed by Mauchly’s Test of
Sphericity,
𝑝=
0
.
007. Therefore, a Greenhouse-Geisser correction
was applied (
𝜖=
0
.
769). The SUS scores elicited statistically signi-
cant changes between conditions (
𝐹(
1
.
54
,
44
.
58
)=
10
.
10,
𝑝<.
001,
𝜂2=
0
.
26).
𝑃𝑜𝑠𝑡 −ℎ𝑜𝑐
analysis with a Bonferroni adjustment revealed
that the tab-based condition had signicantly better SUS score com-
pared to the list condition (
𝑀=−
18
.
08,
𝑝=
0
.
003,
𝑑=−
0
.
67)
and the device-based condition (
𝑀=
7
.
50,
𝑝=
0
.
049,
𝑑=
0
.
47). It is
also showed that the SUS score of the device-based condition was
signicantly higher than the list condition (
𝑀=−
10
.
58,
𝑝=
0
.
041,
𝑑=−0.48) (see Figure 5).
5.3 Workload
To calculate the workload, participants lled in the NASA-TLX
questionnaire for all three conditions. The overall task load was
calculated for each participant and averaged across the various
conditions on a scale between 0 and 100, where 100 is the high-
est. When the participants used the list condition to complete the
tasks, they provided an overall mean unweighted workload of 40
.
72
(
𝑆𝐷 =
18
.
10), while for the tab-based condition, they rated an over-
all mean unweighted workload of 34
.
94 (
𝑆𝐷 =
13
.
56). In terms of
the device-based condition, participants indicated an overall mean
unweighted workload of 35.44 (𝑆𝐷 =13.32) (see Figure 6).
Figure 5: Box plots: SUS scores (The asterisk denotes a statis-
tically signicant dierence between two conditions.)
Figure 6: Box plots: Overall unweighted workload
In order to draw any reliable conclusions on the users’ experience,
it would be necessary to drill down into the various sources of
workload. The mean scores of the NASA-TLX items are summarised
in Table 2.
5.3.1 Mental Demand. The repeated ANOVA test indicated that
there were statistically signicant dierences in terms of Men-
tal Demand values between conditions (
𝐹(
2
,
58
)=
6
.
77,
𝑝=
0
.
002,
𝜂2=
0
.
19).
𝑃𝑜𝑠𝑡 −ℎ𝑜𝑐
analysis with a Bonferroni adjustment re-
vealed that the tab-based condition had signicantly lower Mental
Demand value compared to the list condition (
𝑀=
11
.
50,
𝑝=
0
.
030,
𝑑=
0
.
50). In addition, it is demonstrated that the Mental Demand
value of the device-based condition was signicantly lower than the
list condition (
𝑀=−
11
.
83,
𝑝=
0
.
008,
𝑑=−
0
.
60). We did not wit-
ness any signicant dierence between tab-based and device-based
conditions (𝑝>.05) (see Figure 7).
NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark Bahrini, et al.
Table 2: NASA-TLX values
Conditions Mean SD
Mental Demand List 53.50 23.38
Tab-based 42.00 23.07
Device-based 40.67 23.11
Physical Demand List 35.17 23.87
Tab-based 19.67 19.56
Device-based 20.17 18.73
Temporal Demand List 24.17 24.50
Tab-based 20.17 19.99
Device-based 22.17 20.96
Performance List 54.00 23.36
Tab-based 65.67 28.76
Device-based 63.50 27.55
Eort List 44.67 23.78
Tab-based 30.67 20.71
Device-based 35.83 21.86
Frustration List 40.67 26.48
Tab-based 31.50 21.34
Device-based 30.33 21.61
Figure 7: Box plots: Mental Demand
5.3.2 Physical Demand. Regarding Physical Demand, the repeated
ANOVA test revealed signicant dierences between three con-
ditions (
𝐹(
2
,
58
)=
11
.
64,
𝑝<.
001,
𝜂2=
0
.
29).
𝑃𝑜𝑠𝑡 −ℎ𝑜𝑐
analysis
with a Bonferroni adjustment showed that the tab-based condition
had signicantly lower Physical Demand value compared to the list
condition (
𝑀=
15
.
50,
𝑝=
0
.
002,
𝑑=
0
.
69). In addition, it is indicated
that the Physical Demand value of the device-based condition was
signicantly lower than the list condition (
𝑀=−
15
.
00,
𝑝=
0
.
001,
𝑑=−
0
.
72). The data showed no signicant dierence between
tab-based and device-based conditions (𝑝>.05) (see Figure 8).
Figure 8: Box plots: Physical Demand
5.3.3 Eort. The analysis also showed statistically signicant dif-
ferences in Eort values between three conditions (
𝐹(
2
,
58
)=
5
.
44,
𝑝=
0
.
007,
𝜂2=
0
.
16).
𝑃𝑜𝑠𝑡 −ℎ𝑜𝑐
analysis with a Bonferroni adjust-
ment revealed that the tab-based condition had signicantly lower
Eort value compared to the list condition (
𝑀=
14
.
00,
𝑝=
0
.
009,
𝑑=
0
.
59). We did not witness any signicant dierence between
device-based and list conditions (
𝑝>.
05). The data also showed no
signicant dierence between tab-based and device-based condi-
tions (𝑝>.05) (see Figure 9).
In contrast, we did not nd any signicant dierences for the sub-
scales of Temporal Demand,Performance, and Frustration between
the three conditions (𝑝>.05).
Figure 9: Box plots: Eort
Enhancing One-Pager Privacy Policies in Smart Home Applications NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark
5.4 Exploratory User Responses
The participants commented on their opinion regarding each repre-
sentation format. The rst question was about which representation
was considered the best by the respondents. 23 participants found
the tab-based to be the best and seven participants chose the device-
based. None of the participants preferred the list condition.
Regarding the positive and negative aspects of our three proto-
types, the simplicity of the list presentation was rated as positive
by four respondents. However, ten participants found this version
confusing and unclear. Concerning the length of this presentation,
eight participants pointed out that it was lengthy. Two Participants
highlighted the advantages over the classic representation of pri-
vacy notices and mentioned that this layout is more appropriate as
long as the privacy policies are kept short where everything would
be immediately visible at a glance. Four respondents said that as
soon as they added devices, which resulted in the privacy statement
getting longer, the presentation became quite long and confusing.
With the tab-based prototype, nine participants appreciated the
clear separation of privacy policies into data, rights, and persons,
and 18 respondents mentioned that it made the interface clear and
easier to follow. In addition, ve participants positively noted that
due to the separation into three tabs, the individual areas contained
relatively small lists of privacy policies. They pointed out that the
possibility to see everything in each tab at a glance, which led to
very little or no scrolling through the lists, was useful.
In terms of the device-based prototype, eight participants indi-
cated that the separation into basic privacy statements and privacy
policies, which is specic to the individual, was useful. Two respon-
dents found it very helpful to have a tab where the devices could be
selected directly where one could immediately see which privacy
policy was specic to that device. This allowed them to quickly
answer questions that involved devices. However, there were also
negative aspects which were noted by the participants. The naming
of the tabs was confusing for four participants. They did not know
exactly what was meant by Basic and found it unclear. Furthermore,
two participants noted that they had to constantly switch back and
forth between tabs, which was not pleasant. This was due to the
subjects not knowing exactly what belonged to the basic tab and
what to the devices tab. The nesting depth of the device tab was
also criticised by one participant.
Dierent comments and suggestions for improvement were
given by the participants. Three users criticised the icons used
within the prototypes and found them unclear. One feature that
four respondents thought was missing involved the search func-
tion. Along the same lines, a lter function was also desired by two
participants. In addition, one user suggested having a FAQ page
where people can quickly read up on points that are often searched
for. A negative point with tab-based presentation came when the
devices were added. Three participants did not like that they could
not immediately see what information was included in the privacy
policy by adding a new device. Two recommended highlighting
the recently added information using a marker. A combination of
tab-based and device-based prototype was desired for the presen-
tation of privacy policies by eleven participants. One participant
proposed adding gamication features such as a reward system in
order to increase people’s willingness to read the privacy statement
and engage with it.
6 DISCUSSION
This paper aimed to enhance the one-pager privacy policy using
dierent representation formats and explore their impact on us-
ability and users’ workload. Overall, aligning with the previous
work [
23
,
24
,
64
], we witnessed that the one-pager format was
an eective and promising approach to improve usability and re-
duce the burden of privacy statements for smartphone users. Users
emphasised that it was generally good not to be faced with an
overwhelming amount of complicated information.
Regarding performance, questions in the tab-based condition
were answered faster than the other two conditions. However, we
did not witness any signicant dierences in terms of the time
needed to answer the questions and the number of correct answers.
Based on the comments from the participants, scrolling through the
list and nesting depth of the app depending on the condition made
participants spend more time searching for the correct answers.
Feedback on the tab-based and device-based prototypes showed that
separating the content of the privacy policy and structuring it in a
meaningful manner helped users to better grasp the information
and gave them a clear vision, which is consistent with previous
research [50, 62].
The usability ratings of the prototypes showed signicant dier-
ences between the three conditions. Although both the tab-based
and device-based conditions had an above average usability score,
the tab-based prototype outperformed the other two. Both the
tab-based and the device-based conditions were rated signicantly
higher than the list version. This suggests that additional categorisa-
tion and further structuring of the one-pager format could improve
the usability and clarity of the privacy policies. This helped the
respondents to quickly nd the points they were looking for in the
privacy policy, which was considered extremely positive through
user comments. Nonetheless, it must be noted that in some cases,
the naming of the tabs led to problems with usability, especially
in the device-based condition. As soon as the subjects understood
what could be found in each tab, they were able to nd what they
were looking for quickly.
Using NASA-TLX to measure perceived workload when work-
ing with privacy policy representations provided us with highly
valuable insights. The results derived from this questionnaire were
further validated by the exploratory user responses that followed in
the study. The subdivision of the privacy policies ensured that the
overall average rating of workload was lower amongst participants,
aligning with the research by Zhang and Adipat, which suggested
that dividing a long text into tabs can reduce the cognitive load [
72
].
The tab-based prototype was rated lower than the other two
conditions when evaluating workload. There were signicant dif-
ferences between the list condition and the other two in terms of
Physical and Mental Demands, as well as the Eort. Within the list
prototype, users experienced more mental and physical demands
compared to the other two conditions. Therefore, the representa-
tions with subdivision into multiple areas were more appropriate
than the list representation in this regard. User feedback also con-
rms that while the list version appears simple at rst glance, it
NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark Bahrini, et al.
becomes dicult to use over time. Furthermore, this can be seen
in terms of Eort. Participants put signicantly more eort into
answering the questions compared to the tab-based version. Tempo-
ral Demand was originally introduced in NASA-TLX as a measure
of temporal pressure during a task, specically how quickly tasks
were performed. This is a very context-specic dimension that is
particularly suitable for time-based scenarios. Given as it is, this
dimension may not be appropriate for our privacy tasks. There-
fore, the average values of the three conditions showed a very low
demand on time by the participants. In terms of Performance and
Frustration, the study results should be seen as a positive indicator
which does not signicantly aect or inuence participants’ ability
to answer the questions presented in the study.
Based on the interpretation of the quantitative results along
with participant comments, it became apparent that the tab-based
version was rated best among the conditions and highly preferred by
the participants. However, more can be done in terms of improving
this concept. Dividing data protection into dierent areas could be
a sensible step towards increasing usability [
35
]. Therefore, one
should consider applying specic design principles. For instance,
in our study, it became clear that the naming of the tabs could
cause confusion among users. Clear and understandable names
for this purpose should be used. Applying sucient explanatory
text along with the employment of appropriate visuals such as
icons and images and the avoidance of complicated computer terms
could improve the usability of the interface, especially for users
with low computer literacy [
16
]. The length of privacy policies is
getting longer [
4
], which means the list of dierent segments can
still become very long despite the subdivision into dierent tabs.
Further aspects need to be considered in order to provide users
with a quick overview of the data being processed. Approaches to
manage complex tasks in the mobile web browser could be used to
prevent policy length expansion [11, 32].
With the list and the tab-based prototype, it was disadvanta-
geous not to show which data protection points belonged to which
device. It was especially suggested by the participants to merge
the tab-based and the device-based conditions into one in order to
reach an optimised user interface. Moreover, individual features
such as a search eld, an FAQ page, and highlighting newly added
information were suggested by the participants to improve the us-
ability. Future research can look into these aspects and their eects
on usability and workload.
In an attempt to take a step forward toward making privacy
policies more understandable and lowering the workload, the fol-
lowing implications can be derived from the results of this study.
The length of privacy statements needs to be improved in order
to ensure that they are of an appropriate length. In this work, the
idea of a one-line simplied sentence with a short presentation of
the privacy policies was positively received. If the length cannot be
shortened far enough, then a subdivision into dierent tabs could
be made. The division of the tab presentation proved to be the most
advantageous in this study. Users can immediately see all aspects
of the processing of their data, they can nd their rights at a glance,
and they have the option of viewing and contacting the responsible
persons. To increase the comprehensibility of the privacy policy, it
is important to simplify the texts in their language. This means that
users can comprehend the explanations and therefore understand
what happens to their data, what rights exist, and how they can be
used.
However, our study is constrained by certain limitations. We
collected our data under uncontrolled conditions and therefore do
not know how our results can be generalised to other situations
where participants might be distracted by the presence of other
people, for example. Moreover, participants interacted with the
prototype using their own screens, meaning various screen sizes
were used to complete the tasks, potentially impacting the con-
tent’s readability. Another limiting factor was that the study was
conducted in a remote setting. Natural distractions in real-world sit-
uations could alter our results. Although we have assessed certain
designs such as icons, simplied sentences, and text segmentation
in our pre-study, further design guidelines need to be tested for
their suitability. Another limitation could be that this was not a
real-world use of real devices. In this context, it is unclear whether
the study adequately prepared participants for the types of data
that could be collected during active device use. In other words, the
privacy policy for a real device could be presented to a real user
before they have the opportunity to use the device and understand
what it might collect, making the element of understanding more
critical for them. However, the downside to this approach would
be the unintended collection of participants’ personal data, such
as log les or IP addresses, when the smart home devices are put
into operation. In our approach, we considered ways to avoid such
forms of data collection.
7 CONCLUSION & FUTURE WORK
In this work, we explored dierent representation formats of a
one-pager privacy policy for a smart home app. We designed three
prototypes, each using a dierent style of the privacy policy, in-
cluding a list, a tab-based, and a device-based version and compared
them in terms of usability and workload in the within-subjects
design study. Our results showed that all three conditions exhibited
an acceptable low level of workload and above-average usability.
Nonetheless, the tab-based condition was rated best in usability and
workload. The ndings of this study contribute useful insights for
researchers and privacy experts on how to design and display one-
pager privacy policies for a smart home application. In future inves-
tigations, we aim to examine the combination of the tab-based and
the device-based representations. Furthermore, the long-term usage
of such approaches needs to be explored. Techniques such as eye-
tracking could be used to better understand where the participants
are looking and how text positioning impacts users’ performance.
ACKNOWLEDGMENTS
This work was entirely supported by the German Federal Min-
istry of Education and Research (BMBF) under the grant 16
𝑆𝑉
8503
(UsableSec@Home project).
REFERENCES
[1]
Chadia Abras, Diane Maloney-Krichmar, Jenny Preece, et al
.
2004. User-centered
design. Bainbridge, W. Encyclopedia of Human-Computer Interaction. Thousand
Oaks: Sage Publications 37, 4 (2004), 445–456.
[2]
Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro
Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your Loca-
tion Has Been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging.
In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing
Enhancing One-Pager Privacy Policies in Smart Home Applications NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark
Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machin-
ery, New York, NY, USA, 787–796. https://doi.org/10.1145/2702123.2702210
[3]
Zahrah A Almusaylim and Noor Zaman. 2019. A review on smart home present
state and challenges: linked to context-awareness internet of things (IoT). Wireless
networks 25, 6 (2019), 3193–3204. https://doi.org/10.1007/s11276- 018-1712-5
[4]
Ryan Amos, Gunes Acar, Eli Lucherini, Mihir Kshirsagar, Arvind Narayanan, and
Jonathan Mayer. 2021. Privacy Policies over Time: Curation and Analysis of a
Million-Document Dataset. In Proceedings of the Web Conference 2021 (Ljubljana,
Slovenia) (WWW ’21). Association for Computing Machinery, New York, NY,
USA, 2165–2176. https://doi.org/10.1145/3442381.3450048
[5]
Florence Balagtas-Fernandez, Jenny Forrai, and Heinrich Hussmann. 2009. Evalua-
tion of User Interface Design and Input Methods for Applications on Mobile Touch
Screen Devices. In Human-Computer Interaction – INTERACT 2009, Tom Gross,
Jan Gulliksen, Paula Kotzé, Lars Oestreicher, Philippe Palanque, Raquel Oliveira
Prates, and Marco Winckler (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg,
243–246.
[6]
Colin J. Bennett. 2018. Regulating Privacy: Data Protection and Public Policy in
Europe and the United States. Cornell University Press, New York, United States.
https://doi.org/10.7591/9781501722134
[7]
BMJV. 2016. Federal Ministry of Justice and Consumer Protection “One-Pager”
- template for transparent data protection notices. https://www.bmjv.de/DE/
Themen/FokusThemen/OnePager/OnePager_node.html
[8]
Carolyn Brodie, Clare-Marie Karat, John Karat, and Jinjuan Feng. 2005. Usable
Security and Privacy: A Case Study of Developing Privacy Management Tools.
In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh,
Pennsylvania, USA) (SOUPS ’05). Association for Computing Machinery, New
York, NY, USA, 35–43. https://doi.org/10.1145/1073001.1073005
[9]
John Brooke. 1996. SUS-A quick and dirty usability scale. Usability evaluation in
industry 189, 194 (1996), 4–7.
[10]
Marie Chan, Daniel Estève, Christophe Escriba, and Eric Campo. 2008. A review
of smart homes—Present state and future challenges. Computer Methods and
Programs in Biomedicine 91, 1 (2008), 55–81. https://doi.org/10.1016/j.cmpb.2008.
02.001
[11]
Joseph Chee Chang, Yongsung Kim, Victor Miller, Michael Xieyang Liu, Brad A
Myers, and Aniket Kittur. 2021. Tabs.Do: Task-Centric Browser Tab Management.
Association for Computing Machinery, New York, NY, USA, 663–676. https:
//doi.org/10.1145/3472749.3474777
[12]
Yan Chen, Fatemeh Zahedi, and Ahmed Abbasi. 2011. Interface Design Elements
for Anti-Phishing Systems. In Service-Oriented Perspectives in Design Science
Research (Milwaukee, WI, USA) (DESRIST’11). Springer-Verlag, Berlin, Heidelberg,
253–265.
[13]
Eun Kyoung Choe, Jaeyeon Jung, Bongshin Lee, and Kristie Fisher. 2013. Nudging
People Away from Privacy-Invasive Mobile Apps through Visual Framing. In
Human-Computer Interaction – INTERACT 2013, Paula Kotzé, Gary Marsden, Gitte
Lindgaard, Janet Wesson, and Marco Winckler (Eds.). Springer Berlin Heidelberg,
Berlin, Heidelberg, 74–91.
[14]
Jason W. Clark, Peter Snyder, Damon McCoy, and Chris Kanich. 2015. "I Saw
Images I Didn’t Even Know I Had": Understanding User Perceptions of Cloud
Storage Privacy. In Proceedings of the 33rd Annual ACM Conference on Human
Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association
for Computing Machinery, New York, NY, USA, 1641–1644. https://doi.org/10.
1145/2702123.2702535
[15]
ConPolicy. 2018. Better informed? Results from behavioral science on the eec-
tiveness of the privacy-one-pager approach and further solutions for data protec-
tion. https://www.conpolicy.de/en/news-detail/better-informed- results-from-
behavioral-science- on-the-eectiveness- of-the- privacy- one-pager- appro
[16]
Ali Darejeh and Dalbir Singh. 2013. A review on user interface design principles
to increase software usability for users with less computer literacy. Journal of
computer science 9, 11 (2013), 1443.
[17]
Liyanage C. De Silva, Chamin Morikawa, and Iskandar M. Petra. 2012. State of the
art of smart homes. Engineering Applications of Articial Intelligence 25, 7 (2012),
1313–1321. https://doi.org/10.1016/j.engappai.2012.05.002 Advanced issues in
Articial Intelligence and Pattern Recognition for Intelligent Surveillance System
in Smart Home Environment.
[18]
Nico Ebert, Kurt Alexander Ackermann, and Björn Scheppler. 2021. Bolder is
Better: Raising User Awareness through Salient and Concise Privacy Notices. In
Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems
(Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York,
NY, USA, Article 67, 12 pages. https://doi.org/10.1145/3411764.3445516
[19]
Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You’ve Been Warned:
An Empirical Study of the Eectiveness of Web Browser Phishing Warnings. In
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
(Florence, Italy) (CHI ’08). Association for Computing Machinery, New York, NY,
USA, 1065–1074. https://doi.org/10.1145/1357054.1357219
[20]
Benjamin Fabian, Tatiana Ermakova, and Tino Lentz. 2017. Large-Scale Read-
ability Analysis of Privacy Policies. In Proceedings of the International Conference
on Web Intelligence (Leipzig, Germany) (WI ’17). Association for Computing
Machinery, New York, NY, USA, 18–25. https://doi.org/10.1145/3106426.3106427
[21]
Benjamin Fabian, Tatiana Ermakova, and Tino Lentz. 2017. Large-Scale Read-
ability Analysis of Privacy Policies. In Proceedings of the International Conference
on Web Intelligence (Leipzig, Germany) (WI ’17). Association for Computing
Machinery, New York, NY, USA, 18–25. https://doi.org/10.1145/3106426.3106427
[22]
Franz Faul, Edgar Erdfelder, Albert-Georg Lang, and Axel Buchner. 2007. G*
Power 3: A exible statistical power analysis program for the social, behavioral,
and biomedical sciences. Behavior research methods 39, 2 (2007), 175–191.
[23]
Pascal Faurie, Arghir-Nicolae Moldovan, and Irina Tal. 2020. Privacy Policy – “I
agree”?! – Do alternatives to text-based policies increase the awareness of the
users? , 6 pages. https://doi.org/10.1109/CyberSecurity49315.2020.9138857
[24] Denise Feldner. 2020. Redesigning Organizations.
[25]
Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker,
Christopher Thompson, Mustafa Embre Acer, Elisabeth Morant, and Sunny
Consolvo. 2016. Rethinking Connection Security Indicators. In Twelfth Sym-
posium on Usable Privacy and Security (SOUPS 2016). USENIX Association,
Denver, CO, 1–14. https://www.usenix.org/conference/soups2016/technical-
sessions/presentation/porter-felt
[26]
Yuanyuan Feng, Yaxing Yao, and Norman Sadeh. 2021. A Design Space for
Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things.
In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems
(Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York,
NY, USA, Article 64, 16 pages. https://doi.org/10.1145/3411764.3445148
[27] Ellen R Girden. 1992. ANOVA: Repeated measures.
[28]
Jun Gong, Peter Tarasewich, et al
.
2004. Guidelines for handheld mobile device
interface design. , 3751–3756 pages.
[29]
Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven
Aronowitz, Deirdre Mulligan, and Joseph Konstan. 2005. Stopping Spyware
at the Gate: A User Study of Privacy, Notice and Spyware. In Proceedings of the
2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA)
(SOUPS ’05). Association for Computing Machinery, New York, NY, USA, 43–52.
https://doi.org/10.1145/1073001.1073006
[30]
U.H Graneheim and B Lundman. 2004. Qualitative content analysis in nursing
research: concepts, procedures and measures to achieve trustworthiness. Nurse
Education Today 24, 2 (2004), 105–112. https://doi.org/10.1016/j.nedt.2003.10.001
[31]
Chris Grith. 2017. Mobile App Development with Ionic, Revised Edition: Cross-
Platform Apps with Ionic, Angular, and Cordova. " O’Reilly Media, Inc.", USA.
[32]
Nathan Hahn, Joseph Chee Chang, and Aniket Kittur. 2018. Bento Browser:
Complex Mobile Search Without Tabs. Association for Computing Machinery,
New York, NY, USA, 1–12. https://doi.org/10.1145/3173574.3173825
[33]
Julie Haney, Yasemin Acar, and Susanne Furman. 2021. "It’s the Company, the
Government, You and I": User Perceptions of Responsibility for Smart Home
Privacy and Security. In 30th USENIX Security Symposium (USENIX Security
21). USENIX Association, Berkeley, California, United States, 411–428. https:
//www.usenix.org/conference/usenixsecurity21/presentation/haney
[34]
Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin,
and Karl Aberer. 2018. Polisis: Automated Analysis and Presentation of Privacy
Policies Using Deep Learning. In 27th USENIX Security Symposium (USENIX
Security 18). USENIX Association, Baltimore, MD, 531–548. https://www.usenix.
org/conference/usenixsecurity18/presentation/harkous
[35]
Johannes Harms, Martina Kratky, Christoph Wimmer, Karin Kappel, and Thomas
Grechenig. 2015. Navigation in Long Forms on Smartphones: Scrolling Worse
than Tabs, Menus, and Collapsible Fieldsets. In Human-Computer Interaction –
INTERACT 2015, Julio Abascal, Simone Barbosa, Mirko Fetter, Tom Gross, Philippe
Palanque, and Marco Winckler (Eds.). Springer International Publishing, Cham,
333–340.
[36]
Sandra G. Hart and Lowell E. Staveland. 1988. Development of NASA-TLX
(Task Load Index): Results of Empirical and Theoretical Research. In Human
Mental Workload, Peter A. Hancock and Najmedin Meshkati (Eds.). Advances in
Psychology, Vol. 52. North-Holland, Amsterdam, 139–183. https://doi.org/10.
1016/S0166-4115(08)62386- 9
[37]
Hsiu-Fang Hsieh and Sarah E. Shannon. 2005. Three Approaches to Qualitative
Content Analysis. Qualitative Health Research 15, 9 (2005), 1277–1288. https:
//doi.org/10.1177/1049732305276687 PMID: 16204405.
[38]
Carlos Jensen and Colin Potts. 2004. Privacy Policies as Decision-Making Tools:
An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference
on Human Factors in Computing Systems (Vienna, Austria) (CHI ’04). Association
for Computing Machinery, New York, NY, USA, 471–478. https://doi.org/10.
1145/985692.985752
[39]
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. “My Data
Just Goes Everywhere:” User Mental Models of the Internet and Implications
for Privacy and Security. In Eleventh Symposium On Usable Privacy and Security
(SOUPS 2015). USENIX Association, Ottawa, 39–52. https://www.usenix.org/
conference/soups2015/proceedings/presentation/kang
[40]
Clare-Marie Karat, John Karat, Carolyn Brodie, and Jinjuan Feng. 2006. Evaluat-
ing Interfaces for Privacy Policy Rule Authoring. In Proceedings of the SIGCHI
Conference on Human Factors in Computing Systems (Montréal, Québec, Canada)
(CHI ’06). Association for Computing Machinery, New York, NY, USA, 83–92.
https://doi.org/10.1145/1124772.1124787
NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark Bahrini, et al.
[41]
Matthew Kay and Michael Terry. 2010. Textured Agreements: Re-Envisioning
Electronic Consent. In Proceedings of the Sixth Symposium on Usable Privacy and
Security (Redmond, Washington, USA) (SOUPS ’10). Association for Computing
Machinery, New York, NY, USA, Article 13, 13 pages. https://doi.org/10.1145/
1837110.1837127
[42]
Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder.
2009. A "Nutrition Label" for Privacy. In Proceedings of the 5th Symposium
on Usable Privacy and Security (Mountain View, California, USA) (SOUPS ’09).
Association for Computing Machinery, New York, NY, USA, Article 4, 12 pages.
https://doi.org/10.1145/1572532.1572538
[43]
Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010.
Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach.
In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
(Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New
York, NY, USA, 1573–1582. https://doi.org/10.1145/1753326.1753561
[44]
Erin Kenneally and David Dittrich. 2012. The Menlo Report: Ethical principles
guiding information and communication technology research.
[45]
E. Kilsdonk, L.W. Peute, R.J. Riezebos, L.C. Kremer, and M.W.M. Jaspers. 2016.
Uncovering healthcare practitioners’ information processing using the think-
aloud method: From paper-based guideline to clinical decision support system.
International Journal of Medical Informatics 86 (2016), 10–19. https://doi.org/10.
1016/j.ijmedinf.2015.11.011
[46]
Agnieszka Kitkowska, Yem Shulman, Leonardo A. Martucci, and Erik Wästlund.
2020. Facilitating Privacy Attitudes and Behaviors with Aective Visual Design.
In ICT Systems Security and Privacy Protection, Marko Hölbl, Kai Rannenberg,
and Tatjana Welzer (Eds.). Springer International Publishing, Cham, 109–123.
[47]
Agnieszka Kitkowska, Mark Warner, Yem Shulman, Erik Wästlund, and
Leonardo A. Martucci. 2020. Enhancing Privacy through the Visual Design
of Privacy Notices: Exploring the Interplay of Curiosity, Control and Aect. ,
437–456 pages. https://www.usenix.org/conference/soups2020/presentation/
kitkowska
[48]
Jan Kolter and Günther Pernul. 2009. Generating User-Understandable Privacy
Preferences. , 299-306 pages. https://doi.org/10.1109/ARES.2009.89
[49]
Thomas Linden, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. 2018.
The Privacy Policy Landscape After the GDPR. https://doi.org/10.48550/ARXIV.
1809.08396
[50]
Heather Richter Lipford, Jason Watson, Michael Whitney, Katherine Froiland,
and Robert W. Reeder. 2010. Visual vs. Compact: A Comparison of Privacy Policy
Interfaces. In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery,
New York, NY, USA, 1111–1114. https://doi.org/10.1145/1753326.1753492
[51]
Ewa Luger, Stuart Moran, and Tom Rodden. 2013. Consent for All: Revealing
the Hidden Complexity of Terms and Conditions. In Proceedings of the SIGCHI
Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13).
Association for Computing Machinery, New York, NY, USA, 2687–2696. https:
//doi.org/10.1145/2470654.2481371
[52]
Aleecia M. McDonald, Robert W. Reeder, Patrick Gage Kelley, and Lorrie Faith
Cranor. 2009. A Comparative Study of Online Privacy Policies and Formats.
In Privacy Enhancing Technologies, Ian Goldberg and Mikhail J. Atallah (Eds.).
Springer Berlin Heidelberg, Berlin, Heidelberg, 37–55.
[53]
George R Milne and Mary J Culnan. 2004. Strategies for reducing online privacy
risks: Why consumers read (or don’t read) online privacy notices. Journal of
interactive marketing 18, 3 (2004), 15–29.
[54]
Catherine Needham. 2011. Personalising public services: Understanding the per-
sonalisation narrative. Policy Press, Bristol, United Kingdom.
[55]
Jonathan A Obar and Anne Oeldorf-Hirsch. 2020. The biggest lie on the internet:
Ignoring the privacy policies and terms of service policies of social networking
services. Information, Communication & Society 23, 1 (2020), 128–147.
[56]
Jonathan A. Obar and Anne Oeldorf-Hirsch. 2020. The biggest lie on the Internet:
ignoring the privacy policies and terms of service policies of social networking
services. Information, Communication & Society 23, 1 (2020), 128–147. https:
//doi.org/10.1080/1369118X.2018.1486870
[57] Kellie Poneres, Foad Hamidi, Aaron Massey, and Amy Hurst. 2018. Using Icons
to Communicate Privacy Characteristics of Adaptive Assistive Technologies. In
Proceedings of the 20th International ACM SIGACCESS Conference on Computers
and Accessibility (Galway, Ireland) (ASSETS ’18). Association for Computing Ma-
chinery, New York, NY, USA, 388–390. https://doi.org/10.1145/3234695.3241003
[58]
Lumpapun Punchoojit and Nuttanont Hongwarittorrn. 2017. Usability Studies on
Mobile User Interface Design Patterns: A Systematic Literature Review. Advances
in Human-Computer Interaction 2017 (Nov. 2017), 6787504. https://doi.org/10.
1155/2017/6787504 Publisher: Hindawi.
[59]
David Raneburger, David Alonso-Ríos, Roman Popp, Hermann Kaindl, and
Jürgen Falb. 2013. A User Study with GUIs Tailored for Smartphones. In
Human-Computer Interaction – INTERACT 2013, Paula Kotzé, Gary Marsden,
Gitte Lindgaard, Janet Wesson, and Marco Winckler (Eds.). Springer Berlin Hei-
delberg, Berlin, Heidelberg, 505–512.
[60]
Dimitrios Raptis, Nikolaos Tselios, Jesper Kjeldskov, and Mikael B. Skov. 2013.
Does Size Matter? Investigating the Impact of Mobile Phone Screen Size on
Users’ Perceived Usability, Eectiveness and Eciency.. In Proceedings of the 15th
International Conference on Human-Computer Interaction with Mobile Devices and
Services (Munich, Germany) (MobileHCI ’13). Association for Computing Machin-
ery, New York, NY, USA, 127–136. https://doi.org/10.1145/2493190.2493204
[61]
Elissa M Redmiles, Everest Liu, and Michelle L Mazurek. 2017. You Want Me
To Do What? A Design Study of Two-Factor Authentication Messages. In Thir-
teenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Associa-
tion, Santa Clara, CA, 6 pages. https://www.usenix.org/conference/soups2017/
workshop-program/way2017/redmiles
[62]
Robert W. Reeder, Patrick Gage Kelley, Aleecia M. McDonald, and Lorrie Faith
Cranor. 2008. A User Study of the Expandable Grid Applied to P3P Privacy Policy
Visualization. In Proceedings of the 7th ACM Workshop on Privacy in the Elec-
tronic Society (Alexandria, Virginia, USA) (WPES ’08). Association for Computing
Machinery, New York, NY, USA, 45–54. https://doi.org/10.1145/1456403.1456413
[63]
Daniel Reinhardt, Johannes Borchard, and Jörn Hurtienne. 2021. Visual Interactive
Privacy Policy: The Better Choice?. In Proceedings of the 2021 CHI Conference on
Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association
for Computing Machinery, New York, NY, USA, Article 66, 12 pages. https:
//doi.org/10.1145/3411764.3445465
[64]
Karen Renaud and Lynsay A. Shepherd. 2018. How to Make Privacy Policies
both GDPR-Compliant and Usable. In 2018 International Conference On Cyber
Situational Awareness, Data Analytics And Assessment (Cyber SA). IEEE, USA, 1–8.
https://doi.org/10.1109/CyberSA.2018.8551442
[65]
Arianna Rossi and Monica Palmirani. 2019. DaPIS: A data protection icon set to
improve information transparency under the GDPR. Knowledge of the Law in the
Big Data Age 252, 181-195 (2019), 5–5.
[66]
Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015.
A Design Space for Eective Privacy Notices. In Eleventh Symposium On Usable
Privacy and Security (SOUPS 2015). USENIX Association, Ottawa, 1–17. https:
//www.usenix.org/conference/soups2015/proceedings/presentation/schaub
[67]
FTC Sta. 2011. Protecting Consumer Privacy in an Era of Rapid Change–A
Proposed Framework for Businesses and Policymakers. Journal of Privacy and
Condentiality 3, 1 (Jun. 2011), 67–140. https://doi.org/10.29012/jpc.v3i1.596
[68]
Madiha Tabassum, Abdulmajeed Alqhatani, Marran Aldossari, and Heather
Richter Lipford. 2018. Increasing User Attention with a Comic-Based Policy.
In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems
(Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New
York, NY, USA, 6 pages. https://doi.org/10.1145/3173574.3173774
[69]
Madiha Tabassum, Tomasz Kosinski, and Heather Richter Lipford. 2019. "I
don’t own the data": End User Perceptions of Smart Home Device Data Prac-
tices and Risks. In Fifteenth Symposium on Usable Privacy and Security (SOUPS
2019). USENIX Association, Santa Clara, CA, 435–450. https://www.usenix.org/
conference/soups2019/presentation/tabassum
[70]
IT GOVERNANCE PRIVACY TEAM. 2020. EU General Data Protection Reg-
ulation (GDPR) – An implementation and compliance guide, fourth edition.
http://www.jstor.org/stable/j.ctv17f12pc
[71]
W Gregory Voss. 2016. European union data privacy law reform: General data
protection regulation, privacy shield, and the right to delisting. The Business
Lawyer 72, 1 (2016), 221–234.
[72]
Dongsong Zhang and Boonlit Adipat. 2005. Challenges, Methodologies, and
Issues in the Usability Testing of Mobile Applications. International Journal
of Human–Computer Interaction 18, 3 (2005), 293–308. https://doi.org/10.1207/
s15327590ijhc1803_3
A APPENDIX
•First Questionnaire: General policies
(1) What happens when the privacy policy changes?
(2)
What types of data are collected from you when using
smart home devices?
(3)
Who can you contact with questions, suggestions, or com-
plaints about the processing of your personal data?
(4) Will your data be sent abroad (other countries)?
(5)
You have given consent to the collection of your data. Do
you have the right to revoke it?
•Second Questionnaire: User rights
(1)
What are your rights in terms of deleting your own data?
(2) When will your data be deleted?
(3)
What rights do you have regarding accessing your own
data?
(4) Who is the person responsible for processing your data?
Enhancing One-Pager Privacy Policies in Smart Home Applications NordiCHI ’22, October 8–12, 2022, Aarhus, Denmark
(5)
Which reasons are not specically given for the data pro-
cessing?
•Third Questionnaire: Device-specic policies
(1)
Will data be forwarded to third parties when using the
Alarm Protection Starter Kit?
(2)
If voice assistants are intended to use the indoor camera,
your voice commands will be sent to the camera. What
kind of data could be shared with voice assistant compa-
nies?
(3)
While using the health device, you can prohibit access by
external third parties. In such cases, what parts of your
data could be aected?
(4)
You have the right to le a complaint with a dataprotection
authority. In such cases, who should you contact?
(5)
The Health device is able to send sensitive data to your
doctor. To do this, you must rst give permission to the
device. To what extent do you have access to your data?
