Why Users Ignore Privacy Policies – A Survey and Intention Model for Explaining User Privacy Behavior

  • Manuel RudolphEmail author
  • Denis FethEmail author
  • Svenja PolstEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10901)


Privacy is a vital aspect of IT systems and services, and it is demanded from users and by law. Thus, most data-processing services provide interfaces for users to support transparency (e.g., privacy notices) and self-determination (e.g., privacy settings). In this paper, we present evidence that users do not make use of these privacy interfaces—although they generally would like to. Based on our findings, we present an intention model in order to explain this behavior. The model combines aspects such as privacy demands, motivation and barriers in order to argue about the resulting intention of the user regarding the application of privacy interfaces. We show the applicability of our model by instantiating it to a concrete use case.


Human centered design and user centered design Psychological application for user interface Adaptive and personalized interfaces Privacy Motivation Intention 



The research presented in this paper is supported by the German Ministry of Education and Research projects “Nationales Referenzprojekt für IT-Sicherheit in der Industrie 4.0” (IUNO) (grant number 16KIS0328). The sole responsibility for the content of this document lies with the authors.


  1. 1.
    Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (1991)CrossRefGoogle Scholar
  2. 2.
    Ben-Asher, N., Meyer, J., Moller, S., Englert, R.: An experimental system for studying the tradeoff between usability and security. In: International Conference on Availability, Reliability and Security, pp. 882–887 (2009)Google Scholar
  3. 3.
    Boyd, D., Hargittai, E.: Facebook privacy settings. Who cares? First Monday 15(8) (2010)Google Scholar
  4. 4.
    Ermakova, T., Fabian, B., Babina, E.: Readability of privacy policies of healthcare websites. In: Wirtschaftsinformatik (2015)Google Scholar
  5. 5.
    European Commission: Special Eurobarometer 431 - Data Protection (2015). Accessed 15 Feb 2018
  6. 6.
    European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016). Accessed 15 Feb 2018
  7. 7.
    Fogg, B.J.: A behavior model for persuasive design. In: Proceedings of the 4th International Conference on Persuasive Technology, p. 40. ACM (2009)Google Scholar
  8. 8.
    Fogg, B.J.: What causes behavior change? (2016). Accessed 15 Feb 2018
  9. 9.
    Johnson, M., Karat, J., Karat, C.-M., Grueneberg, K.: Optimizing a policy authoring framework for security and privacy policies. In: Cranor, L.F. (ed.) Proceedings of the Sixth Symposium on Usable Privacy and Security. The Sixth Symposium, p. 1, Redmond, Washington, New York, NY. ACM (ACM Digital Library) (2010)Google Scholar
  10. 10.
    Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)CrossRefGoogle Scholar
  11. 11.
    Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Analyzing Facebook privacy settings: user expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 61–70. ACM (2011)Google Scholar
  12. 12.
    Maslow, A.H.: A theory of human motivation. Psychol. Rev. 50(4), 370 (1943)CrossRefGoogle Scholar
  13. 13.
    Milne, G.R., Culnan, M.J., Greene, H.: A longitudinal assessment of online privacy notice readability. J. Public Policy Mark. 25(2), 238–249 (2006)CrossRefGoogle Scholar
  14. 14.
    Moallem, A.: Do you really trust “privacy policy” or “terms of use” agreements without reading them? In: Advances in Intelligent Systems and Computing, vol. 593, pp. 290–295 (2018)Google Scholar
  15. 15.
    Obar, J.A., Oeldorf-Hirsch, A.: The biggest lie on the internet: ignoring the privacy policies and terms of service policies of social networking services. In: The 44th Research Conference on Communication, Information and Internet Policy (2016)Google Scholar
  16. 16.
    Reeder, R.W., Karat, C.-M., Karat, J., Brodie, C.: Usability challenges in security and privacy policy-authoring interfaces. In: Baranauskas, C., Palanque, P., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 141–155. Springer, Heidelberg (2007). Scholar
  17. 17.
    Reidenberg, J.R., Breaux, T., Carnor, L.F., French, B., Cranor, L.F., Grannis, A., Graves, J.T., Liu, F., Mcdonald, A., Norton, T.B., Ramanath, R., Russell, N.C., Sadeh, N., Schaub, F.: Disagreeable privacy policies: mismatches between meaning and users’ understanding. Berkeley Technol. Law J. 30 (2014)Google Scholar
  18. 18.
    Symantec: State of Privacy Report (2015). Accessed 15 Feb 2018
  19. 19.
    Tsai, J., Egelman, S., Cranor, L., Acquisti, A.: The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study (2007)Google Scholar
  20. 20.
    Waldman, A.E.: Privacy, Notice, and Design (2016)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Fraunhofer IESEKaiserslauternGermany

Personalised recommendations