On September 16, 2016, the Federal Trade Commission (“FTC”) hosted a workshop on the factors that may contribute to the effect disclosures have on consumer behavior. The workshop, “Putting Disclosures to the Test,” included speakers from a wide range of disciplines and industries, who remarked on aspects of disclosure such as consumer cognition, recognition, and comprehension, methodologies for measuring disclosure effectiveness, the impact of disclosures on consumer decision-making, and disclosure design.
In her introductory remarks, Lorrie Cranor, Chief Technologist at the FTC, espoused the benefits to privacy disclosures of studying research in other areas. Edith Ramirez, Chairwoman of the FTC, then opened the workshop with remarks on issues that are important to the FTC. The FTC’s primary task, she stated, is to ensure consumers have access to truthful and accurate information, to enable them to make decisions in the marketplace. Their focus, with respect to disclosure of information, is on the effect of disclosure on consumer welfare. They consider some disclosures necessary to prevent deception in advertising, or to communicate the risks of products, or choices consumers may have. With respect to privacy, the FTC encourages companies to disclose their data practices, so consumers have greater control over how their data is used. They require disclosures to be clear and conspicuous, so consumers can understand them and make informed decisions.
Chairwoman Ramirez then briefly described the Commission’s recent efforts, from the dotcom disclosures of the early 2000s, to the 2009 and 2015 Endorsement Guides for social media marketing, and most recently, the Commission’s detailed guidance on disclosures in native ads.
She emphasized the importance of testing the effectiveness of disclosures: the FTC has tested many different types of disclosures in-house, and it also pays attention to expert research. The focus of this workshop, she stated, was not on what has to be disclosed, or the most effective methods for disclosure, but rather how to evaluate whether disclosures are effective. Chairwoman Ramirez stated that disclosures should grab consumers’ attention—they should be difficult to miss. She stressed that it is important that disclosures provide useful information that could translate into consumer action. She disagreed with critics who believe that privacy disclosures are ineffectual; she believes they can communicate important information to consumers and regulators. Chairwoman Ramirez closed her introduction by highlighting the importance of businesses testing their own disclosures and paying attention to experts’ studies.
While many of the Workshop presentations focused on methodologies used to evaluate disclosure effectiveness, a number of speakers’ work centered on privacy notices, mobile disclosures, and advertising.
Ilana Westerman, CEO and Co-founder of Create with Context, Inc., a design consultancy, studied the effectiveness of posting in-store data collection notices.
Joel R. Reidenberg, from Fordham University, spoke about his work developing a “vagueness measure” from a taxonomy of vague terms in privacy policies, which he is using to determine how certain kinds of vague terms increase or decrease individuals’ willingness to share personal information.
Idris Adjerid, from the University of Notre Dame, presented his study on the effect of framing on consumers’ reaction to privacy disclosures. Studying participants’ responses to identical disclosures, framed as either an increase or decrease in protection, Mr. Adjerid found a 7% increase in sharing sensitive information when participants perceived an increase in protection, and an 8-10% decrease in sharing when they perceived a decrease in protection.
Rebecca Balebako, of the RAND Corporation, presented her findings on the impact of the timing of smartphone app permission notices on consumers’ attention to the notice. She found no statistically significant difference when notices were shown before app use, during use, or after use.
Serge Egelman, from UC Berkeley, presented his recent work on privacy on mobile devices and contextual integrity. Looking at app data access notifications on mobile devices, he suggested users should only be prompted for access when the data requested may be unexpected, and access should be allowed automatically when a user is likely to expect it.
Nathaniel J. Evans, from the University of Georgia, examined parents’ ad recognition of text-only and text-and-audio disclosures in advergames directed at children. He found that parents’ ad recognition of text-only disclosures was higher than text-and-audio disclosures, potentially because audio competed with in-game sound.
David Hyman, from the University of Illinois, studied consumer ad recognition of native and non-native ads with a variety of labels.
Colin Campbell, from Kent State University, explained his case study on consumer ad recognition of native advertising, which examined the combined effects of ad placement, brand familiarity, ad professionalism, and disclosure.
Lillian Ablon, of the RAND Corporation, described her study on consumers’ satisfaction with data breach notifications. Using RAND’s American Life Panel survey, she found that respondents were generally satisfied with companies’ response to data breaches, which included notifying customers and offering free credit monitoring or other identity theft protection. Few respondents stopped doing business with a company after a breach.
Additional information about each presenter’s research may be found at https://www.ftc.gov/news-events/events-calendar/2016/09/putting-disclosures-test.
This post has been authoed by Sari Sharoni