Visible to the public A Theory of Vagueness and Privacy Risk PerceptionConflict Detection Enabled

TitleA Theory of Vagueness and Privacy Risk Perception
Publication TypeConference Proceedings
Year of Publication2016
AuthorsJaspreet Bhatia, Travis Breaux, Joel Reidenberg, Thomas Norton
Conference Name2016 IEEE 24th International Requirements Engineering Conference (RE)
Date Published09/2016
Conference LocationBeijing, China
KeywordsCMU, hedging, natural language processing, Oct'16, privacy, risk perception., vagueness

Ambiguity arises in requirements when astatement is unintentionally or otherwise incomplete, missing information, or when a word or phrase has morethan one possible meaning. For web-based and mobileinformation systems, ambiguity, and vagueness inparticular, undermines the ability of organizations to aligntheir privacy policies with their data practices, which canconfuse or mislead users thus leading to an increase inprivacy risk. In this paper, we introduce a theory ofvagueness for privacy policy statements based on ataxonomy of vague terms derived from an empiricalcontent analysis of 15 privacy policies. The taxonomy wasevaluated in a paired comparison experiment and resultswere analyzed using the Bradley-Terry model to yield arank order of vague terms in both isolation andcomposition. The theory predicts how vague modifiers toinformation actions and information types can becomposed to increase or decrease overall vagueness. Wefurther provide empirical evidence based on factorialvignette surveys to show how increases in vagueness willdecrease users' acceptance of privacy risk and thusdecrease users' willingness to share personal information.

Citation Keynode-31343

Other available formats:

Bhatia_Theory_Vagueness_TB.pdfPDF document394.32 KBDownloadPreview