Usability of Privacy Controls in Top Health Websites

TL;DR

This study evaluates the usability of four privacy controls on the top 100 health websites, highlighting usability issues and proposing improvements to enhance user understanding and control over personal health data.

Contribution

It provides a comprehensive usability analysis of privacy controls on health websites, focusing on user perspectives across different visit scenarios, which was lacking in prior research.

Findings

Privacy controls are often hard to find and understand.

Usability varies significantly across different website scenarios.

Recommendations are provided for improving privacy control design.

Abstract

With the increasing awareness and concerns around privacy, many service providers offer their users various privacy controls. Through these controls, users gain greater authority over the collection, utilisation, and dissemination of their personal information by the services. However, these controls may be buried deep within menus or settings, making them difficult for a user to access. Additionally, the terminology used to describe privacy controls can sometimes be confusing or technical, further complicating the user's ability to understand and use them effectively. This is especially true for health websites, as users often share sensitive information about their health and well-being. While many privacy controls have been proposed to protect user data on these sites, existing research focuses on individual controls (e.g., privacy policies or cookie opt-outs) rather than providing a comprehensive overview of the privacy landscape. In addition, many studies concentrate on the technical aspects of privacy controls without considering the usability of these features from a user's perspective. This paper aims to fill the gaps in the existing work by analysing four privacy controls, namely privacy nudge, privacy notice, privacy policy, and privacy setting, and evaluating their usability on the top 100 most visited health websites. First, we define usability attributes for each privacy control in three website visit scenarios; the guest, registering, and log-in visits. These attributes include awareness, efficiency, comprehension, functionality, and choice. Then, we design a survey template based on these attributes and scenarios and collect data about privacy controls. Next, we analyse the availability and usability of each privacy control on health websites. Finally, we provide suggestions for improving the design of these privacy controls based on the data analysis results.