UNIVERSITY PARK, Pa. — While many websites offer users choices to opt out of some of their data collection and use practices, most of these choices are buried deep in the text of long, jargon-filled privacy policies and are never seen by users.
Recent work by a multi-university team that includes Shomir Wilson, assistant professor at the Penn State College of Information Science and Technology, has shown that it is possible to use machine learning techniques to automatically extract and classify some of these opt-out choices. The results of this research were presented at the 2020 Web Conference.
The study also introduces Opt-Out Easy, a novel browser plug-in that automatically extracts opt-out choices from privacy policies and presents them to users in a friendly, easy-to-use manner.
“Different privacy regulations grant users the right to revoke how their data can be used by companies,” said Carnegie Mellon University CyLab’s Norman Sadeh, a professor in the School of Computer Science at Carnegie Mellon University and the principal investigator on the study. “But as it stands, most websites don’t offer users easy and practical access to these choices, effectively depriving them of these rights.”
Added Wilson, “Our goal is to connect people with choices about privacy that are typically buried in privacy policies. This should give people better control over how their personal information is used by companies.”
In their study, the team trained a machine learning algorithm to scan privacy policies and identify language and links related to opt-out choices. They ran their algorithm on 7,000 of the most popular websites and found that over 3,600 of them (~ 51%) contain zero opt-out choices. A little over 800 (~ 11%) provide just one opt-out hyperlink.
“Our study aimed to provide an in-depth overview of whether popular websites allowed users the ability to opt out of some data collection and use practices,” Sadeh said. “In addition, we wanted to also develop a practical solution to help users access opt-out choices made available to them when such choices are present.”
To help make opt-out choices more accessible to users, the team developed a browser extension — Opt-Out Easy — in collaboration with the University of Michigan School of Information. The extension is now available for download to Chrome users.
By clicking on the plugin’s icon, users are presented with opt-out links found in the privacy policy of the website they are currently visiting, allowing them to, for example, opt out of analytics or limit marketing emails.
Finally, the team conducted a usability evaluation of Opt-Out Easy, focusing on its effectiveness, efficiency, and overall user satisfaction. The users who took part in the evaluation generally found the browser extension easy to use, and strongly agreed that the various types of opt-outs provided by the plugin were useful.
“Privacy is a common concern for internet users, but in the status quo, it’s difficult for them to find their options,” said Wilson. “By bridging this gap, we can help people feel more comfortable interacting with online services, having greater knowledge about how their data is used.”
This work was conducted through a collaboration between Penn State, Carnegie Mellon (CMU), the University of Michigan and Stanford University under the Usable Privacy Policy Project. Other members of the team include CMU graduate students Vinayshekhar Bannihatti Kumar, Roger Iyengar, Namita Nisal, Hana Habib, Peter Story and Siddhant Arora; CMU post-doctoral fellow Dr. Yuanyuan Feng; former CMU undergraduate student Sushain Cherivirala, and faculty collaborators Margaret Hagan (Stanford), Lorrie Faith Cranor (CMU) and Florian Schaub (Michigan).