Keywords

1 Introduction

With the Internet and smart mobile devices now an essential part of our daily activities, people uses multiple web applications and mobile apps to complete essential tasks. One of the first steps in using all apps or web applications is agreeing to their “terms of use or service” and “privacy policy.”

The Terms-of-Service Agreement [1] is used for legal purposes by applications and internet service providers that save users’ personal data. A Terms-of-Service Agreement is legally binding and may be subject to change. Terms-of-Service Agreements serve as a contract between the providers an app or web application and the users. The agreement defines the rules the user must agree to before using the application.

A Privacy Policy is a legal document that discloses the ways a party gathers, uses, discloses, and manages users’ data according to the existing privacy laws [2, 3] if any. The policy explains how a company collects, stores, and uses data.

Both of these documents, although vital for users, are designed to serve and protect only providers.

Currently, general protocol dictates that when using apps, Wi-Fi services, or web applications, the user must first agree to a long list of legal agreements. Sometimes even car navigation systems require to agree to terms of use when starting the car, or even the Wi-Fi accessed in a coffee shop or hotel which can require an agreement to such terms each time it’s accessed (Figs. 1 and 2).

Fig. 1.
figure 1

Driver must agree with the caution each time the car starts (Lexus SC430 Car)

Full size image
Fig. 2.
figure 2

User must agree to the terms of use each time using Sutter health guest services

Full size image

Also, when people install an application, it has become common practice to require users to grant the permissions requested by the application or else not install (Hobson’s choice [4]). Some applications require users to allow the application access to such information like their contact list or access their camera and camera roll. For example, job-searching applications look to access contact lists, as required by LinkedIn applications when a user profile is created.

The research shows that a user’s willingness to accept an agreement is related to the degree that the user trusts an application or the company that provides the application.

General observations show that users agree to terms of use and privacy policies without reading the content and just click “Agree” [5]. At the same time, a study [6] reveals that 97% of the people surveyed expressed concern that businesses and the government might misuse their data. Privacy issues also ranked high; 80% of Germans and 72% of Americans are reluctant to share information with businesses because they “just want to maintain [their] privacy.” So consumers worry about their personal data—even if they do not know what they are revealing.

In this study, we have administered an online survey among college students asking them whether they read the terms of use and privacy policy when using services or applications, and if not, why. Also, when apps ask users to have access to their location, contacts, or camera do they allow the apps to do so, or do they block access because of security concerns.

2 Method

One hundred and seventy students (51% female and 49% male) participated in this study. 51% of students aged 18 to 24 and 48% were between 24 to 44 years old. They completed an online survey using a Qualtrics survey application. All participants were undergraduate, and graduate level college students were taking HCI or Human Factors courses. The survey was administered during the year of 2016. Participants were asked the following questions:

  • Have you ever read a privacy policy when installing or using an application or online service?

    • If your answer to the previous question (privacy policy) was “No,” please explain why.

  • Have you ever rejected a mobile app request for accessing your contacts, camera or location?

    • If your answer to the previous question (access request) was “Yes” please explain why.

3 Results

Results suggested that 62% (106 participants) “Agree” that they accept without reading the terms of use or privacy policy with the general reason expressed being that the text is “too long” (81% of ‘agree’ answers). For the question “Have you ever rejected a mobile app request for accessing your contacts, camera or location?” the answers are more encouraging. 92% (153 participants) of those surveyed express that they “yes” have rejected access if they believe the app does not need to access the camera or contacts. This result is in line with a previous study by Haggerty (2015), who found that 74.1% of iOS users would reject the app permissions list [7]. However, in many instances, users do accept granting permissions requested by the majority of applications.

The results of this survey raise the question on how if people do not read these documents and do not read the several notifications they receive about the changes made by companies, then what purpose do these agreements achieve from the user’s perspective? The study attempts to analyze the usefulness of these procedures besides simply being a legal formality. Is there another more effective way, using user interface design, to better inform users about terms of use and privacy policies?

Some studies suggest an improvement in privacy rules and language used might help. For example, an empirical study [8, 9] conducted with 36 users who were novices in privacy policy authoring tools worked to evaluate the quality of rules created and user satisfaction with two experimental privacy-authoring tools and a control condition. The results show that users were able to author significantly higher quality rules using either natural language with a privacy a simple way to guide tool or a structured list tool as compared to an unguided natural language control condition (Figs. 3 and 4).

Fig. 3.
figure 3

Percentage of participants “Agree” to never reading the terms of use or privacy policy.

Full size image
Fig. 4.
figure 4

Percentage of participants “Reject” a mobile app request for accessing contacts, camera or location

Full size image

4 Conclusion

The results of this study illustrated that most people do not read the privacy policy and terms of use and agreed without knowledge of what they had agreed to. Not reading does not mean that the users do not care about these policies or their privacy, but instead shows that these agreements structured in a language and format that makes it difficult to read and understand. In fact, a highly significant number (over 81%) reported that they do not read because of the lengthy time it would take, and because the agreements are not easy to read. Then we asked participants “Have you ever rejected a mobile app request for accessing your contacts, camera or location?” People most often (92%) have made a judgment in denying the request. Consequently, we can assume that in the case of the terms of use and privacy policy, if they are presented in an easy way underlining what users must give up in their privacy information, then they can make a conscious decision as to whether or not to use a service.

One might question why the “term of usage” or “privacy policy” are too long to read. It is written in a language that people cannot easily understand. Also, it is delivered in a sort of hidden UI. Since it is possible to present them in a simple language, easy to understand and very simple UI, can we assume that the reason the language, length, and access are all highly difficult because software/service providers prefer users not to read them?

This study illustrates in numbers a tendency everybody already may know. However, this study tends to provide evidence and further explore the causes of the trend through a self-reporting survey.