Assessment Instrument for Privacy Policy Content: Design and Evaluation of PPC

Authors

Tobias Dehling, Department of Information Systems, University of Cologne, Cologne, Germany.Follow
Fangjian Gao, Department of Information Systems, University of Cologne, Cologne, Germany.Follow
Ali Sunyaev, Department of Information Systems, University of Cologne, Cologne, Germany.Follow

Abstract

Privacy policies are notices posted by providers and intended to inform users about privacy practices. However, extant research shows that privacy policies are often of poor quality and do not address users’ concerns. In this paper, we design and develop PPC – a privacy policy content assessment instrument to support assessments of whether offered privacy policy content provides comprehensive information addressing users’ privacy concerns. PPC is developed based on extant research, standards, and guidelines. Application of PPC to 62 privacy policies of mHealth apps available in iOS and Android demonstrates utility of PPC and suitability of PPC as assessment instrument for privacy policy content. Contributions of our research are twofold: For research, we conduct improvement design science research contributing to design theory on assessment of privacy policy content. For practice, potential applications of PPC are support in privacy policy development and identification of deficiencies in offered privacy policies. In addition, through evaluation of PPC, we reveal an insufficient current state of mHealth app privacy policy content.

Recommended Citation

Dehling, Tobias; Gao, Fangjian; and Sunyaev, Ali, "Assessment Instrument for Privacy Policy Content: Design and Evaluation of PPC" (2014). WISP 2014 Proceedings. 2.
https://aisel.aisnet.org/wisp2014/2