Unveiling Usability Challenges in Web Privacy Controls
Abstract
With the increasing concerns around privacy and the enforcement of data privacy laws, many websites now provide users with privacy controls. However, locating these controls can be challenging, as they are frequently hidden within multiple settings and layers. Moreover, the lack of standardization means these controls can vary widely across services. The technical or confusing terminology used to describe these controls further complicates users' ability to understand and use them effectively. This paper presents a large-scale empirical analysis investigating usability challenges of web privacy controls across 18,628 websites. While aiming for a multi-scenario view, our automated data collection faced significant hurdles, particularly in simulating sign-up and authenticated user visits, leading to more focused insights on guest visit scenarios and challenges in automated capture of dynamic user interactions. Our heuristic evaluation of three different user visit scenarios identifies significant website usability issues. Our results show that privacy policies are most common across all visit scenarios, with nudges and notices being prevalent in sign-up situations. We recommend designing privacy controls that: enhance awareness through pop-up nudges and notices; offer a table of contents as navigational aids and customized settings links in policies for more informed choice; and ensure accessibility via direct links to privacy settings from nudges.