See Events

FULLY DIGITAL (UNTIL FURTHER NOTICE) : PhD Defence Susanne Barth | Data, data, and even more data: Empowering users to make well-informed decisions about online privacy

DATA, DATA, AND EVEN MORE DATA: Empowering users to make well-informed decisions about online privacy

Due to the COVID-19 crisis the PhD defence of Susanne Barth will take place online (until further notice).

The PhD defence can be followed by a live stream.

Susanne Barth is a PhD student in the research group Communication Science (CS), faculty of Behavioural, Management and Social Sciences (BMS) and the research group Services, Cybersecurity & Safety (SCS), from the faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) . Her supervisors are prof.dr. M.D.T. de Jong and prof.dr. M. Junger from the Faculty of Behavioural, Management and Social Sciences (BMS).

Compared to traditional media, the internet and its associated technologies are probably the most significant innovation of our time. As with many aspects in human lives, technological development is also a double-edged sword. On the one hand, individuals appreciate the benefits of online services. On the other hand, they worry about the tremendous and irreversible consequences that come with those technologies. As technologies become increasingly complex, so too does the realm of what is considered private information. Although much progress has been made in the development of legislation pertaining to privacy protection, it seems that existing regulations, such as the GDPR, are broadly defined and still in their infancy. Moreover, it is reasonable to assume that educating the user to gain a thorough understanding of all the technical processes is challenging and technically knowledgeable users will be the exception rather than the rule. Furthermore, the power relationship in the online market place will most likely remain unbalanced, with scales tipping toward large market players. Moreover, the cognitive limitations influencing decision-making, such as biases and heuristic thinking, are very difficult to overcome. To counteract these difficulties and to get closer to the provision of notice, choice and consent, it is important to support the user of online services.

The overall aim of this dissertation was to develop a research-based approach toward empowering online users by ensuring that they are comprehensively informed about the data handling practices of the online services they utilize. Ultimately, educating users about data handling practices will enable them to better protect their privacy by tackling the crux of the online privacy problem: helping users understand privacy settings and policies in a way that requires a minimum of cognitive involvement, time and digital skills, while making users aware of the risks pertaining to information disclosure so that a willingness to take control of privacy online can be fostered.

To achieve this, this dissertation had two research goals. The first research goal centers around knowledge acquisition and gaining insights into the online privacy behaviors of users to better understand what factors drive information disclosure. To this end, a literature review and three empirical studies were conducted. The second research goal centers around a design approach aimed at ascertaining a viable solution to visually communicating the most relevant aspects of a privacy policy to users. For that purpose, another literature review was conducted, analyzing existing Privacy by Design guidelines and privacy visualizations. Eventually, the knowledge derived from the literature reviews and empirical studies was combined into a proposal for a user-centered privacy visualization: the Privacy Rating (

The findings of this dissertation show that using visual stimuli and simplified descriptions of otherwise complex privacy policy information can motivate users to invest more interest in how their personal data are handled. This brings the overall goal of this dissertation full circle: the empowerment of users to make well-informed decisions on what information they are willing to disclose with whom and for which purposes.