4 ISJLP 543 (2008-2009)
The Cost of Reading Privacy Policies

handle is hein.journals/isjlpsoc4 and id is 563 raw text is: The Cost of Reading Privacy Policies
ALEECIA M. MCDONALD & LORRIE FAITH CRANOR*
Abstract:    Companies     collect  personally  identifiable
information that website visitors are not always comfortable
sharing. One proposed remedy is to use economics rather
than legislation to address privacy risks by creating a
marketplace for privacy where website visitors would choose
to accept or reject offers for small payments in exchange for
loss of privacy. The notion of micropayments for privacy has
not been realized in practice, perhaps because advertisers
might be willing to pay a penny per name and IP address, yet
few people would sell their contact information for only a
penny.1 In this paper we contend that the time to read
privacy policies is, in and of itself, a form of payment.
Instead of receiving payments to reveal information, website
visitors must pay with their time to research policies in order
to retain their privacy. We pose the question: if website
users were to read the privacy policy for each site they visit
just once a year, what would their time be worth?
Aleecia M. McDonald is a Ph.D. candidate in Engineering and Public Policy at Carnegie
Mellon University. Lorrie Faith Cranor is an Associate Professor of Computer Science and
of Engineering and Public Policy at Carnegie Mellon University where she is director of the
CyLab Usable Privacy and Security Laboratory (CUPS).
We gratefully acknowledge Janice Tsai, Ponnurangam Kumaraguru, and Pitikorn
Tengtakul for support, feedback, and helpful comments on preliminary drafts of this work.
This paper benefited from insightful conversations with H. Scott Matthews, Jon M. Peha,
Alessandro Acquisti, and Chriss Swaney. The authors thank Robert McGuire for his
assistance with analysis. Many thanks to Michelle McGiboney and Suzy Bausch of The
Nielsen Company. This research was funded in part by U.S. Army Research Office contract
no. DAAD19-o2-1-0389 (Perpetually Available and Secure Information Systems) to
Carnegie Mellon University's CyLab.
'Simson Garfinkel, Database Nation: The Death of Privacy in the 21st Century
(Sebastopol, CA: O'Reilly & Associates, 2001), 183.

What Is HeinOnline?

With comprehensive coverage of government documents and more than 2,300 journals from inception on hundreds of subjects such as political science, criminal justice, and human rights, HeinOnline is an affordable option for colleges and universities. Documents have the authority of print combined with the accessibility of a user-friendly and powerful database.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline with pricing starting as low as $29.95

Already a HeinOnline Subscriber?