Privacy remains a primary concern for most users of web and smartphone apps. Over the past couple of decades, numerous efforts have been undertaken to assure users' online privacy. However, in many situations, users have no power over how and by whom their personal information is used. Service providers often process users' information with limited transparency and lack of respect for privacy preferences, which undermines trust as well as security.
'Privacy languages' are designed to express the privacy-related preferences of users and the practices of organisations, in order to establish a privacy-preserving data handling protocol. However, in practice there has been limited adoption of these languages, by either users or data controllers. The purpose of our work within this project is to understand the strengths and limitations of existing privacy languages.
Our work has found that current privacy languages focus on enabling control for organisations, but lack focus on normal web users and on enabling their control over actual data resources. Our work also shows how divergent privacy discourses and understandings make it difficult to interpret privacy as a single idea, which creates problems for determining privacy policies.
