Six Privacy and Usability Heuristics: from grounded models to validated new heuristics of usable privacy

Usable privacy is rather a legislative requirement than only a software quality. Enhancing the transparency of privacy policy interfaces stands as a challenge that computer science must address to enhance users trust in technology. Instead of providing long and complex privacy policies, we need to design more usable interfaces that empower laypeople to protect their privacy online. In this thesis, we aimed at creating broad usability criteria for inspecting such interfaces. After a qualitative secondary analysis, composed of snowballing literature review, thematic analysis, cluster analysis, and empirical evaluation, this thesis creates six usable privacy heuristics (push#). When applied to evaluate privacy policy interfaces for laypeople, the push# heuristics enhances the downstream utility on the number of catastrophic problems discovered. We also created preliminary usable privacy guidelines (pug#) and modeled a new process for creating new usability criteria. In addition, this thesis also provides: recommendations for the usability of parental privacy controls; a systematic mapping of usability heuristics for privacy policy interfaces; models of heuristic evaluation for novice evaluators; a method to enhance the usability of privacy policies with card sorting analysis; overview of privacy expectations on user experience regarding connectedautonomous vehicles; gesturebased interface prototype to enhance privacy in health systems; a preliminary ontology for usability findings; and usability heuristics for mobile games and elderly players. We discuss how future studies could explore the employment of our heuristics and guidelines to specific domains, such as human-robot interaction and human-artificial intelligence interaction. Finally, we propose the study of nudging usability to enhance privacy protection regardless of privacyprotection tools. (AU)