engleski

Evaluation model of privacy policy information transparency

In today's information abundance, information transparency is becoming an integral part of human rights and freedom in digital environments. The rights of the individuals to make their own choice are becoming stronger in the field of privacy protection, and with overall digital transformation, they are increasingly focused on the protection of personal data collected and processed about data subjects. In the environment of modern liberal-based social systems, individuals are placed in a role of mature and free data subjects, with extensive rights to know what data is collected and processed so that they can determine what information they want to share with whom. Also, they have a right to withdraw from undesirable and optional data processing or request the deletion or anonymization of their personal data. These rights to transparency and intervention are described by the term "user-oriented privacy", a concept whose basic idea is that respondents make informed decisions about disclosing personal data, as disclosing their personal data can change the distribution of power in relationships and create damages and risks to them. But for individuals to be able to make informed decisions and have control over their privacy, mechanisms need to be provided to ensure these rights. Therefore, the aim of transparency is to reduce the existing high information asymmetry between data controllers and data subjects, as subsequent cannot always determine what data is collected about them, to what extent and for what purpose. And in order to meet the requirements of the principles of data protection and privacy, transparency should be meaningful and meet the requirements in relation to the possibility of intervenability as a goal of privacy. In doing so, mechanisms for achieving intervenability should provide respondents with clear, prominent, easily understandable, accessible tools for consuming the right to choose in relation to the processing of their personal data, as well the rights to interrupt the processing of certain data, delete data, correct them and other related rights. In the disciplines of information management, business and information ethics, the term transparency is usually used for forms of information visibility and access to information, intentions or behaviours that are thus intentionally revealed, representing a form of communication that transmits signals between processors data and individuals, and in order to achieve the effectiveness of the tool, i.e. increase transparency, it is necessary to eliminate or minimize any "noise" as a disruptive factor in the communication process. In the context of Shannon-Weaver's mathematical model of the communication system, two essentially diverse ways of transmitting messages are distinguished: via discrete signals and via continuous signals. Discrete signals can represent only a finite number of different, recognizable states, while for continuous signals the amounts of signals can vary in an infinite set of values. In this reference framework and the broader thematic framework of privacy assurance, the former can correspond to ex-ante, tools which provide the necessary information to the data subjects before collecting and processing data, and the latter as ex-post transparency tools that provide the necessary information to the data subjects after data collection and processing. In the described context of transparency tools and technologies, privacy policy is set as an ex-ante tool for raising awareness of respondents, but also as a tool of data controller declarations, serving as the basis for user conscious decisions regarding the protection of personal data. It is a document, a set of data within limited letters, perceived as a discrete communication system, with the aim of informing data subjects with the procedures of the system or organization regarding the collection, sharing, use and storage of their personal data, showing the entire life cycle of personal data within some organization. Today, reporting on data collection and processing practices is an important aspect of data protection frameworks and regulations, such as the General Regulation on Personal Data Protection in European Union, and the effectiveness of this mechanism is an important aspect in examining information transparency. So, in order to achieve a state of information symmetry, effective transparency tools need to meet certain requirements on both dimensions of transparency. The dimension of visibility, focused on the content determinant of transparency, which reflects the degree of completeness of information and the possibility of finding it, and the dimension of inferability, characterized by qualitative characteristics of the mechanism of transparency, reflecting the degree to which information can be used to make the right decisions. The purpose of the research is to develop a model for calculating the levels of information transparency of privacy policies in deviations towards achieving optimal transparency results, i.e. information symmetry, as a basis for improving the effectiveness of transparency mechanisms. The specific goal of the research is to identify factors of dimensions of information transparency, their mutual relationship and intensity of connections as constructs within designed model of privacy policy evaluation. Based on the theoretical study, the relevant factors are determined on the dimension of visibility: 1) informativeness, 2) currentness and 3) accessibility of the text. The dimension of inferability is determined by: 1) layering, 2) conciseness and 3) understandability of the content. With proposed research the following hypotheses were tested: H1) The degree of information asymmetry can be determined using the degrees of visibility and infectivity factors; H2) The degree of information asymmetry is significantly influenced by visibility factors compared to infectivity factors and H3) By applying the designed model, it is possible to assess the information transparency of privacy policies. The study is dominated by a primarily quantitative approach to content analysis of privacy policies. The research was conducted on the documents of 152 health care institutions, of which 56 institutions are in the public health care system, while the remaining institutions are health care institutions in private sector. The reason for this is that many public health care institutions during the research in April and May 2021. did not have available privacy policies on their respected websites. That is, out of 148 health care institutions in the public health care system declared on the website of the Ministry of Health, only 37% had published their privacy policies with a unified content identifier (URI) as a set condition for sample selection. After the design of an analytical matrix and coding sheet, during the data collection, first the number of interactions required to access privacy policies as a basis for calculating the accessibility requirement coefficient and determining whether the content layering requirement was recorded (through subheadings of certain document sections or other hypertext formatting options). In the next step, the text of the document was copied and pasted into a blank Word application document in which a unit of further analysis was set up: titles were removed, e-mail addresses and hyperlinks were replaced with X not to affect results of syllable count. Furthermore, through the Wordcount option, the number of words and the number of characters (without spaces) were recorded, while the number of sentences was counted "manually" by the author, professor of Croatian language and literature. The text was then copied into the computer tool syllablecounter.org, which was selected as the most reliable for calculating the number of records after comparing the results of manual counting and by comparing different computer programs for counting records in the text. Furthermore, to help analyse the number of lexical words, the text is then copied to the text analysis tool on online-utility.org website to single out occurrences in relation to their frequency of occurrences in the text. In the next steps, the content analysis method was used to examine the fulfilment of informativeness requirements through the presence of criteria defined in the analytical matrix, then currentness, in relation to the date of publication or update of the document and information on how to inform respondents about changes in privacy policies in this document. Furthermore, based on the obtained results of the number of syllables, words and sentences, using the Flesch Reading Ease (FRE) formula for readability, the indices of text understandability were calculated, and by using The Flesch-Kincaid grade level formula the level of education of the respondents for understanding the privacy notice were determined in reference to the of 2011 census results in Croatia. Furthermore, the number of lexemes was put in proportion to the total number of words as the lexical density is set as a reference for conciseness requirement testing. The analysis was performed in the computer program Excel using custom formulas of for the Croatian language. In the absence of similar analytical matrices for measuring transparency policies, the design and content validation of the analytical matrix was carried out during the research. Firstly, as all determinants of transparency dimensions were directly operationalized, i.e. each of them was measured through only one indicator, with a different number of sub-indicators, while the determinant of informativeness was measured through a total of 14 indicators, in order to determine the consistency of the selected 14 indicators as a reliable instrument for measuring the determinant of informativeness, a reliability analysis (Cronbach's alpha reliability coefficient) was performed on data collected from a sample of public institutions and institutions in private sector as well. Both results indicate a very good reliability. Then the results of visibility and inferability dimensions obtained at 56 public health institutions were compared with those obtained at 96 private public institutions throughout t-test methods, showing that data collected is consistent. Based on the obtained research results, a conceptual model of evaluating information transparency was developed in relation to the defined dimensions of information transparency at the first level, and then in relation to the obtained factor saturations of individual determinants at each of the dimensions at the second level. In reference to results, determinants were set to reflect different distribution, as determinants of accessibility and layering substituted. Although the analysis of the collected results showed that the two dimensions, visibility and inferability are not correlated, that is the correlation between these two latent variables is close to zero, contrary to the theoretical assumption, both dimensions can be treated as separate variables or constructs. As results of performed two-factor analysis, the values of each dimension contribution in explaining the variance were calculated that can be used as a basis for model development. In absolute terms, the "share" of the visibility dimension is 32.04%, and inferability is 19.34%, which together makes 51.38% of the variance explained by the set two-factor model. That is, in relative terms, if the explained variance is set as 100%, then its visibility contributes 62.36%, and inferability 37.64% to the information transparency results. From the obtained results of calculated factor scores each determinant can be put in relation to determined transparency dimension, assessing its impact to information transparency. Results have shown that informativeness requirements have the greatest impact on the results in the visibility dimension, which is expected, since this indicator only consists of the most sub-indicators (14 of them) compared to other indicators. Furthermore, to a lesser extent, the results in the dimension are affected by the requirements for layering of the text, while the least affected they are by the currentness requirements, i.e. the publication of dates and ways of informing respondents when changing privacy policies. On the dimension of inferability, the results of information transparency are mostly influenced by the requirement of conciseness as the results of lexical density, and then the requirement of accessibility, reflected in the number of interactions to the text of the privacy policy and finally understandability an indicator of the quality and appropriateness of the language in which the information is provided in relation to the target group. However, since the results presented by the conceptual model in their interrelation represent the impact of individual determinants and dimensions of transparency on the overall result of information transparency of individual institutions, they can be directed towards examining privacy policies transparency depending on their impact on the overall result of information (a)symmetry. Therefore, the result of information (a)symmetry as a dependent variable in relation to the analysis of variances of set factor scores on both dimensions of transparency can be examined in order to test auxiliary hypotheses obtained by the set model. By conducting a Goodness-of-Fit analysis in relation to the reference results of the average results on both dimensions it was possible to determine deviations from the results in relation to changes in individual variations of factor scores over the collected data to validate model. In relation to the obtained average of all institutions in the visibility dimension, which is 0.39, the greatest influence on the results of information transparency has the determinant of layering, followed by currentness and, finally, informativeness. Furthermore, on the dimension of inferability in relation to the obtained average of all institutions, which is 0.29, from the obtained results it is possible to conclude that the determinant of understandability does indeed have the least influence on the results of information transparency. It is also possible to conclude that the determinant of accessibility has the greatest impact on the information transparency of the dimension in question. Furthermore, this research should significantly contribute to the current literature in the field of requirements engineering, integrating the concept of information (a)symmetry as an element of evaluating the performance of information transparency mechanisms.

inferability; information asymmetry; information transparency; conceptual model; privacy policy; visibility; evaluation; healthcare; requirements engineering; transparency mechanisms

nije evidentirano