Legally compliant personalised prioritisation of privacy policy information shows no effect on user engagement, comprehension, or workload

Privacy policies function as both legal documents and information sources for users, but their length and complexity often discourage engagement. In this paper, we investigate whether a personalised approach can address this issue by prioritising information that concerns individual users most while maintaining a policy's legal compliance on disclosure. We first explored whether personal characteristics can be used to predict a person's most concerned category and, hence, serve as a baseline for personalisation. We then conducted an eye-tracking experiment and interviews (n = 30) to understand the effectiveness of personalised reordering of privacy policies. In the interviews, many participants perceived personalised reordering as helpful, although others raised concerns about the invasion of privacy through this personalisation. The eye-tracking results indicate that personalised reordering leads to higher engagement for the first few sentences of a privacy policy. Based on our findings, we present design recommendations for creating legally compliant forms of privacy disclosures that encourage user engagement as well as discussions and implications on privacy disclosure compliance.

Meihe Xu, Jannis Strecker-Bischoff, Clément Guitton, Kenan Bektaş, Aurelia Tamò-Larrieux, and Simon Mayer. 2026. Legally compliant personalised prioritisation of privacy policy information shows no effect on user engagement, comprehension, or workload. Behaviour & Information Technology (2026). https://doi.org/10.1080/0144929X.2026.2692098

@article{Xu2026LegallyCompliant,
author = {Xu, Meihe and Strecker-Bischoff, Jannis and Guitton, Cl\'{e}ment and Bekta\c{s}, Kenan and Tam\`{o}-Larrieux, Aurelia and Mayer, Simon},
title = {Legally compliant personalised prioritisation of privacy policy information shows no effect on user engagement, comprehension, or workload},
journal = {Behaviour \& Information Technology},
year = {2026},
publisher = {Taylor \& Francis},
doi = {10.1080/0144929X.2026.2692098},
url = {https://doi.org/10.1080/0144929X.2026.2692098},
abstract = {Privacy policies function as both legal documents and information sources for users, but their length and complexity often discourage engagement. In this paper, we investigate whether a personalised approach can address this issue by prioritising information that concerns individual users most while maintaining a policy's legal compliance on disclosure. We first explored whether personal characteristics can be used to predict a person's most concerned category and, hence, serve as a baseline for personalisation. We then conducted an eye-tracking experiment and interviews (n = 30) to understand the effectiveness of personalised reordering of privacy policies. In the interviews, many participants perceived personalised reordering as helpful, although others raised concerns about the invasion of privacy through this personalisation. The eye-tracking results indicate that personalised reordering leads to higher engagement for the first few sentences of a privacy policy. Based on our findings, we present design recommendations for creating legally compliant forms of privacy disclosures that encourage user engagement as well as discussions and implications on privacy disclosure compliance.},
keywords = {personalisation, privacy policies, personalised law, eye tracking, privacy disclosure, user study}
}