pith. sign in

arxiv: 2604.09518 · v3 · submitted 2026-04-10 · 💻 cs.HC

Demonstrably Informed Consent in Privacy Policy Flows: Evidence from a Randomized Experiment

Qian Ma , Aditya Majumdar , Sarah Rajtmajer , Brett Frischmann This is my paper

Pith reviewed 2026-05-10 16:45 UTC · model grok-4.3

classification 💻 cs.HC
keywords privacy policiesinformed consentpedagogical frictionrandomized experimentcomprehension quizconsent flowsedtechdata privacy
0
0 comments X

The pith

Adding pedagogical friction to privacy policy flows increases rates of demonstrated user comprehension before consent.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines whether small design interventions can generate evidence that users understand key terms in a privacy policy rather than relying on a single unchecked click. Through a randomized experiment with 293 parents reviewing an edtech app's policy, it compares six conditions that vary how the policy is presented and paced, followed by a comprehension quiz. Formats such as slides and paced sections raise the share of users who pass the quiz on their first attempt, and retakes allow further improvement for many. When consent is not gated on passing the quiz, nearly all participants who score below the threshold still agree to the terms. This shows that standard flows can capture agreement without demonstrated understanding while pedagogical friction provides measurable evidence at a measurable cost in user time.

Core claim

Pedagogical friction, implemented as minimal embedded interventions such as slide-based presentation or paced sectioning with optional quiz retakes, raises the percentage of participants who demonstrate comprehension by scoring at least 80 percent on a six-question quiz about consequential policy terms. The slide-based condition reached the highest first-attempt pass rate at 41.7 percent, followed by the paced sectioned condition at 30.6 percent; 64.9 percent of participants who took a second attempt improved their scores. In the ungated conditions, 97.3 percent of participants who failed the threshold still chose to consent, indicating that agreement can be recorded without evidence of user

What carries the argument

A randomized experiment with six conditions that vary policy presentation format and pacing, followed by a six-question comprehension quiz and optional retake for three of the groups, measuring both first-attempt threshold attainment and final consent decisions.

If this is right

  • Slide-based presentation achieves the highest first-attempt threshold attainment at 41.7 percent.
  • Paced and sectioned presentation reaches 30.6 percent first-attempt attainment.
  • 64.9 percent of participants improve their quiz scores when allowed a second attempt.
  • Ungated consent flows record agreement from 97.3 percent of users who do not meet the comprehension threshold.
  • Pedagogical friction adds measurable time and burden while supplying evidence of comprehension.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Designers could embed similar quiz-based checks in other consent interfaces to create auditable records of user understanding.
  • The added time cost of friction could be traded against reduced legal risk if courts later require evidence of informed consent.
  • Testing the same conditions with non-parent users or policies outside education would show whether the observed gains generalize.
  • If quiz performance does not predict later user behavior such as data-sharing decisions, the evidentiary value of the friction would be limited.

Load-bearing premise

Scores on the six-question quiz reliably indicate whether users understand the important consequences of the privacy policy, and the sample of 293 parents represents typical users of such apps.

What would settle it

A replication or larger study in which the slide-based and paced conditions produce no higher first-attempt pass rates than the control, or in which gating consent on the quiz threshold changes consent rates by less than 5 percent.

Figures

Figures reproduced from arXiv: 2604.09518 by Aditya Majumdar, Brett Frischmann, Qian Ma, Sarah Rajtmajer.

Figure 1
Figure 1. Figure 1: Study flow: participants first completed a friction-based Policy review Phase with their assigned groups, then a [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Six experimental conditions (G0-G5) for privacy policy review: (G0) plain text policy; (G1) highlighted policy; (G2) [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: First-attempt quiz accuracy and threshold attain [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Retakers’ mean accuracy, second-attempt thresh [PITH_FULL_IMAGE:figures/full_fig_p007_4.png] view at source ↗
Figure 6
Figure 6. Figure 6: Consent rates by condition, stratified by demon [PITH_FULL_IMAGE:figures/full_fig_p008_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Privacy policy used as the study stimulus. [PITH_FULL_IMAGE:figures/full_fig_p015_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: G0 plain text privacy policy review interface. [PITH_FULL_IMAGE:figures/full_fig_p016_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: G1 highlighted privacy policy review interface. [PITH_FULL_IMAGE:figures/full_fig_p017_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: G2 highlighted privacy policy review interface with explanatory blurbs. [PITH_FULL_IMAGE:figures/full_fig_p018_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: G3 timed slide-based policy review interface: full policy page (top) and a sample timed slide recap (bottom). [PITH_FULL_IMAGE:figures/full_fig_p019_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: G4 sectioned highlighted privacy policy review interface with pacing. [PITH_FULL_IMAGE:figures/full_fig_p020_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: G5 sectioned highlighted privacy policy review interface with blurbs and pacing. [PITH_FULL_IMAGE:figures/full_fig_p021_13.png] view at source ↗
read the original abstract

Privacy policies govern how personal data is collected, used, and shared. Yet, in most privacy-policy consent flows, agreement is operationalized as a single click at the end of a long, opaque policy document. Recent privacy-law scholarship has argued for a standard of demonstrably informed consent. That is, the party drafting and designing privacy-policy consent mechanisms must generate reliable evidence that a person demonstrates comprehension of the consequential terms to which they agree. To this end, we study pedagogical friction as a design framing: minimal interventions embedded within a privacy-policy consent flow that aim to support demonstrated comprehension while keeping burden on the user low. In a randomized experiment, we tested pedagogical friction for demonstrably informed consent in the context of a privacy policy for an edtech app for young children. We recruited 293 parents of kids ages 3-8 to review the app's privacy policy under one of six conditions that varied presentation format and pacing, then complete a six-question comprehension quiz. Three conditions offered a second policy review and quiz retake for participants who did not pass this quiz on their first attempt. We find that the slide-based condition (G3) achieved the highest first-attempt threshold attainment (>=80%) (41.7%), followed by the paced, sectioned condition (G4) (30.6%). In the retake conditions, 64.9% of participants who completed a second attempt improved their score. Notably, in conditions that did not gate consent on demonstrated comprehension, 97.3% of participants who scored below the threshold still chose to consent, suggesting that ungated consent flows can record agreement without demonstrated comprehension. Our results suggest that pedagogical friction can strengthen the evidentiary basis of consent and clarify what it costs in time and burden.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript reports results from a randomized experiment with 293 parents of children ages 3-8, testing six conditions of pedagogical friction (varying presentation format and pacing) embedded in an edtech app's privacy policy consent flow. Participants reviewed the policy and completed a six-question comprehension quiz (80% threshold); three conditions allowed a retake. Key findings are highest first-attempt pass rates in the slide-based condition (41.7%) and paced sectioned condition (30.6%), 64.9% of retakers improving their score, and 97.3% of below-threshold participants still consenting in ungated conditions.

Significance. If the quiz validly measures comprehension of consequential policy terms, the work supplies rare randomized empirical evidence on design interventions that can raise the evidentiary standard for consent while quantifying time/burden costs. The ungated consent result directly illustrates the gap between recorded agreement and demonstrated understanding, with clear relevance to HCI interface design and privacy-law scholarship on demonstrably informed consent.

major comments (3)
  1. [Methods] Methods: The development, pilot validation, and content coverage of the six-question comprehension quiz are not described. No information is given on how questions were generated, whether they were tested for reliability or face validity, or whether they address specific consequential terms (third-party sharing, data retention, parental rights). Without this, quiz scores cannot be treated as reliable evidence of understanding, which is load-bearing for the central claim of strengthened evidentiary basis of consent.
  2. [Results] Results: No statistical tests, p-values, confidence intervals, or effect sizes are reported for the attainment-rate differences (41.7% vs. 30.6%), the 64.9% retake improvement, or the 97.3% ungated consent figure. The per-condition sample sizes and any power analysis are also omitted, so it is impossible to determine whether the observed percentages reflect reliable differences or sampling variability.
  3. [Methods] Methods: The randomization procedure (simple, blocked, or stratified) and the handling of dropouts, incomplete quizzes, or participants who did not reach the consent stage are not specified. These omissions directly affect assessment of internal validity for a study whose central claims rest on between-condition comparisons.
minor comments (2)
  1. Condition labels (G3, G4, etc.) are referenced in the abstract and results without an explicit mapping or summary table; a table listing all six conditions, their key features, and outcome metrics would improve clarity.
  2. [Results] The abstract states the sample as 293 parents but does not break down completion rates or final analytic N per condition; adding these figures would aid interpretation of the reported percentages.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for their constructive and detailed comments, which highlight important areas for improving the transparency and rigor of our methods and results reporting. We address each major comment point by point below and commit to revisions that strengthen the manuscript without altering its core findings or claims.

read point-by-point responses

  1. Referee: [Methods] Methods: The development, pilot validation, and content coverage of the six-question comprehension quiz are not described. No information is given on how questions were generated, whether they were tested for reliability or face validity, or whether they address specific consequential terms (third-party sharing, data retention, parental rights). Without this, quiz scores cannot be treated as reliable evidence of understanding, which is load-bearing for the central claim of strengthened evidentiary basis of consent.

    Authors: We agree that the current manuscript lacks sufficient detail on the quiz's development and validation, which is necessary to support the validity of our comprehension measure. In the revised manuscript, we will add a dedicated methods subsection describing how the six questions were generated directly from key consequential terms in the edtech app's privacy policy (including third-party sharing, data retention periods, and parental rights under relevant regulations). We will also report on the pilot validation process, including face validity testing with a small sample of parents and any adjustments for clarity or reliability. This addition will provide the required evidentiary support for treating quiz performance as a proxy for demonstrated understanding. revision: yes

  2. Referee: [Results] Results: No statistical tests, p-values, confidence intervals, or effect sizes are reported for the attainment-rate differences (41.7% vs. 30.6%), the 64.9% retake improvement, or the 97.3% ungated consent figure. The per-condition sample sizes and any power analysis are also omitted, so it is impossible to determine whether the observed percentages reflect reliable differences or sampling variability.

    Authors: We acknowledge that the results section omits formal statistical reporting, which limits evaluation of the reliability of the observed differences. In the revision, we will add chi-square tests (or Fisher's exact tests where appropriate) for between-condition comparisons of first-attempt pass rates, along with p-values, 95% confidence intervals, and effect sizes (e.g., Cohen's h). We will also report exact per-condition sample sizes (from the total N=293) and include a post-hoc power analysis to assess whether the study was powered to detect the reported effects. These changes will enable readers to properly gauge statistical significance and practical relevance. revision: yes

  3. Referee: [Methods] Methods: The randomization procedure (simple, blocked, or stratified) and the handling of dropouts, incomplete quizzes, or participants who did not reach the consent stage are not specified. These omissions directly affect assessment of internal validity for a study whose central claims rest on between-condition comparisons.

    Authors: We will clarify these procedural details in the revised methods section to enhance transparency and internal validity assessment. The study employed simple randomization via the Qualtrics survey platform, with participants assigned upon entry. We will report the number of dropouts and incomplete responses at each stage (e.g., prior to quiz completion or consent), confirm that participants with incomplete quizzes were excluded from analysis, and note that all who reached the consent decision were included regardless of quiz score in ungated conditions. This will allow for a fuller evaluation of the between-condition comparisons. revision: yes

Circularity Check

0 steps flagged

No circularity: direct empirical reporting of randomized experiment outcomes

full rationale

The paper presents results from a randomized experiment with 293 participants, reporting observed percentages such as first-attempt threshold attainment rates (41.7% in G3, 30.6% in G4), improvement on retakes (64.9%), and ungated consent rates (97.3% among low scorers). No derivations, equations, fitted parameters, or predictions are present that could reduce to inputs by construction. Claims about pedagogical friction are supported solely by these direct measurements of quiz performance and consent choices, with no self-citation chains, self-definitional loops, or renamed known results. The quiz validity is an external assumption about measurement quality, not a circularity in the reported chain.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on the quiz serving as a valid proxy for comprehension of consequential policy terms and on the assumption that random assignment produced comparable groups across the six conditions.

axioms (2)
  • domain assumption The six-question quiz validly measures comprehension of the privacy policy's consequential terms.
    Quiz performance is used as the primary outcome for demonstrated informed consent.
  • domain assumption Participants were randomly assigned to conditions with no systematic bias in recruitment or assignment.
    The study is described as a randomized experiment.

pith-pipeline@v0.9.0 · 5630 in / 1433 out tokens · 80161 ms · 2026-05-10T16:45:41.409726+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

67 extracted references · 67 canonical work pages · 1 internal anchor

  1. [1]

    Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in warningland: a{Large- Scale} field study of browser security warning effectiveness. In22nd USENIX security symposium (USENIX Security 13). 257–272

    work page 2013

  2. [2]

    Balash, Monica Kodwani, Chris Kanich, and Adam J

    Mir Masood Ali, David G. Balash, Monica Kodwani, Chris Kanich, and Adam J. Aviv. 2024. Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps’ Privacy Policies.Proc. Priv. Enhancing Technol.2024, 4 (2024), 142–166. https://doi.org/10.56553/POPETS-2024-0111

    work page doi:10.56553/popets-2024-0111 2024

  3. [3]

    Melisa Allela. 2021. Introduction to microlearning.Columbia, Canada: Common- wealth of Learning(2021)

    work page 2021

  4. [4]

    I would not install an app with this label

    David G Balash, Mir Masood Ali, Chris Kanich, and Adam J Aviv. 2024. " I would not install an app with this label": Privacy Label Impact on Risk Perception and Willingness to Install {iOS} Apps. InTwentieth Symposium on Usable Privacy and Security (SOUPS 2024). 413–432

    work page 2024

  5. [5]

    European Data Protection Board. 2020. Guidelines 05/2020 on consent under regulation 2016/679

    work page 2020

  6. [6]

    Federico Cabitza, Andrea Campagner, Davide Ciucci, and Andrea Seveso. 2019. Programmed inefficiencies in DSS-supported human decision making. InInter- national Conference on Modeling Decisions for Artificial Intelligence. Springer, 201–212

    work page 2019

  7. [7]

    Matthew Chalmers. 2003. Seamful design and ubicomp infrastructure. InPro- ceedings of Ubicomp 2003 workshop at the crossroads: The interaction of HCI and systems issues in Ubicomp. 577–584

    work page 2003

  8. [8]

    Anna L Cox, Sandy JJ Gould, Marta E Cecchinato, Ioanna Iacovides, and Ian Renfree. 2016. Design frictions for mindful interactions: The case for microbound- aries. InProceedings of the 2016 CHI conference extended abstracts on human factors in computing systems. 1389–1397

    work page 2016

  9. [9]

    Jessica Cronin and Marianne L Durham. 2024. Microlearning: a concept analysis. CIN: Computers, Informatics, Nursing42, 6 (2024), 413–420

    work page 2024

  10. [10]

    J Solove Daniel. 2013. Privacy self-management and the consent dilemma.Har- vard Law Review126, 7 (2013), 1880–1881

    work page 2013

  11. [11]

    Jeffrey H. Dasteel. 2017. Consumer Click Arbitration: A Review of On- line Consumer Arbitration Agreements.Arbitration Law Review9 (2017), 1–. https://insight.dickinsonlaw.psu.edu/cgi/viewcontent.cgi?article=1215& context=arbitrationlawreview Accessed 2026-02-25

    work page 2017

  12. [12]

    Jennie Chang De Gagne, Hyeyoung Kate Park, Katherine Hall, Amanda Wood- ward, Sandra Yamane, and Sang Suk Kim. 2019. Microlearning in health profes- sions education: scoping review.JMIR medical education5, 2 (2019), e13997

    work page 2019

  13. [13]

    Hai Tran Duong, Thuan Dao Minh Trung, Thuan Lam Duy, and Thanh Nguyen Phuoc. 2019. kids-zone (GitHub repository). https://github.com/daomtthuan/ kids-zone. Last updated: 7 Dec 2019 (commit a8b59ec). Accessed: 15 June 2025

    work page 2019

  14. [14]

    Serge Egelman and Eyal Péer. 2015. Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS). InProceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, CHI 2015, Seoul, Republic of Korea, April 18-23, 2015, Bo Begole, Jinwoo Kim, Kori Inkpen, and Woontack Woo (Eds.). ACM, 2873–2882. https://doi.org/10....

    work page doi:10.1145/2702123.2702249 2015

  15. [15]

    Miller, and Emily L

    Theodore Eisenberg, Geoffrey P. Miller, and Emily L. Sherwin. 2007.Arbitration’s Summer Soldiers: An Empirical Study of Arbitration Clauses in Consumer and Nonconsumer Contracts. Legal Studies Research Paper 08-017. Cornell Law School. https://doi.org/10.2139/ssrn.1076968 NYU Law and Economics Research Paper No. 08-28. Available at SSRN

    work page doi:10.2139/ssrn.1076968 2007

  16. [16]

    Federal Trade Commission. 2020. Complying with COPPA: Frequently Asked Questions. FTC Business Guidance Resource. https://www.ftc.gov/business- guidance/resources/complying-coppa-frequently-asked-questions

    work page 2020

  17. [17]

    Federal Trade Commission. 2026. 16 CFR Part 312: Children’s Online Privacy Protection Rule (COPPA Rule). Electronic Code of Federal Regulations (eCFR). https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-312 Source: 78 FR 4008 (Jan. 17, 2013), as amended at 90 FR 16977 (Apr. 22, 2025). Displaying Title 16 up to date as of Feb. 23, 2026. Acce...

    work page 2026

  18. [18]

    B. J. Fogg. 2002. Persuasive technology: using computers to change what we think and do.Ubiquity2002, December (2002), 5. https://doi.org/10.1145/764008.763957

    work page doi:10.1145/764008.763957 2002

  19. [19]

    B. J. Fogg. 2009. A behavior model for persuasive design. InPersuasive Technology, Fourth International Conference, PERSUASIVE 2009, Claremont, California, USA, April 26-29, 2009. Proceedings (ACM International Conference Proceeding Series, Vol. 350), Samir Chatterjee and Parvati Dev (Eds.). ACM, 40. https://doi.org/10. 1145/1541948.1541999

    work page arXiv 2009

  20. [20]

    Batya Friedman, Peyina Lin, and Jessica K Miller. 2005. Informed consent by design.Security and usability2001 (2005), 503–530

    work page 2005

  21. [21]

    Brett Frischmann and Susan Benesch. 2023. Friction-in-design regulation as 21st century time, place, and manner restriction.Yale JL & Tech.25 (2023), 376. 11 Q. Ma et al

    work page 2023

  22. [22]

    Frischmann and Sarah Rajtmajer

    Brett M. Frischmann and Sarah Rajtmajer. 2026. Defending Consent in Privacy Law.SSRN Electronic Journal(Feb. 2026). https://ssrn.com/abstract=6204478 Available at SSRN: 6204478

    work page 2026

  23. [23]

    Brett M Frischmann and Moshe Y Vardi. 2024. Better digital contracts with prosocial friction-in-design.A vailable at SSRN 4918003(2024)

    work page 2024

  24. [24]

    GDPR-Info.eu. 2026. Art. 13 GDPR: Information to be provided where personal data are collected from the data subject. https://gdpr-info.eu/art-13-gdpr/ Accessed 2026-02-25

    work page 2026

  25. [25]

    Colin M Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L Toombs

    work page

  26. [26]

    InProceedings of the 2018 CHI conference on human factors in computing systems

    The dark (patterns) side of UX design. InProceedings of the 2018 CHI conference on human factors in computing systems. 1–14

    work page 2018

  27. [27]

    Barbara Grosse-Hering, Jon Mason, Dzmitry Aliakseyeu, Conny Bakker, and Pieter Desmet. 2013. Slow design for meaningful interactions. InProceedings of the SIGCHI conference on human factors in computing systems. 3431–3440

    work page 2013

  28. [28]

    David J Grüning, Julia Kamin, Folco Panizza, Matthew Katsaros, and Philipp Lorenz-Spreen. 2024. A framework for promoting online prosocial behavior via digital interventions.Communications Psychology2, 1 (2024), 6

    work page 2024

  29. [29]

    Hana Habib and Lorrie Faith Cranor. 2022. Evaluating the usability of privacy choice mechanisms. InEighteenth Symposium on Usable Privacy and Security (SOUPS 2022). 273–289

    work page 2022

  30. [30]

    Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Cranor, Joel Reidenberg, Norman Sadeh, and Florian Schaub. 2021. Toggles, dollar signs, and triangles: How to (in) effectively convey privacy choices with icons and link texts. InProceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–25

    work page 2021

  31. [31]

    Theo Hug, Martin Lindner, and Peter A Bruck. 2006. Microlearning: Emerging concepts, practices and technologies after e-Learning.Proceedings of Microlearn- ing 2005(2006)

    work page 2006

  32. [32]

    Why should I read the privacy policy, I just need the service

    Duha Ibdah, Nada Lachtar, Satya Meenakshi Raparthi, and Anys Bacha. 2021. “Why should I read the privacy policy, I just need the service”: A study on attitudes and perceptions toward privacy policies.IEEE access9 (2021), 166465–166487

    work page 2021

  33. [33]

    Ben Kaiser, Jerry Wei, Eli Lucherini, Kevin Lee, J Nathan Matias, and Jonathan Mayer. 2021. Adapting security warnings to counter online disinformation. In 30th USENIX Security Symposium (USENIX Security 21). 1163–1180

    work page 2021

  34. [34]

    Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W Reeder

    work page

  35. [35]

    nutrition label

    A" nutrition label" for privacy. InProceedings of the 5th Symposium on Usable Privacy and Security. 1–12

    work page

  36. [36]

    Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010. Standardizing privacy notices: an online study of the nutrition label approach. InProceedings of the SIGCHI Conference on Human factors in Computing Systems. 1573–1582

    work page 2010

  37. [37]

    Nancy S Kim. 2017. Relative consent and contract law.Nev. LJ18 (2017), 165

    work page 2017

  38. [38]

    2019.Consentability: Consent and its limits

    Nancy S Kim. 2019.Consentability: Consent and its limits. Cambridge University Press

    work page 2019

  39. [39]

    Qian Ma, Yingfan Zhou, Shubhang Kaushik, Aamod Joshi, Aditya Ma- jumdar, Noah Apthorpe, Yan Shvartzshnaider, Sarah Rajtmajer, and Brett Frischmann. 2026. Learning Password Best Practices Through In-Task Instruction. arXiv:2601.06650v2(2026)

    work page internal anchor Pith review Pith/arXiv arXiv 2026

  40. [40]

    Dominique Machuletz and Rainer Böhme. 2020. Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR.Proc. Priv. Enhancing Technol.2020, 2 (2020), 481–498. https://doi.org/10.2478/POPETS-2020-0037

    work page doi:10.2478/popets-2020-0037 2020

  41. [41]

    Arunesh Mathur, Gunes Acar, Michael J Friedman, Eli Lucherini, Jonathan Mayer, Marshini Chetty, and Arvind Narayanan. 2019. Dark patterns at scale: Findings from a crawl of 11K shopping websites.Proceedings of the ACM on human- computer interaction3, CSCW (2019), 1–32

    work page 2019

  42. [42]

    Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies.Isjlp4 (2008), 543

    work page 2008

  43. [43]

    Susan Michie, Maartje M Van Stralen, and Robert West. 2011. The behaviour change wheel: a new method for characterising and designing behaviour change interventions.Implementation science6, 1 (2011), 42

    work page 2011

  44. [44]

    Lynette I Millett, Batya Friedman, and Edward Felten. 2001. Cookies and web browser design: Toward realizing informed consent online. InProceedings of the SIGCHI conference on Human factors in computing systems. 46–52

    work page 2001

  45. [45]

    Wali Khan Monib, Atika Qazi, and Rosyzie Anna Apong. 2025. Microlearning beyond boundaries: A systematic review and a novel framework for improving learning outcomes.Heliyon11, 2 (2025)

    work page 2025

  46. [46]

    Deirdre K Mulligan, Colin Koopman, and Nick Doty. 2016. Privacy is an es- sentially contested concept: a multi-dimensional analytic for mapping privacy. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences374, 2083 (2016), 20160118

    work page 2016

  47. [47]

    Chiara Natali et al. 2023. Per aspera ad astra, or flourishing via friction: Stimulat- ing cognitive activation by design through frictional decision support systems. InCEUR workshop proceedings, Vol. 3481. CEUR-WS, 15–19

    work page 2023

  48. [48]

    Helen Nissenbaum. 2011. A contextual approach to privacy online.Daedalus 140, 4 (2011), 32–48

    work page 2011

  49. [49]

    Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal

    work page

  50. [50]

    InProceedings of the 2020 CHI conference on human factors in computing systems

    Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence. InProceedings of the 2020 CHI conference on human factors in computing systems. 1–13

    work page 2020

  51. [51]

    Jonathan A Obar and Anne Oeldorf-Hirsch. 2020. The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services.Information, communication & society23, 1 (2020), 128–147

    work page 2020

  52. [52]

    Office for Human Research Protections. 2026. Informed Consent FAQs. https://www.hhs.gov/ohrp/regulations-and-policy/guidance/faq/informed- consent/index.html

    work page 2026

  53. [53]

    2012.Communication and persuasion: Central and peripheral routes to attitude change

    Richard E Petty and John T Cacioppo. 2012.Communication and persuasion: Central and peripheral routes to attitude change. Springer Science & Business Media

    work page 2012

  54. [54]

    Protection Regulation. 2016. Regulation (EU) 2016/679 of the European Parlia- ment and of the Council.Regulation (eu)679, 2016 (2016), 10–3

    work page 2016

  55. [55]

    Joel R Reidenberg, Travis Breaux, Lorrie Faith Cranor, Brian French, Amanda Grannis, James T Graves, Fei Liu, Aleecia McDonald, Thomas B Norton, Rohan Ramanath, et al . 2015. Disagreeable privacy policies: Mismatches between meaning and users’ understanding.Berkeley Tech. LJ30 (2015), 39

    work page 2015

  56. [56]

    Rajagopal Sankaranarayanan, Javier Leung, Victoria Abramenka-Lachheb, Grace Seo, and Ahmed Lachheb. 2023. Microlearning in diverse contexts: A bibliometric analysis.TechTrends67, 2 (2023), 260–276

    work page 2023

  57. [57]

    Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. InEleventh symposium on usable privacy and security (SOUPS 2015). 1–17

    work page 2015

  58. [58]

    Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying wolf: An empirical study of ssl warning effectiveness.. In USENIX security symposium. Montreal, Canada, 399–416

    work page 2009

  59. [59]

    Jenny Tang, Hannah Shoemaker, Ada Lerner, and Eleanor Birrell. 2021. Defining privacy: How users interpret technical terms in privacy policies.Proceedings on Privacy Enhancing Technologies(2021)

    work page 2021

  60. [60]

    Christine Utz, Matthias Michels, Martin Degeling, Ninja Marnau, and Ben Stock

    work page

  61. [61]

    Comparing large-scale privacy and security notifications.Proceedings on Privacy Enhancing Technologies(2023)

    work page 2023

  62. [62]

    Isabel Wagner. 2023. Privacy policies across the ages: content of privacy policies 1996–2021.ACM Transactions on Privacy and Security26, 3 (2023), 1–32

    work page 2023

  63. [63]

    Justin Woodring, Katherine Perez, and Aisha Ali-Gombe. 2024. Enhancing privacy policy comprehension through privacify: A user-centric approach using advanced language models.Computers & Security145 (2024), 103997

    work page 2024

  64. [64]

    persistent identifier

    Emily Zohar, Paul Bloom, and Michael Inzlicht. 2026. Against frictionless AI. Communications Psychology4, 1 (2026), 39. https://doi.org/10.1038/s44271-026- 00402-1 12 Demonstrably Informed Consent in Privacy Policy Flows Table 4: Participant demographics summary. Gender% Age% Female 54.6 19-30 15.8 Male 45.4 31-40 50.7 41-50 27.2 51-64 6.3 Education% Hous...

    work page doi:10.1038/s44271-026- 2026

  65. [65]

    Activities may collect information from children

    THE INFORMATION WE COLLECT FROM CHILDREN, HOW WE USE IT, AND HOW AND WHEN WE COMMUNICATE WITH PARENTS KidsZone offers to its users a range of sites and applications, some targeted at children. Activities may collect information from children. We retain child-collected personal data only as long as necessary for the activity, security, or legal requirement...

    work page

  66. [66]

    Please keep in mind that a request to delete records may lead to a termination of an account, membership, or other service

    PARENTAL CHOICES AND CONTROLS At any time, parents can refuse to permit us to collect further personal information from their children in association with a particular account, and can request that we delete from our records the personal information we have collected in connection with that account. Please keep in mind that a request to delete records may...

    work page

  67. [67]

    ARBITRATION of DISPUTES In the event a dispute shall arise between the parties to this policy, it is hereby agreed that the dispute shall be referred to United States Arbitration and Mediation for arbitration in accordance with United States Arbitration and Mediation Rules of Arbitration. “Dispute” includes any claim, dispute, action, or other controversy...

    work page