Let's Get Visual - Testing Visual Analogies and Metaphors for Conveying Privacy Policies and Data Handling Information

With EU-GDPR and related regulations, the respon-sibility to make privacy-related decisions such as to provide informed consent to data handling practices mainly rests with the user. However, current lengthy privacy policies and often deceptive cookie notices rarely facilitate truly informed consent. Related work on privacy icons or structuring privacy policies aims to enhance users' understanding but achieve mixed results. In a between-subjects study with N=379 participants we thus explored the potential of embedding privacy information in visual metaphors and analogies to support informed decision-making. Additionally, we explored whether dynamic feedback helped users understand the implications of their decisions. While both visual and textual information and feedback appeared to support users' understanding of data handling practices and alignment with personal preferences, with no significant differences between conditions, users per-ceived visualizations as more suitable and aesthetically pleasing than text. This indicates potential for using visual contexts to enhance informed consent not only within existing cookie notices but also in emerging tools such as privacy assistants or related privacy-enhancing technologies. Future work should investigate differences to currently deployed solutions and the effect of perceived pleasantness of design variants on users' understanding and decisions.