From Design Requirements to Effective Privacy Notifications: Empowering mHealth Users to Make Informed Decisions

To date, there are no satisfactory design requirements for privacy notifications, which constitute a conceptual means of informing users of online data services about how their personal data are processed and guide the decisions they make. Contextualising privacy notifications in the field of personal health tracking, we elicit a set of design requirements from the literature, implement a prototype, and conduct a qualitative, iterative lab study to evaluate the efficacy of the requirements immanent in the prototype. Our findings show that privacy notifications have the potential to facilitate usable transparency and intervenability in the ecosystem of mobile devices. The feedback obtained about the prototype lends itself to a refined set of design requirements presented in this paper. Implementing the principles of human-centred design, these requirements reflect building blocks that can help designers create usable tools that accommodate the needs of users of mobile health services.