Table of Contents
Fetching ...

A Scoping Review and Guidelines on Privacy Policy's Visualization from an HCI Perspective

Shuning Zhang, Eve He, Sixing Tao, Yuting Yang, Ying Ma, Ailei Wang, Xin Yi, Hewu Li

TL;DR

The paper analyzes the evolution of privacy policy visualization within HCI by mapping 65 top-tier studies onto a four-stage design lifecycle (context, requirements, design, evaluation). It identifies four dynamic patterns: (1) moving from information overload to load management, (2) a co-evolution with automation and NLP/LLMs, (3) a tension between general standards and context-specific adaptations, and (4) multi-stakeholder negotiation shaping deployment. It then offers four forward-looking directions—adaptive generative interfaces, context-aware situated visualization, integrated multi-device visualization, and stakeholder-aligned production workflows—culminating in actionable guidelines for the CHI community. The work advances understanding of how privacy policy visualization can become an intelligent, adaptive, user-empowering tool rather than static, opaque text. Practically, it informs designers, engineers, and policymakers on how to bridge regulatory demands with usable, effective user interfaces for privacy decisions.

Abstract

Privacy Policies are a cornerstone of informed consent, yet a persistent gap exists between their legal intent and practical efficacy. Despite decades of Human-Computer Interaction (HCI) research proposing various visualizations, user comprehension remains low, and designs rarely see widespread adoption. To understand this landscape and chart a path forward, we synthesized 65 top-tier papers using a framework adapted from the user-centered design lifecycle. Our analysis presented findings of the field's evolution across four dimensions: (1) the trade-off between information load and decision efficacy, which demonstrates a shift from augmenting disclosures to prioritizing information condensation and cognitive load management to counter the inefficacy of comprehensive texts, (2) the co-evolutionary dynamic of design and automation, revealing that complex design ambitions such as context-awareness drove the need for advanced NLP, while recent LLM breakthroughs are enabling the semantic interpretation required to realize those designs, (3) the tension between generality and specificity, highlighting the divergence between standardized, cross-platform solutions and the increasing necessity for specialized, context-aware interaction patterns in IoT and immersive environments, and (4) balancing stakeholder opinions, which shows that visualization efficacy is constrained by the complex interplay of regulatory mandates, developer capabilities and provider incentives. We conclude by outlining four critical challenges for future research.

A Scoping Review and Guidelines on Privacy Policy's Visualization from an HCI Perspective

TL;DR

The paper analyzes the evolution of privacy policy visualization within HCI by mapping 65 top-tier studies onto a four-stage design lifecycle (context, requirements, design, evaluation). It identifies four dynamic patterns: (1) moving from information overload to load management, (2) a co-evolution with automation and NLP/LLMs, (3) a tension between general standards and context-specific adaptations, and (4) multi-stakeholder negotiation shaping deployment. It then offers four forward-looking directions—adaptive generative interfaces, context-aware situated visualization, integrated multi-device visualization, and stakeholder-aligned production workflows—culminating in actionable guidelines for the CHI community. The work advances understanding of how privacy policy visualization can become an intelligent, adaptive, user-empowering tool rather than static, opaque text. Practically, it informs designers, engineers, and policymakers on how to bridge regulatory demands with usable, effective user interfaces for privacy decisions.

Abstract

Privacy Policies are a cornerstone of informed consent, yet a persistent gap exists between their legal intent and practical efficacy. Despite decades of Human-Computer Interaction (HCI) research proposing various visualizations, user comprehension remains low, and designs rarely see widespread adoption. To understand this landscape and chart a path forward, we synthesized 65 top-tier papers using a framework adapted from the user-centered design lifecycle. Our analysis presented findings of the field's evolution across four dimensions: (1) the trade-off between information load and decision efficacy, which demonstrates a shift from augmenting disclosures to prioritizing information condensation and cognitive load management to counter the inefficacy of comprehensive texts, (2) the co-evolutionary dynamic of design and automation, revealing that complex design ambitions such as context-awareness drove the need for advanced NLP, while recent LLM breakthroughs are enabling the semantic interpretation required to realize those designs, (3) the tension between generality and specificity, highlighting the divergence between standardized, cross-platform solutions and the increasing necessity for specialized, context-aware interaction patterns in IoT and immersive environments, and (4) balancing stakeholder opinions, which shows that visualization efficacy is constrained by the complex interplay of regulatory mandates, developer capabilities and provider incentives. We conclude by outlining four critical challenges for future research.
Paper Structure (44 sections, 7 figures, 1 table)

This paper contains 44 sections, 7 figures, 1 table.

Figures (7)

  • Figure 1: The scope of our paper, where privacy policy visualization is a sub-field of privacy visualization. Privacy policy visualization is closely interconnected to the understandings of users or developers, automatic generation, large-scale analysis and those work on stakeholders' perspective.
  • Figure 2: The (a) publication numbers per year, and (b) distribution of papers across different venues.
  • Figure 3: The illustration of the change from general solutions to specificity, (a) device contexts lim2022minethakkar2022would, (b) regulations zhang2025privcaptcha, (c) user groups he2025privacysharma2025before. (The pictures were generated using Gemini Nano Banana and edited by the authors.)
  • Figure 4: Illustration of the representative privacy policy visualization for Finding 2: (a) Privacy label kelley2009nutrition for the paradigm of succinct and structured summarization, (b) Comics tabassum2018increasing for the paradigm of enriched visuals and narratives, (c) CPP pan2024new for the paradigm of contextual integration to balance load, (d) Dialogues freiberger2025you for the paradigm of proactive and interactive support. (The pictures were generated using Gemini Nano Banana and edited by the authors.)
  • Figure 5: The co-evolutionary dynamic of design and automation, (a) Tabulars and Machine-readable formats, corresponding to the aspect of structured protocols and succinct forms, (b) Graphs and NLP extracting techniques, corresponding to the aspect of graph-based narratives and automated extraction, (c) CPPs and Automatic analysis, corresponding to the aspect of contextual privacy policy and its generation, (d) Dialogues and LLM-based analysis, corresponding to the aspect of conversational interfaces and LLMs. (The pictures were generated using Gemini Nano Banana and edited by the authors.)
  • ...and 2 more figures