Transparency enhancing tools (TETs): an overview Milena Janic, Jan Pieter Wijbenga TNO Delft, The Netherlands Thijs Veugen TNO Delft University of Technology Delft, The Netherlands Abstract—As the amount of users’ information collected and exchanged on the Internet is growing, so are, consequently, the users’ concerns that their privacy might be violated. Some studies have shown that a large number of users avoid engaging in online services due to privacy concerns. It has been suggested that increased transparency of privacy related mechanisms may promote users’ trust. This paper reviews the relationship between users’ privacy concerns, transparency enhancing and privacy enhancing mechanisms on the one hand, and users’ trust on the other, based on the existing literature. Our literature review demonstrates that previous studies have produced inconsistent results, implying this relationship should be re- examined in future work. Impact of higher transparency on users’ trust has been insufficiently studied. Current research seems to suggest that the increase of the understanding of privacy issues increases importance of privacy for trust. Use of privacy enhancing mechanisms by service provider also seems to promote the trust, but this may only hold when these mechanisms are understood by the user. A need for tools that would provide users with this kind of knowledge has also been repeatedly recognized. Additionally, this paper provides an overview and description of the currently available transparency enhancing tools. To the best of our knowledge, no such overview has been available to this end. We demonstrate that the majority of tools promote awareness. Most of them attempt to provide a better understanding of privacy policies, or provide insight in the third party tracking behavior. Two tools have been identified that provide some insight in the collected user’s data. No tool providing specific information on, or access to, processing logic has been identified. Keywords— privacy, privacy enhancement tools, transparency enhancement tools, trust I. INTRODUCTION With the increased use of the Internet, the amount of users’ information being collected, stored and exchanged is increasing accordingly, and so are the risks related to sharing personal data. Identity theft is the fastest-growing crime in the US today [1]. Consequently, users’ concerns about the protection of their personal information have grown. In order to improve the privacy protection, Privacy Enhancing Technologies (PETs) emerged. According to the definition given in [2], Privacy Enhancing Technology is a system of ICT measures protecting informational privacy by eliminating or minimizing personal data, thereby preventing unnecessary or unwanted processing of personal data, without the loss of the functionality of the information system. Some examples of PETs are interactive anonymity systems (e.g. the onion router [3]), communication privacy systems (e.g. PGP [4]) or counter profiling measures [5], (see [6] for more examples). Often, data protection regulation (e.g. EU Data Protection Directive 95/46/EC in Europe) requires that users are properly informed about the fact that personal information is collected, stored, processed and disclosed, to what purpose, and how exactly, when they use a certain system. User should also be informed about third parties with which information is shared. In To meet this need, the concept of Transparency Enhancing Technologies (TET) was proposed. If we define transparency as insight in how user’s data is being collected, stored, processed and disclosed, TETs can then be viewed as tools providing this insight in an accurate and comprehensible way. In contrast to PETs, these technologies exercise no particular action to enhance users privacy. They rather provide the user with necessary information on how her data is being stored, exchanged, processed and used, and as such, preserve user privacy indirectly, by enabling the user to make an informed choice on the action she finds she needs to take. Some authors use the term privacy awareness tools when referring to tools that increase privacy awareness by informing users on how their personal information is used by the service provider(s) [7]. We believe, based on the description of functional requirements of privacy awareness tools given in [7] that these two terms (transparency enhancing tools and privacy awareness tools) can be used interchangeably. Various studies report that users are reluctant to give out personal information in Internet-based transactions, due to concerns about how their personal data is being handled [8][9]. It has been suggested that higher transparency by organizations on this issue might promote trust of the users and their willingness to use a particular online service. This paper addresses the following questions: (i)(a) What is the relation between user’s privacy concerns and their trust in a particular service, based on the research available to this end? (i)(b) Does the available body of evidence support the assumption that more transparency would lead to more trust? And, if so, which information should be presented to the user to promote her trust? (ii) Which transparency enhancing tools are available at this moment, and do they incorporate such information? The remainder of the paper is organized as follows. Section II presents the literature overview of the relation between privacy concerns, privacy enhancing measures and trust. 2013 Third Workshop on Socio-Technical Aspects in Security and Trust 978-0-7695-5065-7/13 $26.00 © 2013 IEEE DOI 10.1109/STAST.2013.11 18