Acquisti, A.. Nudging privacy: The behavioral economics of personal information. IEEE Security Privacy, 7(6):82–85, 2009.CrossRefGoogle Scholar

Acquisti, A., Brandimarte, L., and Loewenstein, G.. Privacy and human behavior in the age of information. Science, 347(6221):509–514, 2015.Google Scholar

Adjerid, I., Acquisti, A., Brandimarte, L., and Loewenstein, G.. Sleights of privacy: Framing, disclosures, and the limits of transparency. In Proc. SOUPS ’13, article 9, 11 pages. New York: ACM, 2013.Google Scholar

Almuhimedi, H., Schaub, F., Sadeh, N., Adjerid, I., Acquisti, A., Gluck, J., Cranor, L. F., and Agarwal, Y.. Your location has been shared 5,398 times! A field study on mobile app privacy nudging. In Proc. CHI ’15, pages 787–796. New York: ACM, 2015.Google Scholar

Anderson, B., Kirwan, B., Eargle, D., Howard, S., and Vance, A.. How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study. In Proc. CHI ’15, pages 2883–2892. New York: ACM, 2015.Google Scholar

Anderson, B., Vance, A., Kirwan, B., Eargle, D., and Howard, S.. Users aren’t (necessarily) lazy: Using NeuroIS to explain habituation to security warnings. In Proc. ICIS ’14, 2014.Google Scholar

Angulo, J., Fischer-Hübner, S., Pulls, T., and König, U.. HCI for Policy Display and Administration. In Privacy and Identity Management for Life, pages 261–277. Berlin: Springer, 2011.CrossRefGoogle Scholar

Argo, J. J. and Main, K. J.. Meta-analyses of the effectiveness of warning labels. Journal of Public Policy & Marketing, 23(2):193–208, Oct. 2004.Google Scholar

Article 29 Data Protection Working Party. Opinion 10/2004 on More Harmonised Information Provisions. WP 100, Nov. 2004.Google Scholar

Article 29 Data Protection Working Party. Opinion 8/2014 on the Recent Developments on the Internet of Things. WP 223, Sept. 2014.Google Scholar

Autographer. http://www.autographer.com, 2012. Accessed: June 1, 2015.Google Scholar

Balebako, R., Jung, J., Lu, W., Cranor, L. F., and Nguyen, C.. “Little brothers watching you”: Raising awareness of data leaks on smartphones. In Proc. SOUPS ’13, Article 12, 11 pages. New York: ACM, 2013.Google Scholar

Balebako, R., Schaub, F., Adjerid, I., Acquisti, A., and Cranor, L.. The impact of timing on the salience of smartphone app privacy notices. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM ’15, pages 63–74, New York: ACM. 2015.Google Scholar

Balebako, R., Shay, R., and Cranor, L. F.. Is your inseam a biometric? A case study on the role of usability studies in developing public policy. In Proc. USEC ’14, 2014.CrossRefGoogle Scholar

Barkhuus, L.. The mismeasurement of privacy: Using contextual integrity to reconsider privacy in HCI. In Proc. CHI ’12, pages 367–376, New York: ACM, 2012.Google Scholar

Bauer, L., Bravo-Lillo, C., Cranor, L. F., and Fragkaki, E.. Warning design guidelines. Tech. report CMU-CyLab-13–002, CyLab, Carnegie Mellon University, 2013.Google Scholar

Besmer, A., Watson, J., and Lipford, H. R.. The impact of social navigation on privacy policy configuration. In Proc. SOUPS ’10, article 7, 10 pages, New York: ACM, 2010.Google Scholar

Böhme, R. and Grossklags, J.. The security cost of cheap user interaction. In Proc. Workshop on New Security Paradigms, pages 67–82, New York: ACM, 2011.Google Scholar

Böhme, R. and Köpsell, S.. Trained to accept? A field experiment on consent dialogs. In Proc. CHI ’10, pages 2403–2406, New York: ACM, 2010.Google Scholar

Brandimarte, L., Acquisti, A., and Loewenstein, G.. Misplaced confidences: Privacy and the control paradox. Social Psychological and Personality Science, 4(3):340–347, 2013.Google Scholar

Bravo-Lillo, C., Cranor, L. F., Komanduri, S., Schechter, S., and Sleeper, M.. Harder to ignore? Revisiting pop-up fatigue and approaches to prevent it. In Proc. SOUPS ’14, pages 105–111, Berkeley: USENIX Association, 2014.Google Scholar

Bravo-Lillo, C., Komanduri, S., Cranor, L. F., Reeder, R. W., Sleeper, M., Downs, J., and Schechter, S.. Your attention please: Designing security-decision UIs to make genuine risks harder to ignore. In Proc. SOUPS ’13, article 6, 12 pages, New York: ACM, 2013.Google Scholar

Calo, R.. Against notice skepticism in privacy (and elsewhere). Notre Dame Law Review, 87(3):1027–1072, 2012.Google Scholar

Cannon, J.. Privacy in Technology. IAPP, 2014.Google Scholar

Cate, F.. The limits of notice and choice. IEEE Security Privacy, 8(2):59–62, Mar. 2010.CrossRefGoogle Scholar

Center for Information Policy Leadership. Ten steps to develop a multilayered privacy notice. White paper, Mar. 2007.Google Scholar

Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). http://www.cms.hhs.gov/hipaa/, 1996.Google Scholar

Chen, Y., Zahedi, F. M., and Abbasi, A.. Interface design elements for anti-phishing systems. In Service-Oriented Perspectives in Design Science Research, pages 253–265. Berlin: Springer, 2011.Google Scholar

Choe, E., Jung, J., Lee, B., and Fisher, K.. Nudging people away from privacy-invasive mobile apps through visual framing. In Proc. INTERACT ’13, pages 74–91, Berlin: Springer, 2013.Google Scholar

CMU CyLab. Workshop on the future of privacy notice and choice. https://www.cylab.cmu.edu/news events/events/fopnac/, June 27, 2015.Google Scholar

Cranor, L.. Giving notice: Why privacy policies and security breach notifications aren’t enough. IEEE Communications Magazine, 43(8):18–19, Aug. 2005.Google Scholar

Cranor, L. F.. A framework for reasoning about the human in the loop. In Proc. UPSEC ’08, article 1, 15 pages, Berkeley: USENIX Assoc., 2008.Google Scholar

Cranor, L. F.. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10(2):273–308, 2012.Google Scholar

Cranor, L. F., Guduru, P., and Arjula, M.. User interfaces for privacy agents. ACM TOCHI, 13(2):135–178, 2006.CrossRefGoogle Scholar

Cranor, L. F., Idouchi, K., Leon, P. G., Sleeper, M., and Ur, B.. A large-scale evaluation of U.S. financial institutions’ standardized privacy notices. ACM Trans. Web 10, 3, Article 17 (August 2016), 33 pages.Google Scholar

Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le M´etayer, D., Tirtea, R., and Schiffner, S.. Privacy and data protection by design: From policy to engineering. Report, ENISA, Dec. 2014.Google Scholar

Deng, M., Wuyts, K., Scandariato, R., Preneel, B., and Joosen, W.. A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16(1):3–32, Nov. 2010.Google Scholar

Disconnect.me. Privacy policies are too complicated: We’ve simplified them. https://disconnect.me/icons, Dec. 2014. Accessed: June 1, 2015.Google Scholar

Egelman, S., Tsai, J., Cranor, L. F., and Acquisti, A.. Timing is everything?: The effects of timing and placement of online privacy indicators. In Proc. CHI ’09, pages 319–328, New York: ACM, 2009.Google Scholar

European Parliament and Council. Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities (L 281):31–50, 1995.Google Scholar

European Parliament and Council. Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities (L 201), pages 37–47, 2002.Google Scholar

European Parliament and Council. Directive 2009/136/EC. Official Journal of the European Communities, (L 337), pages 11–36, 2009.Google Scholar

Facebook. Data policy. https://www.facebook.com/privacy/explanation, 2015. Accessed: June 1, 2015.Google Scholar

Federal Trade Commission. Privacy online: A report to Congress. FTC report, 1998.Google Scholar

Federal Trade Commission. Protecting consumer privacy in an era of rapid change. FTC report, 2012.Google Scholar

Federal Trade Commission. Mobile privacy disclosures: Building trust through transparency. FTC staff report, Feb. 2013.Google Scholar

Federal Trade Commission. Internet of Things: Privacy & security in a connected world. FTC staff report, Jan. 2015.Google Scholar

Felt, A., Egelman, S., Finifter, M., Akhawe, D., and Wagner, D.. How to ask for permission. In Proc. HOTSEC ’12, Berkeley: USENIX, 2012.Google Scholar

Fischer-Hübner, S., Pettersson, J. S., Bergmann, M., Hansen, M., Pearson, S., and Mont, M. C.. HCI designs for privacy-enhancing identity management. In Digital Privacy: Theory, Technologies, and Practices, pages 229–252. Boca Raton: Auerbach Pub., 2007.Google Scholar

Fu, H., Yang, Y., Shingte, N., Lindqvist, J., and Gruteser, M.. A field study of run-time location access disclosures on android smartphones. In Proc. USEC ’14, Reston: Internet Society, 2014.Google Scholar

Garrison, L., Hastak, M., Hogarth, J. M., Kleimann, S., and Levy, A. S.. Designing evidence-based disclosures: A case study of financial privacy notices. Journal of Consumer Affairs, 46(2):204–234, June 2012.Google Scholar

Gates, C., Li, N., Peng, H., Sarma, B., Qi, Y., Potharaju, R., Nita-Rotaru, C., and Molloy, I.. Generating summary risk scores for mobile applications. IEEE Transactions on Dependable and Secure Computing, 11(3):238–251, May 2014.Google Scholar

Ghostery. https://www.ghostery.com. accessed: June 1, 2015.Google Scholar

Gomez, J., Pinnick, T., and Soltani, A.. Know privacy. Final report, University of California, Berkeley, School of Information, 2009.Google Scholar

Good, N. S., Grossklags, J., Mulligan, D. K., and Konstan, J. A.. Noticing notice: A large-scale experiment on the timing of software license agreements. In Proc. CHI ’07, pages 607–616, New York: ACM, 2007.Google Scholar

Greenleaf, G.. Sheherezade and the 101 data privacy laws: Origins, significance and global trajectories. Journal of Law, Information and Science, 23(1):4–49, 2014.Google Scholar

Harbach, M., Fahl, S., Yakovleva, P., and Smith, M.. Sorry, I don’t get it: An analysis of warning message texts. In Proc. USEC ’13, pages 94–111. Berlin: Springer, 2013.Google Scholar

Harbach, M., Hettig, M., Weber, S., and Smith, M.. Using personal examples to improve risk communication for security & privacy decisions. In Proc. CHI ’14, pages 2647-2656, New York: ACM, 2014.Google Scholar

Harrison, C., Horstman, J., Hsieh, G., and Hudson, S.. Unlocking the expressivity of point lights. In Proc. CHI ’12, pages 1683–1692, New York: ACM, 2012.Google Scholar

Holtz, L. E., Zwingelberg, H., and Hansen, M.. Privacy policy icons. In Privacy and Identity Management for Life, 279–285. Berlin: Springer, 2011.Google Scholar

Iachello, G., Truong, K. N., Abowd, G. D., Hayes, G. R., and Stevens, M.. Prototyping and sampling experience to evaluate ubiquitous computing privacy in the real world. In Proc. CHI ’06, pages 1009–1018, New York: ACM, 2006.Google Scholar

Inglesant, P. G. and Sasse, M. A.. The true cost of unusable password policies: Password use in the wild. In Proc. CHI ’10, pages 383–392, New York: ACM, 2010.Google Scholar

Jensen, C. and Potts, C.. Privacy policies as decision-making tools: An evaluation of online privacy notices. In Proc. CHI ’04, pages 471–478, New York: ACM, 2004.Google Scholar

Keith, M. J., Maynes, C., Lowry, P. B., and Babb, J.. Privacy fatigue: The effect of privacy control complexity on consumer electronic information disclosure. In Proc. ICIS ’14. 2014.Google Scholar

Kelley, P. G., Cesca, L., Bresee, J., and Cranor, L. F.. Standardizing privacy notices: An online study of the nutrition label approach. In Proc. CHI ’10. New York: ACM, 2010.Google Scholar

Kelley, P. G., Cranor, L. F., and Sadeh, N.. Privacy as part of the app decision-making process. In Proc. CHI ’13, pages 3393–3402, New York: ACM, 2013.Google Scholar

Kobsa, A. and Teltzrow, M.. Contextualized communication of privacy practices and personalization benefits: Impacts on users’ data sharing and purchase behavior. In Proc. PETS ’05, pages 329–343, Berlin: Springer, 2005.Google Scholar

Könings, B., Schaub, F., and Weber, M.. PriFi beacons: Piggybacking privacy implications on wifi beacons. In Ubicomp ’13 Adjunct Proceedings, pages 83–86, New York: ACM, 2013.Google Scholar

Könings, B., Thoma, S., Schaub, F., and Weber, M.. Pripref broadcaster: Enabling users to broadcast privacy preferences in their physical proximity. In Proc. MUM ’14, pages 133–142, New York: ACM, 2014.Google Scholar

Kortum, P.. HCI beyond the GUI: Design for haptic, speech, olfactory, and other nontraditional interfaces. Burlington: Morgan Kaufmann, 2008.Google Scholar

Landau, S.. Control use of data to protect privacy. Science, 347(6221):504–506, Jan. 2015.Google Scholar

Langheinrich, M.. Privacy by Design – principles of privacy-aware ubiquitous systems. In Proc. UbiComp ’01. Berlin: Springer, 2001.Google Scholar

Langheinrich, M.. A privacy awareness system for ubiquitous computing environments. In Proc. UbiComp ’02. Berlin: Springer, 2002.Google Scholar

Lazer-Walker, M.. Core location in iOS 8. http://nshipster.com/core-location-in-ios-8/, 2014. accessed: June 1, 2015.Google Scholar

Leon, P., Ur, B., Shay, R., Wang, Y., Balebako, R., and Cranor, L.. Why Johnny can’t opt out: A usability evaluation of tools to limit online behavioral advertising. In Proc. CHI ’12, pages 589–598, New York: ACM, 2012.Google Scholar

Leon, P. G., Cranshaw, J., Cranor, L. F., Graves, J., Hastak, M., Ur, B., and Xu, G.. What do online behavioral advertising privacy disclosures communicate to users? In Proc. WPES ’12, pages 19–30, New York: ACM, 2012.Google Scholar

Liccardi, I., Pato, J., Weitzner, D. J., Abelson, H., and De Roure, D.. No technical understanding required: Helping users make informed choices about access to their personal data. In Proc. MOBIQUITOUS ’14, pages 140–150, ICST, 2014.Google Scholar

Lin, J., Amini, S., Hong, J. I., Sadeh, N., Lindqvist, J., and Zhang, J.. Expectation and purpose: Understanding users’ mental models of mobile app privacy through crowdsourcing. In Proc. UbiComp ’12, pages 501–510, New York: ACM, 2012.Google Scholar

Maganis, G., Jung, J., Kohno, T., Sheth, A., and Wetherall, D.. Sensor tricorder: What does that sensor know about me? In Proc. HotMobile ’11, pages 98–103, New York: ACM, 2011.Google Scholar

Marx, G.. Murky conceptual waters: The public and the private. Ethics and Information technology, 3(3):57–169, 2001.Google Scholar

McDonald, A. M. and Cranor, L. F.. The cost of reading privacy policies. I/S: A Journal of Law and Policy for the Information Society, 4(3):540–565, 2008.Google Scholar

Mcdonald, A. M., Reeder, R. W., Kelley, P. G., and Cranor, L. F.. A comparative study of online privacy policies and formats. In Proc. PETS ’09, pages 37–55. Berlin: Springer, 2009.Google Scholar

Microsoft. Privacy Guidelines for Developing Software Products and Services. Technical Report version 3.1, 2008.Google Scholar

Microsoft. Microsoft.com privacy statement. https://www.microsoft.com/privacystatement/en-us/core/default.aspx, 2014. Accessed: June 1, 2015.Google Scholar

Milne, G. R., Culnan, M. J., and Greene, H.. A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing, 25(2):238–249, 2006.CrossRefGoogle Scholar

Mylonas, A., Theoharidou, M., and Gritzalis, D.. Assessing privacy risks in android: A user-centric approach. In Workshop on Risk Assessment and Risk-Driven Testing, pages 31–37, Berlin: Springer, 2014.Google Scholar

Nielsen, J. and Molich, R.. Heuristic evaluation of user interfaces. In Proc. CHI ’90, pages 249–256, New York: ACM, 1990.Google Scholar

Nielsen, L.. Personas. In The Encyclopedia of Human-Computer Interaction. The Interaction Design Foundation, 2nd ed., 2014. https://www.interaction-design.org/encyclopedia/personas.html.Google Scholar

Nissenbaum, H.. A contextual approach to privacy online. Daedalus, 140(4):32–48, 2011.Google Scholar

NTIA. Short form notice code of conduct to promote transparency in mobile app practices. Redline draft, July 2013. http://www.ntia.doc.gov/files/ntia/publications/july 25 code draft.pdf.Google Scholar

NTIA. Privacy multistakeholder process: Facial recognition technology, 2014. http://www.ntia.doc.gov/other-publication/2014/privacy-multistakeholder-process-facial-recognition-technology. Accessed: June 1, 2015.Google Scholar

OECD. Making privacy notices simple: digital economy papers 120, July 2006. http://www.oecd-ilibrary.org/science-and-technology/making-privacy-notices-simple 231428216052.Google Scholar

OECD. The OECD privacy framework. Report, 2013. http://www.oecd.org/sti/ieconomy/oecd privacy framework.pdf.Google Scholar

Official California legislative information. The Online Privacy Protection Act of 2003, 2003.Google Scholar

Palen, L. and Dourish, P.. Unpacking “privacy” for a networked world. In Proc. CHI ’03. New York: ACM, 2003.Google Scholar

Patil, S., Hoyle, R., Schlegel, R., Kapadia, A., and Lee, A. J.. Interrupt now or inform later? Comparing immediate and delayed privacy feedback. In Proc. CHI ’15, pages 1415–1418, New York: ACM, 2015.Google Scholar

Patil, S., Page, X., and Kobsa, A.. With a little help from my friends: Can social navigation inform interpersonal privacy preferences? In Proc. CSCW ’11, pages 391–394, New York: ACM, 2011.Google Scholar

Patil, S., Schlegel, R., Kapadia, A., and Lee, A. J.. Reflection or action? How feedback and control affect location sharing decisions. In Proc. CHI ’14, pages 101–110, New York: ACM, 2014.Google Scholar

Patrick, A. and Kenny, S.. From privacy legislation to interface design: Implementing information privacy in human-computer interactions. In Proc. PET ’03, pages 107–124, Berlin: Springer, 2003.Google Scholar

Peffers, K., Tuunanen, T., Rothenberger, M. A., and Chatterjee, S.. A design science research methodology for information systems research. Journal of Management Information Systems, 24(3):45–77, 2007.Google Scholar

Peppet, S. R.. Regulating the Internet of Things: First steps toward managing discrimination, privacy, security, and consent. Texas Law Review, 93(85):85–176, 2014.Google Scholar

Pinnick, T.. Privacy short notice design. TRUSTe blog, Feb. 2011. http://www.truste.com/blog/2011/02/17/privacy-short-notice-design/. Accessed: June 1, 2015.Google Scholar

Portnoff, R. S., Lee, L. N., Egelman, S., Mishra, P., Leung, D., and Wagner, D.. Somebody’s watching me? Assessing the effectiveness of webcam indicator lights. In Proc. CHI ’15, pages 1649–1658, New York: ACM, 2015.Google Scholar

President’s Concil of Advisors on Science and Technology. Big data and privacy: A technological perspective. Report to the President, Executive Office of the President, May 2014.Google Scholar

Ramirez, E.. Privacy and the IoT: Navigating policy issues. CES Opening Remarks, 2015. FTC public statement.Google Scholar

Raskin, A.. Privacy icons: Alpha release. http://www.azarask.in/blog/post/privacy-icons/. Accessed: June 1, 2015.Google Scholar

Raval, N., Srivastava, A., Lebeck, K., Cox, L., and Machanavajjhala, A.. Markit: Privacy markers for protecting visual secrets. In UbiComp ’14 Adjunct Proceedings, pages 1289–1295, New York: ACM, 2014.Google Scholar

Reidenberg, J. and Cranor, L. F.. Can user agents accurately represent privacy policies? Available at SSRN: http://papers.ssrn.com/abstract=328860, 2002.Google Scholar

Reidenberg, J. R., Breaux, T., Cranor, L. F., French, B., Grannis, A., Graves, J. T., Liu, F., McDonald, A. M., Norton, T. B., Ramanath, R., Russell, N. C., Sadeh, N., and Schaub, F.. Disagreeable privacy policies: Mismatches between meaning and users’ understanding. Berkeley Technology Law Journal, 30(1):39–88, 2015.Google Scholar

Richthammer, C., Netter, M., Riesner, M., Sänger, J., and Pernul, G.. Taxonomy of social network data types. EURASIP Journal on Information Security, 11, 2014.Google Scholar

Schaub, F., Könings, B., and Weber, M.. Context-adaptive privacy: Leveraging context awareness to support privacy decision making. IEEE Pervasive Computing, 14(1):34–43, 2015.Google Scholar

Schlegel, R., Kapadia, A., and Lee, A. J.. Eyeing your exposure: Quantifying and controlling information sharing for improved privacy. In Proc. SOUPS ’11, article 14, New York: ACM, 2011.Google Scholar

Schwartz, B.. The Paradox of Choice: Why More Is Less. HarperCollins Publishers, 2004.Google Scholar

Schwartz, P. M. and Solove, D.. Notice and choice. In The Second NPLAN/BMSG Meeting on Digital Media and Marketing to Children, 2009.Google Scholar

Sellen, A. J. and Whittaker, S.. Beyond total capture: A constructive critique of lifelogging. Commun. ACM, 53(5):70–77, May 2010.Google Scholar

Shneiderman, B.. The eyes have it: A task by data type taxonomy for information visualizations. In Proc. Symp. on Visual Languages, pages 336–343, New York: IEEE, 1996.Google Scholar

Singh, R. I., Sumeeth, M., and Miller, J.. Evaluating the readability of privacy policies in mobile environments. International Journal of Mobile Human Computer Interaction, 3(1):55–78, 2011.CrossRefGoogle Scholar

SOUPS 2014 organizing committee. Tenth symposium on usable privacy and security. http://cups.cs.cmu.edu/soups/2014/, July 9–11, 2014.Google Scholar

Tan, J., Nguyen, K., Theodorides, M., Negr´on-Arroyo, H., Thompson, C., Egelman, S., and Wagner, D.. The effect of developer-specified explanations for permission requests on smartphone user behavior. In Proc. CHI ’14, pages 91–100, New York: ACM, 2014.Google Scholar

The White House. Consumer data privacy in a networked world. Technical report, Feb. 2012. http://www.whitehouse.gov/sites/default/files/privacy-final.pdf.Google Scholar

Turow, J., Hennessy, M., and Draper, N.. The tradeoff fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation. Technical report, Annenberg School for Communication, University of Pennsylvania, Philadelphia, PA, June 2015.Google Scholar

Ur, B., Jung, J., and Schechter, S.. Intruders versus intrusiveness: Teens’ and parents’ perspectives on home-entryway surveillance. In Proc. UbiComp ’14, pages 129–139, New York: ACM, 2014.Google Scholar

Ur, B., Sleeper, M., and Cranor, L. F.. {Privacy, Privacidad, Приватност} Policies in Social Media: Providing Translated Privacy Notice. I/S: A Journal of Law and Policy for the Information Society, 9(2), pages 201–243, 2013.Google Scholar

U.S. Department of Health & Human Services. Notice of privacy practices for protected health information, April 2003, https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/privacy-practices-for-protected-health-information/index.html.Google Scholar

von Alan, R. H., March, S. T., Park, J., and Ram, S.. Design science in information systems research. MIS quarterly, 28(1):75–105, 2004.Google Scholar

W3C. Tracking protection working group. http://www.w3.org/2011/tracking-protection/. Accessed: June 1, 2015.Google Scholar

W3C. Web accessibility and usability working together. http://www.w3.org/WAI/intro/usable. Accessed: June 1, 2015.Google Scholar

Wang, Y., Leon, P. G., Acquisti, A., Cranor, L. F., Forget, A., and Sadeh, N.. A field trial of privacy nudges on facebook. In Proc. CHI ’14, pages 2367–2376, New York: ACM, 2014.Google Scholar

Weber, S., Harbach, M., and Smith, M.. Participatory design for security-related user interfaces. In Proc. USEC ’15, 2015.Google Scholar

Wenning, R., Schunter, M., Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J., and Stampley, D. A.. The platform for privacy preferences 1.1 (P3P 1.1) specification. http://www.w3.org/TR/P3P11/, 2006.Google Scholar

Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., and Beznosov, K.. Android permissions remystified: A field study on contextual integrity. In Proc. USENIX Security, 2015.Google Scholar

Wijesekera, P., Baokar, A., Tsai, L., Reardon, J., Egelman, S., Wagner, D., and Beznosov, K.. The feasibility of dynamically granted permissions: Aligning mobile privacy with user preferences. In Proc. of the 2017 IEEE Symposium on Security and Privacy (Oakland ’17), 2017.Google Scholar

Wogalter, M. S., Conzola, V. C., and Smith-Jackson, T. L.. Research-based guidelines for warning design and evaluation. Applied Ergonomics, 33(3):219–230, 2002.Google Scholar

Wogalter, M. S., Racicot, B. M., Kalsher, M. J., and Noel Simpson, S.. Personalization of warning signs: The role of perceived relevance on behavioral compliance. International Journal of Industrial Ergonomics, 14(3):233–242, Oct. 1994.Google Scholar

Wright, D.. Should privacy impact assessments be mandatory? Communications of the ACM, 54(8):121–131, Aug. 2011.Google Scholar

Wright, D.. Making privacy impact assessment more effective. The Information Society, 29(5):307–315, Oct. 2013.Google Scholar

Wright, D., Wadhwa, K., Hert, P. D., Kloza, D., and Justice, D. G.. A Privacy Impact Assessment Framework for data protection and privacy rights. Deliverable September, PIAF project, 2011.Google Scholar

Xbox.com. Kinect and Xbox One privacy FAQ. http://www.xbox.com/en-US/kinect/privacyandonlinesafety.Google Scholar

Xu, H., Crossler, R. E., and B´elanger, F.. A value sensitive design investigation of privacy enhancing tools in web browsers. Decision Support Systems, 54(1):424–433, 2012.Google Scholar

Awad, Naveen F. and Krishan, M. S. Krishan. 2006. The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to Be Profiled Online for Personalization. MIS Quarterly, 30(1): 13–28.Google Scholar

Balebako, Rebecca, Jung, Jaeyeon, Lu, Wei, Cranor, Lorrie Faith, and Nguyen, Carolyn. 2013. “Little Brother’s Watching You”: Raising Awareness of Data Leaks on Smartphones. In Symposium on Usable Privacy and Security (SOUPS). Newcastle. https://cups.cs.cmu.edu/soups/2013/proceedings/a12_Balebako.pdf.Google Scholar

Balebako, Rebecca, Shay, Richard, and Cranor, Lorrie Faith. 2014. Is Your Inseam a Biometric? A Case Study on the Role of Usability Studies in Developing Public Policy. Workshop on Usable Security (USEC 2014), San Diego. http://lorrie.cranor.org/pubs/usec14-inseam.pdfGoogle Scholar

Bambauer, Jane R., Loe, Jonathan, and Winkelman, D. Alex. 2017. A Bad Education. University of Illinois Law Review, 2017(1): 109–166.Google Scholar

Ben-Shahar, Omri and Schneider, Carl. 2011. The Failure of Mandated Discourse. University of Pennsylvania Law Review, 159(3): 647–749.Google Scholar

Calo, Ryan. 2012. Against Notice Skepticism in Privacy (and Elsewhere). Notre Dame Law Review, 87(3): 1027–1072.Google Scholar

Calo, Ryan. 2013. Consumer Subject Review Boards: A Thought Experiment. In Big Data & Privacy: Making Ends Meet Digest. Washington: Future of Privacy Forum. http://www.futureofprivacy.org/big-data-privacy-workshop-paper.Google Scholar

Cate, Fred H. 2006. The Failure of Fair Information Practice Principles. In Winn, Jane K. (ed.), Consumer Protection in the Age of the Information Economy: 360–363. Burlington: Ashgate.Google Scholar

Cate, Fred H. and Mayer-Schoenberger, Viktor. 2012. Notice and Consent in a World of Big Data, Microsoft Global Privacy Summary Report and Outcomes. http://www.techpolicy.com/NoticeConsent-inWorldBigData.aspx.Google Scholar

Cavoukian, Ann. 2011. Privacy by Design: The Seven Foundational Principles. Information and Privacy Commissioner of Ontario, Canada. https://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf.Google Scholar

Centre for Information Policy Leadership. 2006. Ten Steps to Develop a Multilayered Privacy Notice. https://www.huntonprivacyblog.com/wp-content/files/2012/07/Centre-10-Steps-to-Multilayered-Privacy-Notice.pdf.Google Scholar

Citron, Danielle Keats and Pasquale, Frank A. 2014. The Scored Society: Due Process for Automated Protections. Washington Law Review, 89(1): 2–33.Google Scholar

Cranor, Lorrie Faith. 2002. Web Privacy with P3P. Sebastapol: O’Reilly & Associates.Google Scholar

Cranor, Lorrie Faith, Idouchi, Kelly, Leon, Pedro Giovanni, Sleeper, Manya, and Ur, Blase. 2013. Are They Actually Any Different? Comparing Thousands of Financial Institutions’ Privacy Policies. In Twelfth Workshop on the Economics of Information Security (WEIS), Washington, DC. http://weis2013.econinfosec.org/papers/CranorWEIS2013.pdf.Google Scholar

Crawford, Kate and Schultz, Jason. 2014. Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms. Boston College Law Review, 55(1): 93–127. http://bclawreview.org/files/2014/01/03_crawford_schultz.pdf.Google Scholar

Culnan, Mary J. and Bies, Robert J. 2003. Consumer Privacy: Balancing Economic and Justice Considerations. Journal of Social Issues, 59(2): 323–342.Google Scholar

Culnan, Mary J. and Williams, Cynthia Clark. 2009. How Ethics Can Enhance Organizational Privacy: Lessons from the ChoicePoint and TJX Data Breaches. MIS Quarterly, 33(4): 673–687.Google Scholar

Duhigg, Charles. 2012. How Companies Learn Your Secrets. New York Times Magazine, February 16. http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=0Google Scholar

4A’s. 2012. DAA Announces “Your AdChoices” Consumer Education Campaign. Press Release, Jan. 20. http://www.aaaa.org/news/press/Pages/012012_daa_adchoices.aspx.Google Scholar

Fung, Archon, Graham, Mary, and Weil, David. 2007. Full Disclosure: The Perils and Promise of Transparency. New York: Cambridge University Press.Google Scholar

Gellman, Robert. 2016. Fair Information Practices: A Basic History. Version 2.16. http://bobgellman.com/rg-docs/rg-FIPShistory.pdf.Google Scholar

Hadden, Susan G. 1986. Read the Label: Reducing Risk by Providing Information. Boulder: Westview Press.Google Scholar

Hoofnagle, Chris Jay. 2016. Federal Trade Commission: Privacy Law and Policy. New York: Cambridge University Press.Google Scholar

Jensen, Carlos and Potts, Colin. 2004. Privacy Policies as Decision-Making Tools: An Evaluation of Online Privacy Notices. In CHI 04 Proceedings: 471–478, Vienna.Google Scholar

Kaye, Kate. 2014. Study: Consumers Don’t Know What AdChoices Privacy Icon Is. Advertising Age: January 29. http://adage.com/article/privacy-and-regulation/study-consumers-adchoices-privacy-icon/291374/.Google Scholar

Kelley, Patrick Gage, Cesca, Lucian, Bresee, Joanna, and Cranor, Lorrie Faith. 2010. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach, Carnegie Mellon CyLab Report CMU-CyLab-09–014. https://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab09014.pdf.Google Scholar

Komanduri, Saranga, Shay, Richard, Norcie, Greg, Ur, Blase, and Cranor, Lorrie Faith. 2011. AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements. Carnegie Mellon CyLab Report 11–005. https://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11005.pdf.Google Scholar

Laughery, Kenneth R. and Hammond, Amy. 1999. Overview. In Wogalter, Michael S., DeJoy, David M., and Laughery, Kenneth R. (eds.). Warnings and Risk Communication: 1–11. Philadelphia: Taylor & Frances Inc.Google Scholar

Levy, Alan S. and Hastak, Manoj. 2008. Consumer Comprehension of Financial Privacy Notices. http://www.ftc.gov/privacy/privacyinitiatives/Levy-Hastak-Report.pdf.Google Scholar

Martin, Kirsten. 2015. Privacy Notices as Tabula Rasa: An Empirical Investigation into How Complying with a Privacy Notice Is Related to Meeting Privacy Expectations Online. Journal of Public Policy and Marketing, 34(2): 210–227.Google Scholar

McDonald, Alecia M. and Cranor, Lorrie Faith. 2008. The Cost of Reading Privacy Policies. I/S, A Journal of Law and Policy for the Information Society, 4(3):540–565.Google Scholar

McDonald, Alecia M., Reeder, Robert W., Kelley, Patrick Gage, and Cranor, Lorrie Faith. 2009. A Comparative Study of Online Privacy Policies and Formats. In Goldberg, Ian and Atallah, Mikhail J. (eds.). Privacy Enhancing Technologies: 9th International Symposium PETS 2009: 37–55, Seattle.Google Scholar

Milne, George R. and Culnan, Mary J. 2004. Strategies of Reducing Online Privacy Risks: Why Consumers Read (or Don’t Read) Online Privacy Notices. Journal of Interactive Marketing, 18(3): 15–29.Google Scholar

Milne, George R., Culnan, Mary J., and Greene, Henry. 2006. A Longitudinal Assessment of Online Privacy Notice Readability. Journal of Public Policy and Marketing, 25(2): 238–249.Google Scholar

National Cyber Security Alliance. 2015. Results of Consumer Data Privacy Survey Reveal Critical Need for All Digital Citizens to Participate in Data Privacy Day. https://staysafeonline.org/about-us/news/results-of-consumer-data-privacy-survey-reveal-critical-need-for-all-digital-citizens-to-participate-in-data-privacy-day.Google Scholar

Nissenbaum, Helen. 2010. Privacy in Context. Palo Alto: Stanford Law Books.Google Scholar

Nissenbaum, Helen. 2011. A Contextual Approach to Privacy Online. Daedalus, 140(4): 32–48.Google Scholar

Organization for Economic Co-operation and Development (OECD). 1980. Guidelines Governing the Protection of Privacy and Transborder Data Flow of Personal Data. http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.Google Scholar

Reidenberg, Joel R., Russell, N. Cameron, Callen, Alexander J., Qasir, Sophia, and Norton, Thomas B. 2014. Privacy Harms and the Effectiveness of the Notice and Choice Framework. TPRC, 42nd Research Conference on Communication, Information, and Internet Policy. http://papers.ssrn.com/sol3/Papers.cfm?abstract_id=2418247.Google Scholar

Richards, Neil M. and Hartzog, Woodrow. 2016. Taking Trust Seriously in Privacy Law. Stanford Technology Law Review. 19(3): 431–472.Google Scholar

Schaub, Florian, Balebako, Rebecca, Durity, Adam L., and Cranor, Lorrie Faith. 2015. A Design Space for Effective Privacy Notices. In Symposium on Usable Privacy and Security (SOUPS). Ottawa, Canada. http://ra.adm.cs.cmu.edu/anon/isr2015/CMU-ISR-15–105.pdf.Google Scholar

Schnackenberg, A. K. and Tomlinson, E. C. 2016. Organizational Transparency: A New Perspective on Managing Trust in Organization–Stakeholder Relationships. Journal of Management. 42(7): 1784–1810.Google Scholar

Smith, Aron. 2014. Half of Online Americans Don’t Know What a Privacy Policy Is. Fact Tank. Pew Research Center. December 4. http://www.pewresearch.org/fact-tank/2014/12/04/half-of-americans-dont-know-what-a-privacy-policy-is/.Google Scholar

Smith, H. Jeff. 1993. Privacy Policies and Practices: Inside the Organizational Maze. Communications of the ACM, 36(12): 105–22.Google Scholar

Solove, Daniel J. and Hartzog, Woodrow. 2014. The FTC and the New Common Law of Privacy. Columbia Law Review, 114(3): 583–676.Google Scholar

Soltani, Ashkan. 2015. Privacy Trade-offs in Retail Tracking. Federal Trade Commission, Apr. 30. https://www.ftc.gov/news-events/blogs/techftc/2015/04/privacy-trade-offs-retail-tracking.Google Scholar

Tsai, Janice Y, Egelman, Serge, Cranor, Lorrie Faith, and Acquisiti, Alessandro. 2011. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research, 22(2): 254–68.Google Scholar

Turow, Joseph, Hennessy, Michael, and Draper, Nora. 2015. The Tradeoff Fallacy. Philadelphia: Annenberg School of Communication, University of Pennsylvania. https://www.asc.upenn.edu/sites/default/files/TradeoffFallacy_1.pdf.Google Scholar

U.S. Department of Commerce. 1995. Privacy and the NII: Safeguarding Telecommunications-Related Personal Information. https://www.ntia.doc.gov/legacy/ntiahome/privwhitepaper.html.Google Scholar

U.S. Department of Commerce. 1997. Privacy and Self Regulation in the Information Age. http://www.ntia.doc.gov/report/1997/privacy-and-self-regulation-information-age.Google Scholar

U.S. Department of Commerce, National Telecommunications & Information Administration. 2013. Short Form Notice Code of Conduct to Promote Transparency in Mobile App Practices. https://www.ntia.doc.gov/files/ntia/publications/july_25_code_draft.pdf.Google Scholar

U.S. Department of Health Education and Welfare. 1973. Records, Computers and the Rights of Citizens: Report of the Secretary’s Advisory Committee on Automated Personal Data Systems. http://epic.org/privacy/hew1973report/default.html.Google Scholar

U.S. Federal Trade Commission. 1996. Staff Report: Public Workshop on Consumer Privacy on the Global Information Infrastructure. http://www.ftc.gov/reports/staff-report-public-workshop-consumer-privacy-global-information-infrastructure.Google Scholar

U.S. Federal Trade Commission. 1998. Privacy Online: Report to Congress. https://www.ftc.gov/sites/default/files/documents/reports/privacy-online-report-congress/priv-23a.pdf.Google Scholar

U.S. Federal Trade Commission. 1999. Self-Regulation and Privacy Online: FTC Report to Congress. https://www.ftc.gov/news-events/press-releases/1999/07/self-regulation-and-privacy-online-ftc-report-congress.Google Scholar

U.S. Federal Trade Commission. 2000. Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress. https://www.ftc.gov/sites/default/files/documents/reports/privacy-online-fair-information-practices-electronic-marketplace-federal-trade-commission-report/privacy2000text.pdf.Google Scholar

U.S. Federal Trade Commission. 2009a. Final Model Privacy Form Under the Gramm-Leach-Bliley-Act, Final Rule. 16 CFR Part 313. https://www.ftc.gov/sites/default/files/documents/federal_register_notices/final-model-privacy-form-under-gramm-leach-bliley-act-16-cfr-part-313/091201gramm-leach.pdf.Google Scholar

U.S. Federal Trade Commission. 2009b. Self-Regulatory Principles for Online Behavioral Advertising. https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-staff-report-self-regulatory-principles-online-behavioral-advertising/p085400behavadreport.pdf.Google Scholar

U.S. Federal Trade Commission. 2012. Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers. https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf.Google Scholar

U.S. Federal Trade Commission. 2015. Internet of Things: Privacy & Security in a Connected World. https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.Google Scholar

U.S. National Information Infrastructure Task Force. 1995. Privacy and the National Information Infrastructure: Options for Providing and Using Personal Information. https://aspe.hhs.gov/report/options-promoting-privacy-national-information-infrastructure).Google Scholar

U.S. Privacy Protection Study Commission. 1977. Personal Privacy in an Information Society: The Report of the Privacy Protection Study Commission. Washington. https://www.epic.org/privacy/ppsc1977report/Google Scholar

Westin, Alan F. 1967. Privacy and Freedom. New York: Atheneum.Google Scholar

The White House. 1997. A Framework for Global Electronic Commerce. Washington, DC. http://clinton4.nara.gov/WH/New/Commerce.Google Scholar

The White House. 2012. Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy. https://www.whitehouse.gov/sites/default/files/privacy-final.pdf.Google Scholar

The White House. 2015. Discussion Draft: Consumer Privacy Bill of Rights Act. https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/cpbr-act-of-2015-discussion-draft.pdf.Google Scholar

The While House. 2016. National Privacy Research Strategy. https://www.whitehouse.gov/sites/default/files/nprs_nstc_review_final.pdf.Google Scholar

Agre, Philip E. “Surveillance and capture: Two models of privacy.” The Information Society, vol. 10, no. 2 (1994): 101–127.Google Scholar

Altaweel, Ibrahim, Good, Nathan, and Hoofnagle, Chris Jay. “Web privacy census.” Technology Science ( 2015 ). Available at http://techscience.org/a/2015121502/.Google Scholar

Anthonysamy, Pauline, and Rashid, Awais. “Software engineering for privacy in-the-large.” In Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 2, pp. 947–948. Florence: IEEE, 2015.Google Scholar

Article 29 Working Party. (2010a). “Opinion 1/2010 on the concepts of ‘controller’ and ‘processor,’” Brussels, 2010. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp169_en.pdf.Google Scholar

Article 29 Working Party. (2010b). “Opinion 2/2010 on online behavioural advertising,” Brussels, 2010. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp171_en.pdf.Google Scholar

Article 29 Working Party. “Opinion 05/2012 on cloud computing,” Brussels, (2012). Available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf.Google Scholar

Baldwin, Carliss Y. “Modularity and organizations.” In International Encyclopedia of the Social & Behavioral Sciences. Orlando, FL: Elsevier, 2nd ed. (2015): 718–723.Google Scholar

Baldwin, Carliss Y., and Clark, K. B.. “Managing in an age of modularity.” Harvard Business Review vol. 75, no. 5 (1997): 84–93.Google Scholar

Bamberger, Kenneth A., and Mulligan, Deirdre K.. Privacy on the Ground Driving Corporate Behavior in the United States and Europe. Cambridge, MA: MIT Press, 2015.Google Scholar

Barocas, Solon. “Big data are made by (and not just a resource for) social science and policy-making” (Abstract), Internet, Politics, Policy 2012 Conference, Oxford University (2012). Available at http://ipp.oii.ox.ac.uk/2012/programme-2012/track-c-data-methods/panel-1c-what-is-big-data/solon-barocas-big-data-are-made-by-and.Google Scholar

Beck, K., Beedle, M., Van Bennekum, A., Cockburn, A., Cunningham, W., Fowler, M., … & Kern, J. Manifesto for Agile Software Development (2001).Google Scholar

Black, Benjamin. “EC2 origins.” Jan. 25, 2009. Available at http://blog.b3k.us/2009/01/25/ec2-origins.html.Google Scholar

Blanchette, Jean-François. “Introduction: Computing’s infrastructural moment.” In Yoo, Christopher S. and Blanchette, Jean-François (eds.), Regulating the Cloud: Policy for Computing Infrastructure. Cambridge, MA: MIT Press (2015): 1–21.Google Scholar

Bolton, Doug. “Facebook ‘Like’ button may be against the law, German court rules.” The Independent, Mar. 10, 2016. Available at http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-like-button-illegal-data-protection-germany-court-a6923026.html.Google Scholar

Bonneau, Joseph, Felten, Edward W., Mittal, Prateek, and Narayanan, Arvind. “Privacy concerns of implicit secondary factors for web authentication.” In SOUPS Workshop on “Who are you?! Adventures in Authentication (WAY).” Menlo Park, CA, July 9, 2014.Google Scholar

Brown, Emma. “UC-Berkeley students sue Google, alleging their emails were illegally scanned.” The Washington Post, Feb. 1, 2016. Available at https://www.washingtonpost.com/news/grade-point/wp/2016/02/01/uc-berkeley-students-sue-google-alleging-their-emails-were-illegally-scanned/.Google Scholar

Carlson, Lucas. “4 ways Docker fundamentally changes application development.” InfoWorld, Sept. 18, 2014. Available at http://www.infoworld.com/article/2607128/application-development/4-ways-docker-fundamentally-changes-application-development.html.Google Scholar

Cohen, Julie E. “What privacy is for.” Harvard Law Review, vol. 126, no. 7 (2012): 1904.Google Scholar

Cate, Fred H., and Mayer-Schönberger, Viktor. “Notice and consent in a world of Big Data.” International Data Privacy Law, vol. 3, no. 2 (2013): 67–73.Google Scholar

Clark, David D., Wroclawski, John, Sollins, Karen R., and Braden, Robert. “Tussle in cyberspace: Defining tomorrow’s internet.” In ACM SIGCOMM Computer Communication Review, vol. 32, no. 4 (2002): 347–356.Google Scholar

Cloud Native Computing Foundation (2016). Available at https://cncf.io/.Google Scholar

Dörbecker, Regine, and Böhmann, Tilo. “The concept and effects of service modularity: A literature review.” In System Sciences (HICSS), 2013 46th Hawaii International Conference on System Sciences, pp. 1357–1366. Wailea, Maui, HI: IEEE, 2013.Google Scholar

Douglass, Bruce P. Agile Systems Engineering. Waldman, MA: Morgan Kaufmann, 2015.Google Scholar

Englehardt, Steven, and Narayanan, Arvind (2016). “Online tracking: A 1-million-site measurement and analysis.” In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16), pp. 1388–1401.Google Scholar

Erickson, Seth, and Kelty, Christopher M.. “The durability of software.” In Kaldrack, Irina and Leeker, Martina (eds.), There Is No Software, There Are Just Services. Lüneburg, Germany: Meson Press (2015): 39–56.Google Scholar

Estler, Hans-Christian, Nordio, Martin, Furia, Carlo A., Meyer, Bertrand and Schneider, Johannes. “Agile vs. structured distributed software development: A case study.” Empirical Software Engineering, vol. 19, no. 5 (2014): 1197–1224.Google Scholar

Exposito, Ernesto, and Diop, Code. Smart SOA Platforms in Cloud Computing Architectures. Hoboken, NJ: John Wiley & Sons, 2014.Google Scholar

Fay, Joe. “Assembly of tech giants convene to define future of computing.” The Register, Dec. 18, 2015. Available at http://www.theregister.co.uk/2015/12/18/cloud_native_computer_cloud_native/.Google Scholar

Fitz, Timothy. “Continuous deployment at IMVU: Doing the impossible fifty times a day.” Blog Post, February 10, 2009. Available at https://www.timothyfitz.com.Google Scholar

Fox, Armando, and Patterson, David. Engineering Software as a Service: An Agile Approach Using Cloud Computing, Strawberry Canyon LLC, 2nd ed., 2013.Google Scholar

Fuchs, Christian. “Class and exploitation on the internet.” In Trebor, Scholz (ed.), Digital Labor: The Internet as Playground and Factory. New York and London: Routledge (2013): 211–224.Google Scholar

Google. “Updating our privacy policies and terms of service.” Official Blog. Jan. 24, 2012. Available at https://googleblog.blogspot.com/2012/01/updating-our-privacy-policies-and-terms.html.Google Scholar

Google. “Ten things we know to be true.” (2016). Available at https://www.google.com/about/company/philosophy/.Google Scholar

Gürses, Seda, and del Alamo, Jose M.. “Privacy engineering: Shaping an emerging field of research and practice.” IEEE Security & Privacy, vol. 14, no. 2 (2016): 40–46.Google Scholar

Helmond, Anne. “The platformization of the web: Making web data platform ready.” Social Media+ Society, vol. 1, no. 2, 2015: 1–11.Google Scholar

Hook, Leslie. “Cloud computing titans battle for AI supremacy,” Financial Times, Dec. 5, 2016. Available at https://www.ft.com/content/bca4876c-b7c9-11e6-961e-a1acd97f622d.Google Scholar

Humble, Jez, and Farley, David. Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation (Adobe Reader). London: Pearson Education, 2010.Google Scholar

iOvation. “iOvation launches passwordless security for consumer-facing websites.” Feb. 29, 2016. Available at https://www.iovation.com/news/press-releases/iovation-launches-passwordless-security-for-consumer-facing-websites.Google Scholar

Jamieson, Jack. “Many (to platform) to many: Web 2.0 application infrastructures.” First Monday, vol. 21, no. 6 (2016). doi:10.5210/fm.v21i6.6792.Google Scholar

Kaldrack, Irina, and Leeker, Martina. “Introduction.” In Kaldrack, Irina and Leeker, Martina (eds.), There Is No Software, There Are Just Services. Lüneburg, Germany: Meson Press (2015): 9–20.Google Scholar

Kant, Tanya. “FCJ-180 ‘Spotify has added an event to your past’:(Re) writing the self through Facebook’s autoposting apps.” The Fibreculture Journal, vol. 2015, no. 25, 2015: Apps and Affect (2015).Google Scholar

Knorr, Eric. “2016: The year we see the real cloud leaders emerge,” InfoWorld, Jan. 4, 2016. Available at http://www.infoworld.com/article/3018046/cloud-computing/2016-the-year-we-see-the-real-cloud-leaders-emerge.html.Google Scholar

Fowler, Martin, and Lewis, James. “Microservices a definition of this new architectural term” (2014). Available at http://martinfowler.com/articles/microservices.html.Google Scholar

Mahoney, Michael S. “Finding a history for software engineering.” IEEE Annals of the History of Computing, vol. 26, no. 1 (2004): 8–19.Google Scholar

Metz, Cade. Google open sources its secret weapon in cloud computing. WIRED, Oct. 10, 2014. Available at https://www.wired.com/2014/06/google-kubernetes/Google Scholar

Neubert, Christoph. “‘The tail on the hardware dog’: Historical articulations of computing machinery, software, and services.” In Kaldrack, Irina and Leeker, Martina (eds.), There Is No Software, There Are Just Services. Lüneburg, Germany: Meson Press (2015).Google Scholar

Newcomer, Eric, and Lomow, Greg. Understanding SOA with Web services. Upper Saddle River, NJ: Addison-Wesley, 2005.Google Scholar

Nissenbaum, Helen. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press, 2009.Google Scholar

Nissenbaum, Helen. “Must privacy give way to use regulation?” Lecture at the Watson Institute, Brown University, March 15, 2016. Available at http://watson.brown.edu/events/2016/helen-nissenbaum-must-privacy-give-way-use-regulation.Google Scholar

O’Reilly, Tim. “What is web 2.0: Design patterns and business models for the next generation of software” (2005). Retrieved March 2006. Available at http://www.oreilly.com/pub/a/web2/archive/what-is-web-20.html.Google Scholar

Palen, Leysia, and Dourish, Paul. “Unpacking privacy for a networked world.” In Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 129–136. Ft. Lauderdale, FL: ACM, 2003.Google Scholar

Parson, D. “Agile software development methodology, an ontological analysis.” Massey University, Aukland (2011). Available at http://www.davidparsons.ac.nz/papers/agile%20ontology.pdf.Google Scholar

Pearson, Siani. “Taking account of privacy when designing cloud computing services.” In Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44–52. Washington, DC: IEEE Computer Society, 2009.Google Scholar

Pringle, Tom, Baer, T. and Brown, G.. “Data-as-a-service: The next step in the as-a-service journey.” In Oracle Open World Conference, San Francisco, 2014.Google Scholar

Rodden, Kerry, Fu, Xin, Aula, Anne, and Spiro, Ian. “Eye-mouse coordination patterns on web search results pages.” In: Czerwinski, Mary, Lund, Arnie and Tan, Desney. CHI’08 Extended Abstracts on Human Factors in Computing Systems. Florence, Italy: ACM (2008): 2997–3002.Google Scholar

Roy, Jacques. The Power of Now: Real-Time Analytics and IBM Infosphere Streams. New York: McGraw Hill Education, 2015.Google Scholar

Rouvroy, Antoinette, and Poullet, Yves. “The right to informational self-determination and the value of self-development: Reassessing the importance of privacy for democracy.” In: Gutwirth, S., Poullet, Y., De Hert, P., de Terwangne, C., Nouwt, S. (eds.), Reinventing Data Protection? Dordrecht: Springer (2009): 45–76.Google Scholar

Schechner, Sam, and Efrati, Amir. “EU privacy watchdogs blast Google’s data protection.” The Wall Street Journal, Updated Oct. 16, 2012. https://www.wsj.com/articles/SB10000872396390443675404578060501067902658Google Scholar

Scholz, Trebor, ed. Digital Labor: The Internet as Playground and Factory. New York and London: Routledge, 2012.Google Scholar

Sculley, D., Phillips, Todd, Ebner, Dietmar, Chaudhary, Vinay and Young, Michael. “Machine learning: The high-interest credit card of technical debt.” NIPS 2014 Workshop on Software Engineering for Machine Learning. Saturday December 13, 2014. Montreal, QC, Canada. (2014).Google Scholar

Shilton, Katie, and Greene, Daniel. “Because privacy: Defining and legitimating privacy in ios development.” IConference 2016 Proceedings, Philadelphia, PA (2016).Google Scholar

Simon, Herbert A. “The architecture of complexity.” Proceedings of the American Philosophical Society, vol. 106, no. 6 (1962): 467–482.Google Scholar

Stutz, David. “The failure of shrinkwrap software” (2003). Available at http://www.synthesist.net/writing/failureofshrinkwrap.html.Google Scholar

Turow, Joseph. The Daily You: How the New Advertising Industry Is Defining Your Identity and Your Worth. New Haven: Yale University Press, 2012.Google Scholar

Van Hoboken, Joris. “From collection to use in privacy regulation? A forward looking comparison of European and U.S. frameworks for personal data processing.” In Van der Sloot, Bart, Broeders, Dennis and Schrijvers, Erik (eds.), Exploring the Boundaries of Big Data. Amsterdam: Amsterdam University Press (2016): 231–259.Google Scholar

Van Hoboken, Joris, and Rubinstein, Ira. “Privacy and security in the cloud: Some realism about technical solutions to transnational surveillance in the post-Snowden era.” Maine Law Review, vol. 66, no. 2 (2013): 488.Google Scholar

Van Schewick, Barbara. Internet Architecture and Innovation. Cambridge, MA: MIT Press (2012).Google Scholar

Weinman, Joe. “Cloud strategy and economics.” In Yoo, Christopher S. and Blanchette, Jean-François (eds.), Regulating the Cloud: Policy for Computing Infrastructure. Cambridge, MA: MIT Press (2015): 21–60.Google Scholar

Wiedemann, Christin. The Science of Testing, Christin’s Blog on Testing. Available at: https://christintesting.wordpress.com/2013/04/07/the-science-of-testing/Google Scholar

Xu, Lai, and Brinkkemper, Sjaak. “Concepts of product software: Paving the road for urgently needed research.” In the First International Workshop on Philosophical Foundations of Information Systems Engineering (PHISE’05). Porto, Portugal: FEUP Press (2005): 523–528.Google Scholar

Yegge, Steve. “Stevey’s Google platforms rant.” (2011). Available at https://gist.github.com/chitchcock/1281611.Google Scholar

Yoo, Christopher S. “Modularity theory and internet regulation.” University of Illinois Law Review, vol. 2016 (2016): 1–62.Google Scholar

Yoo, Christopher S., and Blanchette, Jean-François (eds.) Regulating the Cloud: Policy for Computing Infrastructure. Cambridge, MA: MIT Press, 2015.Google Scholar

Ziewitz, Malte. “Governing algorithms myth, mess, and methods.” Science, Technology & Human Values, vol. 41, no. 1 (2016): 3–16.Google Scholar

Zittrain, Jonathan. The Future of the Internet And How to Stop It. New Haven and London: Yale University Press, 2008.Google Scholar

Zuboff, S. Big other: Surveillance capitalism and the prospects of an information civilization. Journal of Information Technology, vol. 30, no. 1 (2015): 75–89.Google Scholar