From procedures to peril: Towards risk transparency in information privacy for users

Artikel i vetenskaplig tidskrift, 2026

Information privacy is an integral part of users' lives, as many digital services and their business models heavily rely on personal data. For example, conversational agents will use massive amounts of user conversations to hyper-personalize ads. Although privacy information is provided through policies and app notifications, and regulation increasingly adopts risk-based approaches, users remain largely uncertain about the risks they face. Design tweaks such as privacy icons or nutrition labels have yielded little improvement, as the central issue lies not in how privacy information is presented, but in what is omitted: the emphasis on disclosing data practices alone does not sufficiently reduce users’ uncertainty about potential harms. This paper develops an argument for complementing the current paradigm of “procedural transparency” with “risk transparency.” Risk transparency prioritizes the clear communication of privacy risks to individuals using digital services, similar to established practices in domains such as drug safety, public health, or consumer protection, where explicitly informing users about risks is considered the main priority. In this article, we discuss risk transparency terminology, illustrate how risk can be communicated, and review the evidence on the effectiveness of risk communication as well as its associated challenges. A shift towards privacy risk transparency aims to provide consumers and data subjects with more meaningful information that supports their informed decision-making in the data economy.