Abstract
Design is a key player in the future of data privacy and data protection. The General Data Protection Regulation (GDPR) established by the European Union aims to rebalance the information asymmetry between the organizations that process personal data and the individuals to which that data refers. Machine-readable, standardized icons that present a “meaningful overview of the intended processing” are suggested by the law as a tool to enhance the transparency of information addressed to data subjects. However, no specific guidelines have been provided, and studies on privacy iconography are very few. This article describes research conducted on the creation and evaluation of icons representing data protection concepts. First, we introduce the methodology used to design the Data Protection Icon Set (DaPIS): participatory design methods combined with legal ontologies and machine-readable representations. Second, we discuss some of the challenges that have been faced in the development and evaluation of DaPIS and similar icon sets. Third, we provide some tentative responses and indicate a way forward for evaluation of the effectiveness of privacy icons and their widespread adoption.
Highlights
In 2018, a key year for data privacy and data protection in the European Union, the General Data Protection Regulation (GDPR) became applicable.[1]
Under the GDPR, the nature, accessibility, and comprehensibility of the information describing data privacy practices must demonstrate compliance with the transparency obligations laid down in Article 12.2 The GDPR requires that any communication addressed to data subjects must be designed in a “concise, transparent, intelligible and accessible form, using clear and plain language.”[3]
DaPIS was modeled on a specific, formal conceptualization of EU data protection law;[32] and it represents key notions grouped in categories, such as the rights of the data subjects and the purposes of data processing
Summary
In 2018, a key year for data privacy and data protection in the European Union, the General Data Protection Regulation (GDPR) became applicable.[1]. The GDPR is intended to re-establish a balance between those entities collecting and processing personal data (i.e., the data controllers) and individuals to whom that personal data belong (i.e., the data subjects), who often are unaware of the extent of the processing. To reach this goal, the GDPR put a priority on design. The regulators assigned unprecedented relevance to the design quality of the information describing both the processing practices for personal data and the rights of the concerned data subjects This information is commonly communicated in privacy notices. Under the GDPR, the nature, accessibility, and comprehensibility of the information describing data privacy practices must demonstrate compliance with the transparency obligations laid down in Article 12.2 The GDPR requires that any communication addressed to data subjects must be designed in a “concise, transparent, intelligible and accessible form, using clear and plain language.”[3]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
