Make data protection understandable

In the research project "Privacy Icons" the interdisciplinary research team "Digital Self-Determination" develops concepts and methods for the design of effective privacy information content, forms and architectures. So-called Privacy Icons play a central role in this process. According to the legislator of the General Data Protection Regulation (GDPR), privacy icons are intended to supplement or even replace lengthy and difficult to understand information texts (keyword: uselessness of the cookie banner). The particular challenge of privacy icons is to illustrate the complexity of data processing and the associated risks using intuitively understandable icons in such a way that users actually (i.e. verifiably) understand them.

To ensure the effectiveness of the icons, the research group directly involves users and industry stakeholders in the research process to understand and take into account their respective interests.

To this end, the researchers have already conducted several explorative design workshops with interested users at the Berlin Open Lab of the University of the Arts.

Based on existing literature in the area of usable privacy with regard to how people make decisions about data disclosure and weigh privacy concerns, the workshops focused on a discussion of perceived undesired uses of personal data. Taking into account a wide range of data and sensors as well as different levels of maturity and novelties of data-based services, the workshop topics covered web browsing, the use of language assistants and the mobility associated with it.

After collecting more than 90 cases of unwanted use and categorisations, the user perspective was then enriched and contrasted with international experts in the field of data protection law and user experience design.

Based on these findings, the team has now developed a taxonomy of unwanted use of data. This taxonomy forms the basis for both scientific and practical findings. The project thus provides empirically validated findings for "determining the information to be presented" by privacy icons in accordance with GDPR Art. 12(8). More generally, the project even shows a valuable design resource in terms of design for transparency in data protection. For example, the taxonomy can help to define the purposes of data processing in a more understandable way. Beyond privacy policies, however, a more active handling of communicating data protection (e.g. by specifically excluding undesired uses) is well suited to represent an added value for companies.

In the current stage, the design implications of the approach are being evaluated and tested with partners from industry who are interested in actively communicating data protection as an added value for their customers.

First publications on using these insights have already been published or are under review at national and international top venues and journals.

If you are interested in participating in the results, you are welcome to contact the project team.

Contact Person

Prof. Dr. Max von Grafenstein
Einstein Center Digital Future
University of the Arts Berlin

Dr. Timo Jakobi
Universität Siegen

Website

Projektwebseite Privacy Icons

Privacy Icons Forum

Publications

Data Governance: Enhancing Innovation and Protecting Against Its Risks
https://link.springer.com/article/10.1007/s10272-019-0829-9

Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI
https://doi.org/10.1515/icom-2020-0004

User-friendly formulation of data processing purposes of voice assistants: a user perspective on the principle of purpose limitation
https://dl.acm.org/doi/10.1145/3404983.3405588

GDPR Reality Check - Claiming and Investigating Personally Identifiable Data from Companies
https://ieeexplore.ieee.org/abstract/document/9229806

[Workshop]: Transparenz & Datenschutz: Privacy Icons aus Sicht von UX Professionals
https://new-dl.gi.de/handle/20.500.12116/34214