In 2018, a key year for data privacy and data protection in the European Union, the General Data Protection Regulation (GDPR) became applicable. With it came a series of new duties and rights destined to revolutionize the ecosystem of personal data gathering and processing. The GDPR introduced a number of significant provisions that potentially produce far-reaching effects because its obligations apply to any organization offering services or goods to individuals on European soil. As a general aim, the GDPR is intended to re-establish a balance between those entities collecting and processing personal data (i.e., the data controllers) and individuals to whom that personal data belong (i.e., the data subjects), who often are unaware of the extent of the processing.To reach this goal, the GDPR put a priority on design. The regulators assigned unprecedented relevance to the design quality of the information describing both the processing practices for personal data and the rights of the concerned data subjects. This information is commonly communicated in privacy notices. Under the GDPR, the nature, accessibility, and comprehensibility of the information describing data privacy practices must demonstrate compliance with the transparency obligations laid down in Article 12. The research and the open problems described in the following sections aim to contribute to the emerging debate on evidence-based design standards for data protection icons in the EU. Section 2 discusses possible explanations for the use of icons in the data protection domain by listing some advantages and disadvantages. Section 3 introduces the methodological choices for the design of DaPIS, the icon set created as a means to fulfill the GDPR’s requirements. Section 4 addresses some major challenges that surfaced while designing DaPIS and advances some potential answers for further research. We focus on the object of representation of the icons, their function, the methods for their evaluation, and their interpretation. This article also contributes to the broader discussions of design’s role in effective regulation and public access to rights and laws.

Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection

Arianna Rossi
Primo
Conceptualization
;
Monica Palmirani
Secondo
Conceptualization
2020

Abstract

In 2018, a key year for data privacy and data protection in the European Union, the General Data Protection Regulation (GDPR) became applicable. With it came a series of new duties and rights destined to revolutionize the ecosystem of personal data gathering and processing. The GDPR introduced a number of significant provisions that potentially produce far-reaching effects because its obligations apply to any organization offering services or goods to individuals on European soil. As a general aim, the GDPR is intended to re-establish a balance between those entities collecting and processing personal data (i.e., the data controllers) and individuals to whom that personal data belong (i.e., the data subjects), who often are unaware of the extent of the processing.To reach this goal, the GDPR put a priority on design. The regulators assigned unprecedented relevance to the design quality of the information describing both the processing practices for personal data and the rights of the concerned data subjects. This information is commonly communicated in privacy notices. Under the GDPR, the nature, accessibility, and comprehensibility of the information describing data privacy practices must demonstrate compliance with the transparency obligations laid down in Article 12. The research and the open problems described in the following sections aim to contribute to the emerging debate on evidence-based design standards for data protection icons in the EU. Section 2 discusses possible explanations for the use of icons in the data protection domain by listing some advantages and disadvantages. Section 3 introduces the methodological choices for the design of DaPIS, the icon set created as a means to fulfill the GDPR’s requirements. Section 4 addresses some major challenges that surfaced while designing DaPIS and advances some potential answers for further research. We focus on the object of representation of the icons, their function, the methods for their evaluation, and their interpretation. This article also contributes to the broader discussions of design’s role in effective regulation and public access to rights and laws.
2020
Arianna Rossi; Monica Palmirani
File in questo prodotto:
File Dimensione Formato  
010_desi_a_00605_Rossi_Palmirani_FINAL.pdf

Open Access dal 26/12/2020

Descrizione: design-issues
Tipo: Versione (PDF) editoriale
Licenza: Licenza per accesso libero gratuito
Dimensione 475.08 kB
Formato Adobe PDF
475.08 kB Adobe PDF Visualizza/Apri
POST PRINT PALMIRANI.pdf

accesso aperto

Tipo: Postprint
Licenza: Licenza per accesso libero gratuito
Dimensione 1.44 MB
Formato Adobe PDF
1.44 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/786314
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 14
  • ???jsp.display-item.citation.isi??? 7
social impact