Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection

Design is a key player in the future of data privacy and data protection. The General Data Protection Regulation (GDPR) established by the European Union aims to rebalance the information asymmetry between the organizations that process personal data and the individuals to which that data refers. Machine-readable, standardized icons that present a “meaningful overview of the intended processing” are suggested by the law as a tool to enhance the transparency of information addressed to data subjects. However, no specific guidelines have been provided, and studies on privacy iconography are very few. This article describes research conducted on the creation and evaluation of icons representing data protection concepts. First, we introduce the methodology used to design the Data Protection Icon Set (DaPIS): participatory design methods combined with legal ontologies and machine-readable representations. Second, we discuss some of the challenges that have been faced in the development and evaluation of DaPIS and similar icon sets. Third, we provide some tentative responses and indicate a way forward for evaluation of the effectiveness of privacy icons and their widespread adoption.


Introduction
In 2018, a key year for data privacy and data protection in the European Union, the General Data Protection Regulation (GDPR) became applicable. 1 With it came a series of new duties and rights destined to revolutionize the ecosystem of personal data gathering and processing. The GDPR introduced a number of significant provisions that potentially produce far-reaching effects because its obligations apply to any organization offering services or goods to individuals on European soil. As a general aim, the GDPR is intended to re-establish a balance between those entities collecting and processing personal data (i.e., the data controllers) and individuals to whom that personal data belong (i.e., the data subjects), who often are unaware of the extent of the processing.
To reach this goal, the GDPR put a priority on design. The regulators assigned unprecedented relevance to the design quality of the information describing both the processing practices for personal data and the rights of the concerned data subjects. This information is commonly communicated in privacy notices. Under the GDPR, the nature, accessibility, and comprehensibility of the information describing data privacy practices must demonstrate compliance with the transparency obligations laid down in Article 12. 2 The GDPR requires that any communication addressed to data subjects must be designed in a "concise, transparent, intelligible and easily accessible form, using clear and plain language." 3 Such attention to design-including the modality and efficacy of data privacy communication-represents a landmark in EU data protection law. It reflects decades of research documenting the absolute incapacity of traditional privacy policies to inform people's privacy-related decisions. These traditional treatments of data privacy information take the form of lengthy, overly complex, unintelligible, and hard-to-navigate documents. 4 The design of privacy communication tends to be so poor that some scholars have even categorized traditional privacy communication as dark patterns-as "obscure strategies" that make it "hard or even impossible for data subjects to learn how their personal data is collected, stored, and processed." 5 The GDPR challenges this dysfunction. The previous information paradigm focused on the quantity of information as a signifier of effective disclosure. 6 Meanwhile, the quality of legal information design has been ignored. The Article 29 Working Party (WP29), in its guidelines on transparency maintains that the concept of transparency should be interpreted and applied in a user-centric manner. 7 Thus, privacy notices should not just superficially comply with the legal provision on mandated disclosure, but should be effective, informative tools. Hence, the design of legal communication must account for the specificity of the intended audience and the characteristics of human cognition to provide transparent, comprehensible, and navigable disclosures.
Remarkably, the GDPR even acknowledges the potential of visual design to enhance the comprehensibility of privacy terms. Namely, it provides for the possibility of disclosing information to data subjects with text in combination with standardized visual icons to give "in an easily visible, intelligible and clearly legible manner a meaningful overview of the intended processing." 8 Such icons must be machine-readable when presented in electronic format. 9 Although the European Commission's role is to give directions on the creation of the icons through delegated acts, the necessity of experts' involvement is emphasized in Recital 166 of the GDPR. 10 In addition, the WP29, prior to any EU standardization, encourages an "evidence-based approach" and the necessity for "extensive research in conjunction with industry and the wider public as to the efficacy of icons in this context." 11 The research and the open problems described in the following sections aim to contribute to the emerging debate on evidence-based design standards for data protection icons in the EU. Section 2 discusses possible explanations for the use of icons in the data protection domain by listing some advantages and disadvantages. Section 3 introduces the methodological choices for the design of DaPIS, the icon set created as a means to fulfill the GDPR's requirements. Section 4 addresses some major challenges that surfaced while designing DaPIS and advances some potential answers for further research. We focus on the object of representation of the icons, their function, the methods for their evaluation, and their interpretation.
This article also contributes to the broader discussions of design's role in effective regulation and public access to rights and laws. Can visual representations of complex technical and legal information effectively help people make sense of it-and The other view states that, because the law is traditionally expressed through linguistic utterances (i.e., law is "verbocentric" 14 ), visual communication poses risks. Indeed, according to this view, graphical means would not be able to transmit the nuances of legal language, 15 and they would be more open to interpretation than written statements. 16 Thus, visual communication would augment, rather than minimize, the risks of misunderstandings. In addition, it would constitute a problem in court because no established framework or vocabulary exists for interpreting and interrogating visual legal documents, unlike the well-established legal hermeneutics for verbal provisions. 17 The cautious observations of the latter view disregard three essential aspects of the actual use of visual design. First, visual elements generally are not meant to completely replace text in legal documents. 18 Rather, illustrations, such as diagrams, timelines, icons, and comics, complement words. 19 Second, the aim is not to have visual elements represent legal meanings as precisely as verbal expressions can do. Instead, they can clarify, give salience to, and improve memorability and navigability of information-for instance, by making visible abstract relations between concepts (e.g., sequences or conditions) that are typical of legal documents. 20 In the legal domain, then, clarifying that different kinds of visual elements convey different types of information and adopt different functions is important; some of these functions are not inherently pictorial. For example, timelines illustrate temporal sequences and comic strips can properly represent narratives, while companion icons can support strategic reading in long documents. Users' interpretation of legal documents does not correspond to the hermeneutical activity of legal professionals. Whereas the latter is a specific methodology for the interpretation of legal provisions, the former is a regular communicative process finalized to the understanding of a (linguistic or non-linguistic) message. Although we recognize the need for extensive research on the first aspect, we focus in this article on the latter.

Icons for the Legal Domain
As simplified visual illustrations, icons cannot enhance comprehensibility of data practices as other visual elements that involve complex content (e.g., videos or comics) could do. However, they can be recognized, processed, and memorized with ease and thus can serve as cognitive support for the classification of content better than text can, as graphic user interfaces successfully demonstrate. 21 In addition, we note a widespread belief that icons can overcome linguistic and cultural barriers, which also is commonly held in the juridical domain. 22 Whereas this belief holds true for standardized conventions (e.g., the traffic signs and the graphical symbols used in public spaces) and for icons representing concrete objects, the meaning of symbols that are not semantically transparent must be learned rather than deduced. 23 However, given the verbo-centricity of the law, icons are less disruptive non-linguistic elements than comics and other possible visual mechanisms that would completely transform legal notices. 24 Moreover, well-accepted examples of pictograms used as universal shorthand for critical legal-technical information do exist. These examples include the pictograms of Creative Commons licenses for intellectual property. 25 Other widely used and even internationally standardized symbols include traffic signs, warning signs, and labeling schemes for energy consumption. 26 Other popular pictograms symbolize notions related to cybersecurity (e.g., the padlock for secure communications and connections) consumption, respectively, see United Nations Economic Commission for Europe (UNECE), https://www.unece.org/fileadmin/DAM/trans/conventn/Conv_road_ signs_2006v_EN.pdf (accessed February 10, 2020); UNECE, "Globally Harmonized System of Classification and Labelling of Chemicals," GHS Rev. May 8, 2019, https://www.unece.org/index. php?id= 51896&L=0 (accessed February 10, 2020); and European Commission (website), About the Energy Label and Ecodesign, https://ec.europa.eu/ info/ energy-climate-change-environment/ standards-tools-and-labelsproducts-labelling-rules-and-requirements/ energy-label-and-ecodesign/about_en (accessed February 10, 2020 and to data access permissions (e.g., the geolocation symbol). In all these cases, the rationale supports the creation of a common pictographic system that can become universally recognizable when used consistently. 27 A few initiatives for the creation of an icon language to summarize data practices exist, although they have neither gained acceptance nor reached extensive adoption. 28 Two European-led efforts are of note. The first was conducted as part of the European PrimeLife project, 29 which is the most structured attempt to create and assess icons for the data protection domain in the EU. The second presented six icons and their description in table format and was included in the 2013 Draft report on the GDPR proposal. 30 The display of such icons would have constituted a legal obligation for data controllers if the amendments had been approved. Although the icons were ultimately discarded, traces of this proposal can be found in the GDPR's call for icons.

Methodology for the Design of DaPIS
Following the GDPR's revamped interest for pictograms as transparency-enhancing means and taking stock of the lessons derived from the few previous attempts to design privacy icons, our research group drafted the DaPIS (Data Protection Icon Set), an icon set representing core concepts of EU data protection law. 31

An Ontological Foundation
In the creation of DaPIS, we followed participatory design methods and structured it toward the goal of integration with semantic technologies. DaPIS was modeled on a specific, formal conceptualization of EU data protection law; 32 and it represents key notions grouped in categories, such as the rights of the data subjects and the purposes of data processing. The meaningful combination of these legally significant categories can support a uniform visual design scheme.
Our team deliberately created the icon set to be modular, systematic, and semantic, so that it was not just a visual design intervention, but an intelligent one. The visual signs representing fundamental concepts (e.g., right, withdraw, consent) can be combined to express complex legal meanings (e.g., the right to withdraw consent) in the same pictogram. We primarily used the root/ referent icon design approach, where the root is a constant symbol representing the category, while the referent specifies the subcategory. 33 We thereby ensured visual uniformity among the icons belonging to the same class, to ease their recognition. For instance, an upward-facing hand distinguishes the icons depicting the rights of the data subjects from the other conceptual classes (see Figure 1).
The ontological foundation was also instrumental for the creation of a machine-readable icon set (as enshrined by GDPR Article 12.8)-that is, an icon language whose elements have computerinterpretable meanings that are explicitly and formally defined in the ontology. This capability allows for semi-automatic retrieval and display of the visualizations encoded in the ontology after the semantic expressions of the privacy policy in natural language (e.g., "you," "user") have been associated with their corresponding ontological class (e.g., "data subject") through an Extensible Markup Language (XML) mark-up. 34 The mark-up elements also allow for a structured, semantically enriched document layout that improves its information architecture: It allows for visualizing structural elements that convey information hierarchy and thereby facilitate the reading (or, more accurately, skimming) activity. Our vision was that semantically enriched privacy policies can be leveraged to generate a user-friendly visual layer composed of structured layout and icons that can ease the navigation of these documents and increase comparability across them, both for human beings and intelligent systems.

Semiotic Considerations
To create DaPIS, a communicative and semiotic consideration of design was adopted because "one of the principal functions of design is to communicate." 35 Design in this perspective is a dialogue between designer and intended user. Hence, it is not a monodirectional but a bidirectional process. Given "the existence of expressive intent and interpretative response," design is a form of mediated, asynchronous communication. 36 Like written communication, the interpretation of the message embedded in the artifact (e.g., icon, button, visualization) is carried out in a different time and place than its production. The designer tries to encode a specific meaning in an artifact (like an icon) so that final users can DaPIS pictograms representing the various rights of the data subject and showing the modularity of the icon set: a) rights of the data subject; b) right to be informed; c) right to rectification; d) right to erasure; e) right of access; f) right to data portability; g) right to object to processing; h) right to restriction to processing; i) right to withdraw consent; j) right to lodge a complaint to the supervisory authority. Figure created by  correctly decode the intended meaning (e.g., the icon's function) through their interaction with the artifact. However, users do not have direct access to the original intentions of the designer, who must therefore be able to anticipate any problematic interpretation that would lead to misunderstandings, frustration, or errors. Ultimately, the interpretation, rather than the intention, is what determines success of use of a certain design. 37 This asynchronous interpretation matters greatly for legal design. In the design of information, graphics, interfaces, and systems, the problem of mediated communication acquires even deeper significance if the actions taken by a user based on her understanding of the artifact have legal consequences. Incorrect interpretation of interface elements, including icons, toggle bars, and buttons, might cause users to unintentionally give consent to privacy-invasive practices. Indeed, some legal scholars have voiced fears of misjudgments: Mondschein has maintained that boiling down complex legal disclosures to a set of icons would affect their quality and explanatory nature, more than correcting for information overload. 38 Misrepresentations also constitute a risk, when the visual translation of complicated processes is limited by predefined and potentially inappropriate categories or elements. The few existing user studies carried out on the interpretation of privacy icons have demonstrated that sign reception can be misguided. 39 Therefore, as a crucial cautionary element, our team has prioritized an "evidence-based approach," with the aim of providing a rigorous assessment of the efficacy of icons as legal transparency mechanisms. 40 Because images, and especially pictograms, are polysemic, establishing whether they convey the intended message to the audience is necessary. Icon interpretation is a non-linear task and depends both on context and on the extent to which the repertoire of signs of designers and users correspond. 41 To align designers' intentions and users' interpretation, we have relied on participatory design methods in the phases of conception and creation of the icons.

Participatory Design Methods
EU regulators have not provided any indication about the modality of implementation of the GDPR's icons; meanwhile, the European Commission has deliberately let solutions arise in a bottom-up manner, from civil society and industry, before adopting a binding act that imposes EU standardization. 42 However, this approach has caused a lack of uniformity among the existing approaches, which results in weak incentives for the adoption of and investment in privacy indicators, and in a proliferation of differing icon sets. This inconsistent visual design hinders users' abilities to easily recognize icons and rely on them for guidance on the law and their rights. 43 We designed DaPIS using participatory design methods with two purposes in mind: to allow for the expression of multifaceted values and priorities of the different stakeholders who might be affected by the icon set and to avoid overlooking any fundamental aspect of legal icon design. 44 We held a series of workshops involving various stakeholders (i.e., a heterogeneous group of graphic designers, lawyers and legal scholars, computer scientists, communications professionals, interested laypeople, and representatives of the business world), with the intention of combining their different visions. 45 The preparatory, conceptual work for the design of the graphical symbols involved mind-mapping techniques to gather a wide choice of motifs for each preselected legal notion.
For instance, graphic professionals proposed the root/referent icon design approach and sought to ensure the quality and overall coherence of the visual design. They provided plausible contexts of use for the icons. Meanwhile, legal experts and computer scientists guided the interpretation of the abstract legal-technical definitions described in the GDPR. Moreover, individuals from for-profit business enterprises offered a critical voice on the expected hurdles to the implementation of the icons in the market. Laypeople offered a non-specialized view that supported the development of universally understandable symbols, as opposed to graphical conventions known only to professionals. 46 Involving multiple stakeholders also underlined crucial differences among their views and priorities. One of the most evident divergences concerned expectations about the visual representations of legal notions: Whereas legal scholars defended the importance of a literal and detailed "visual translation" of the concepts to avoid their misrepresentation and oversimplification, designers emphasized the crucial relevance of criteria like simplicity and legibility of the icons to support ease of recognition and the ability to render them on a variety of devices and screen sizes. Collaborative prototyping enabled the different stakeholders to negotiate their views in a shared design space and to reach a satisfactory mediation. 47 The final DaPIS comprises 37 elements. 48

Open Questions and Problems
During the development of the research, a series of open questions emerged, and we propose these questions as a guide for future work in visual design for legal transparency.

The Challenge of the Object of Representation
One fundamental question concerns the objects that the visual language should represent. Previous design efforts fall into three approaches to object representation. The first focuses on single objects and concepts that are proper to the privacy and data protection domain (e.g., the concept of "pseudonymization" or that of "encryption"). 49 The second tries to visually represent statements about such concepts, referring to the presence of a certain data practice (e.g., "Site contains third-party ads" 50 ). The third approach includes attempts to give an indication of the lawfulness of specific data practices (e.g., "No personal data are collected beyond the minimum necessary for each specific purpose of the processing" 51 ). The aim here is to rate such practices to provide meaningful advice and to inform users' decisions on whether to use a certain service-or to head elsewhere. Similarly, other approaches put an emphasis on risky data processing aspects. 52 This problem and question introduces an additional critique about the icons' fit to represent knowledge in law. 53 Icons are generally best fit to depict concrete concepts, such as objects and people. Abstract data protection notions (e.g., "processing purposes") are inherently difficult to visualize and to decode. Individuals must resort to contextual elements, previous experience, and learned knowledge to correctly interpret them. For this reason, supplementing icons with textual labels or other interface design elements can explain their meaning and therefore facilitate their interpretation. 54 Such elements are necessary at first exposures in cases where the relationship between the graphical symbol and its meaning is arbitrary and cannot be inferred. Therefore, expectations of what icons can do, when based on the ways icons have been used to symbolize concrete concepts, are inappropriate in this case, and the expectations are what must be reviewed. It is only by providing enough interpretative context, preferring concrete concepts over abstract ones and actively supporting the learning of the association between pictogram and meaning that icons can aspire to communicate universally and univocally. However, icons represent only one of the possible solutions to the endemic lack of transparency in privacy notices. 55 Another critique of the use of icons to clarify legal concepts moves from the fact that these graphical symbols are not suitable to communicate the nuanced notions expressed in legal terms. The legal experts that took part in DaPIS's participatory workshops expected to accurately translate the legal definitions into their visual equivalents by preserving the sheer amount of details and the complexity that characterize legal provisions. The underlying hypothesis predicted that the addition of more traits and symbols to a pictogram would improve icon comprehension. In addition, the jurists firmly supported a literal translation of the concepts into the pictograms to decrease the set of plausible interpretations to one univocal meaning. Informed by this position, the initial prototypes of DaPIS resulted in complex and detailed pictograms. However, our user studies revealed that literal, precise representations appeared confusing and overwhelming to the users, instead of representing meaningful guidance.
Remarkably, even the opposite problem was encountered: Some concepts lack a precise definition, not only because natural language is ambiguous in itself, but also because legal and, in particular, privacy terms are deliberately left vague to be open to interpretation. 56 For instance, data processing can be necessary to provide a certain service (e.g., a maps app needs the user's geolocation data to guide her to the desired destination). Thus, legal expressions, such as "we use the data we collect to provide you with the information and services that you requested from us," constantly figure among the processing purposes of a service provider but is not further specified. Visualizing such a vague "purpose of provision of the service" has thus represented a challenge. An emblematic and extreme case also is represented by the concept of "third party," which is a fundamental concept in data protection regulation and is legally defined by what it is not, instead of by what it is. 57 For these reasons, similar abstract and loose legal notions were difficult to translate into easily interpretable visuals.

The Challenge of Defining Icon Functions 58
The diversity concerning the icons' object of representation, as described, also is reflected in the different functions that an icon set can assume related to transparency in privacy disclosures. 59 Graphical symbols depicting individual notions can accompany headings or key points of the notice to saliently indicate where specific information can be found. These "companion icons" are meant to break the wall of text and thereby to attract readers' attention and help them to skim through the document to efficiently identify specific information. 60 Evidence shows that they can increase readers' comprehension of privacy policies. 61 This design pattern can be particularly advantageous in lengthy documents that are devoid of an information hierarchy.
Symbols that try to unequivocally communicate to users what privacy practices are stated or are absent from a privacy policy add a layer of meaning to companion icons. For instance, visual symbols can signal that profiling of the data subject occurs or that personal data are anonymized. Whether this practice respects the user's privacy preferences or not is left to the user to discern.
A system of icons also can attract users' attention to specific data practices that can be considered risky (e.g., automated decision-making that has significant legal implications for the data subject 62 ) or unlawful (e.g., processing a larger amount of data than necessary, thus contradicting the principle of data minimization 63 ). In this view, icons assume the role of warning signs, like those indicating explosive or poisonous materials, those signaling the security or insecurity of an internet connection, or those communicating a potential risk to the driver. Conversely, visual elements that act as "quality seals" and highlight good practices (e.g., "Processing of data within Europe or a third country with a sufficient level of data protection" 64 ) also can be very informative for users' decisions about their privacy.
Given the ontology of concepts used as a methodological framework to create the icons, DaPIS depicts individual concepts that cover the different ontological classes. This choice allows practitioners and researchers to devise and explore automated or semi-automated concept-mining techniques that recognize where a certain subject is described in a text and that display the corresponding icons, serving the function of information-markers. However, this approach is feasible only in standardized, wellstructured privacy policies, where each thematic section covers one topic. Moreover, the adoption of companion elements reflects a deliberate, cautious position about the interpretability of icons. Instead of trying to completely replace the legal text, the aim is to attract the data subject's attention and to aid in the navigation of long legal documents, thus supporting the reader's interpretation through a combination of textual and pictorial cues.
Another fundamental reason to adopt icons representing individual concepts is that providing any kind of decontextualized judgment about the lawfulness or riskiness of a legal practice might be problematic. 65 Sentence-level icons arguably could be more informative and thus more helpful for data subjects' privacyrelated decisions, but they also would entail an interpretation about the goodness of such practices and thus would interfere with the autonomy and self-determination of individuals. Moreover, indicating the riskiness of a certain practice per se and a priori can be a questionable choice, given that context is key to determine the level of risk. For example, profiling might be problematic if used for price discrimination, but it might be considered useful and even desirable if aimed at providing targeted special offers. Moreover, research has demonstrated that privacy preferences vary greatly 66 ; what is considered invasive by one person might be considered acceptable by another.
In addition, even the adoption of such icons by data controllers might be troublesome. The GDPR states that the data controller decides whether to use icons in combination with written information to comply with the transparency obligation. Expecting that a service provider would deliberately warn its users about practices that they would find unfavorable is unreasonable. 67 However, third-party services that provide visual indicators for the data protection practices of data controllers offer an alternative solution. For instance, Terms of Service; Didn't Read (ToS;DR) uses crowdsourcing to analyze privacy policies and so to provide the visual ratings 68 ; meanwhile, Polisis uses deep learning. 69 Both third-party solutions can be contested because they reflect mediated interpretations (by non-expert humans and by artificial intelligence that was trained on manually annotated data, respectively) and might therefore be subject to error. However, some scholars maintain that this approach represents a viable manner to implement an actual "informed consent" and are starting to investigate this research direction. 70 For all these reasons, a multi-stakeholder discussion with policy-makers, the public, and regulated organizations is advisable. The European Commission, service providers, citizens, consumer associations, practitioners, and researchers and scholars from disciplines including design, philosophy of law, psychology, behavioral economics, and neuroscience should be involved in determining the function that GDPR icons should have, according to the function they intend to serve and goal they intend to achieve.

The Challenge of Icon Evaluation 71
Icons do not necessarily foster comprehension of the concepts they represent, although many assume they do. Ease of an icon's interpretation depends on well-defined characteristics, such as semantic distance (also defined as level of arbitrariness). Concrete icons are easily recognizable even at users' first exposures; meanwhile, the meaning of arbitrary icons has to be learned rather than inferred. 72 In the latter case, immediate comprehension is impossible to reach: Rather, as familiarity increases with repeated exposures, recognition rates do as well. In addition, familiarity has a dual nature 73 : It involves both previous knowledge of the concept (e.g., the concept of "geolocalization") and previous experience with its visual representation (e.g., the omnipresent pin icon). Furthermore, because individual characteristics, such as cultural background, age, and domain expertise, affect how knowledgeable users are in the legal and technical area, they also can influence ease of icon interpretation.
Such factors challenge standard international methods of icon evaluation, which are appropriate only if the concept represented in the icon is known to the interpreters. 74 The ISO standard for testing symbols whose referents are unknown also presents some limitations, as we have maintained elsewhere. 75 Such evaluation does not measure the learnability of an icon system in context and is exclusively based on quantitative methodologies. Longitudinal studies using a mixed methods approach would probably be more informative about the effectiveness of icons and more methodologically sound. 76 Providing contextual cues that mirror the actual use situation of the icons is crucial to ease the interpretation process during icon assessment by users. Without taking into consideration familiarity and without providing the intended context of use, low recognition scores would mistakenly indicate that re-design and further testing are necessary. 77 Indeed, the few existing studies on the efficacy of data protection icons have overlooked such dimensions; as a result, most of the visual elements have been discarded, based on the low recognition rates of icons that represent unfamiliar concepts or that are displayed without sufficient context. 78 Appropriate evaluation techniques should be used to determine whether icons are effective in other roles in legal contexts. If icons are to be used as navigation cues in privacy policies, then the need is to evaluate whether users can find specific pieces of information in these documents (i.e., effectiveness); whether they can do so more easily, or more quickly (i.e., efficiency); and whether they give a better user experience (i.e., more satisfaction and less frustration) than in text-only documents. If icons should unambiguously indicate the presence or absence of a certain data practice, then there should be evaluation as to whether users comprehend these dualities. If icons should warn users against risky or unfair data processing, the evaluation focuses on their noticeability and their influence on users' decision-making process (e.g., the choice of a certain service over another).
Our team has evaluated the DaPIS icons' legibility and comprehensibility. Legibility assessment concerns the ease of recognition of the single elements that compose the icons and influences the ease of recognition of the icon as a whole. We established two evaluation criteria for this comprehensibility assessment: first, a subjective estimation of the fit for correspondence between visual representation and underlying concept; and second, whether the interpreter was able to speculate about the underlying motivations for a certain icon choice, even if its meaning was not immediately comprehensible at the first exposure.
The overall results indicate that the icons with higher levels of concreteness and familiarity are more easily recognizable, while those that try to represent abstract or unfamiliar notions were difficult to understand. The results provide a first, elementary indication of which visual elements are more recognizable and which concepts are more widely known. 79 In addition, more rigorous assessments of DaPIS must be carried out, including on dimensions such as visibility, ease of learning, culture-independence, and discriminability. 80 In particular, DaPIS needs to be evaluated according to its function as information markers in a privacy policy. Investigating whether icons can compose the first layer of a layered approach, providing in an "easily visible, intelligible, and clearly legible manner a meaningful overview of the intended processing" and of consent requests, also is necessary. 81 Further research also should be devoted to the design of information and privacy indicators on small screens, such as tablets and smartphones, but also internet of things (IoT) devices without screens and in surveillance environments.

The Challenge of Universal Interpretation
For the reasons already explained, expectations that icons can be uniformly and immediately understood by any user must be approached with due precautions. 82 Nevertheless, widespread recognition can be facilitated by supporting initiatives toward international visual standardization and toward the education of data subjects.
Educational measures could be included in the development of the fundamental digital skills envisioned by the European Digital Framework for Citizens (DigComp). 83 Already included are skills related to privacy, security, and data protection. The long-term goal is to raise awareness and develop a shared culture on such topics. In the specific context of icon research, such a step arguably would be beneficial to augment familiarity and recognition rates. However, expecting icons to increase people's understanding of data protection issues and to solve the critical transparency problems that privacy-related communication classically poses is simply wrong. In this respect, many other design-based interventions can be developed and experimented with. 84 International standardization is also a necessary step and has a twofold objective. First, it seeks to limit the proliferation of concurrent icon sets that, after a constructive initial phase of divergent creation, becomes an obstacle to widespread recognition and implementation. 85 Second, it seeks to increase familiarity with the visual language and the underlying concepts and hence to increase the ease of recognition. Research efforts to create and evaluate a reliable icon system are increasing internationally 86 ; but deciding on one icon set should eventually be the goal, leading to widespread and uniform use, supported by influential actors, such as major companies of the digital economies. Moreover, only the European Commission's adoption of delegated acts can establish the object of representation, the function of icons, and the elements of the icon set-possibly with the prior involvement of experts, the consideration of the outcomes of empirically based international studies, and provision of the necessary infrastructure for those international studies.

Conclusions and Future Work
Can visual design effectively communicate relevant privacy and data protection aspects to members of the public? Can this communication improve data subjects' decision-making about data privacy and the use of their legal rights under the GDPR? This piece provides an overview of the main research challenges posed by the development and evaluation of a data protection icon set, enshrined by the GDPR as a transparency-enhancing mechanism. However, much research lies ahead. The adoption of delegated acts is urged by EU Member States 87 ; however, the European Commission should not hurriedly choose one code of icons without appropriate evidence supporting its efficacy for the stated purposes. Instead, the EU Commission should welcome, scrutinize, and even include in its decision-making the outcomes of initiatives that have been supported by a powerful methodology, that present trustworthy and generalizable results, and that involve stakeholders representing various sectors of society, including industrial partners whose endorsement, acceptance, and application of a specific icon set across and beyond the EU borders is crucial. Furthermore, more concerted efforts should be dedicated to the design of a holistic methodology that combines several evaluation indexes (e.g., comprehensibility, learnability, and culture independence). 88 Without such endeavors, haphazard adoption of one set of icons presents significant risks, including reversal of the GDPR's praiseworthy efforts to enhance transparency and to rebalance digital asymmetries between data subjects and data-gathering organizations.