A Visualization Approach for Adaptive Consent in the European Data Protection Framework

For the first time in the history of European data protection law, the use of visualizations and especially of icons is explicitly suggested as a way to improve the comprehensibility of the information about data handling practices provided to the data subjects, which plays a crucial role to obtain informed consent. Privacy icon sets have already been developed, but they differ in the kinds of information they depict and in the perspectives they embed. Moreover, they have not met widespread adoption, one reasons being that research has shown that possibility of misinterpretation of these symbols. Our research relies on legal Semantic Web technologies and principles drawn from legal design and Human Computer Interaction to propose visualizations of privacy policies and consent forms. The final aim is to enhance the communication of data practices to users and to support their decision about whether to give or withhold consent.

[1]  Helena Haapio,et al.  Innovating Contract Practices: Merging Contract Design with Information Design , 2013 .

[2]  Lennart E. Nacke,et al.  From game design elements to gamefulness: defining "gamification" , 2011, MindTrek.

[3]  John Sören Pettersson A Brief Evaluation of Icons in the First Reading of the European Parliament on COM (2012) 0011 , 2014, Privacy and Identity Management.

[4]  Lorrie Faith Cranor,et al.  Harder to Ignore? Revisiting Pop-Up Fatigue and Approaches to Prevent It , 2014, SOUPS.

[5]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[6]  Ergonomic requirements for office work with visual display terminals ( VDTs ) — Part 11 : Guidance on usability , 1998 .

[7]  Andrei Marmor The Language of Law , 2014 .

[8]  Lorrie Faith Cranor,et al.  Disagreeable Privacy Policies: Mismatches between Meaning and Users’ Understanding , 2014 .

[9]  Colette Brunschwig Legal Design and e-Government: Visualisations of Cost & Efficiency Accounting in the wif! e-Learning Environment of the Canton of Zurich (Switzerland) , 2002, EGOV.

[10]  Daniel J. Solove,et al.  Privacy Self-Management and the Consent Dilemma , 2012 .

[11]  M. Rundle International Personal Data Protection and Digital Identity Management Tools , 2006 .

[12]  Lorrie Faith Cranor,et al.  A Design Space for Effective Privacy Notices , 2015, SOUPS.

[13]  Helena Haapio,et al.  Transforming contracts from legal rules to user-centered communication tools: a human-information interaction challenge , 2013, CDQR.

[14]  Maria Angela Biasiotti,et al.  Semantic Resources for Managing Legislative Information , 2011 .

[15]  Colette R. Brunschwig Visualisierung von Rechtsnormen : legal design , 2001 .

[16]  Frederick Liu,et al.  The Creation and Analysis of a Website Privacy Policy Corpus , 2016, ACL.

[17]  Ruoming Jin,et al.  Decision Trees: Theory and Algorithms , 2014, Data Classification: Algorithms and Applications.

[18]  Stefania Passera,et al.  Enhancing Contract Usability and User Experience Through Visualization - An Experimental Evaluation , 2012, 2012 16th International Conference on Information Visualisation.

[19]  Corien Prins,et al.  Privacy for the Homo Digitalis: Proposal for a New Regulatory Framework for Data Protection in the Light of Big Data and the Internet of Things , 2016 .

[20]  Tonya L Smith-Jackson,et al.  Research-based guidelines for warning design and evaluation. , 2002, Applied ergonomics.

[21]  Marit Hansen Putting Privacy Pictograms into Practice - a European Perspective , 2009, GI Jahrestagung.

[22]  Jens Grossklags,et al.  What Can Behavioral Economics Teach Us about Privacy , 2008 .

[23]  Marit Hansen,et al.  Towards Displaying Privacy Information with Icons , 2010, PrimeLife.

[24]  Fabio Vitali,et al.  Akoma-Ntoso for Legal Documents , 2011 .

[25]  M. Calo Against Notice Skepticism In Privacy (And Elsewhere) , 2011 .

[26]  Eduard Hovy,et al.  Demystifying Privacy Policies with Language Technologies : Progress and Challenges , 2016 .

[27]  Colin Ware,et al.  Information Visualization: Perception for Design , 2000 .

[28]  Guido Governatori,et al.  The Journey to Business Process Compliance , 2009, Handbook of Research on Business Process Modeling.

[29]  D. Norman The Design of Everyday Things: Revised and Expanded Edition , 2013 .

[30]  Guido Governatori,et al.  LegalRuleML: Design Principles and Foundations , 2015, Reasoning Web.

[31]  Noah A. Smith,et al.  The Usable Privacy Policy Project : Combining Crowdsourcing , Machine Learning and Natural Language Processing to Semi-Automatically Answer Those Privacy Questions Users Care About , 2014 .

[32]  Michael Weber,et al.  Context-Adaptive Privacy: Leveraging Context Awareness to Support Privacy Decision Making , 2015, IEEE Pervasive Computing.

[33]  Norman M. Sadeh,et al.  PrivOnto: A semantic framework for the analysis of privacy policies , 2017 .

[34]  Ronald Leenes,et al.  Final HCI Research Report , 2013 .

[35]  Michael Curtotti,et al.  Making the Meaning of Contracts Visible – Automating Contract Visualization , 2014 .