The development of a «visual language for privacy data rights» [Popova 2011] has been pursued by many to represent in a straightforward manner relevant information about data practices,1 as opposed to the lengthy, tedious privacy policies that are either disregarded or not understood [European Commission 2015]. Most importantly, Article 12(7) of the General Data Protection Regulation2 suggests privacy icons3 «to give in an easily visible, intelligible and clearly legible manner a meaningful overview of the intended processing». However, graphical symbols show a limited ability to convey abstract or complex meanings [Etsi 1998], such as data protection concepts. Furthermore, images are not necessarily universally understood [Esayas 2016], especially when they don’t depict concrete objects or actions, but are rather arbitrary symbols. Indeed, a few user studies emphasized that a chance of misinterpretation of privacy icons exists [Holtz 2010, Pettersson 2014], when the designer’s intention does not meet others’ understanding of the symbol.
Project Overview: Machine-Readable, Standardized, Visual Elements for Privacy Policies ^
The methodology for the generation of machine-readable, standardized, effective privacy icons is part of a project that aims to visualize key notions of privacy disclosures in a semi-automatic manner [Rossi/Palmirani 2017]. Technologies such as LegalDocML6 and ontologies [Biasiotti 2011] convert legal knowledge into a machine-readable representation that can be, in turn, transformed into a visual representation. Namely, the semantics of legal terms can be captured by the mark-up, which can be linked to an ontology, where concepts of a specific domain, alongside their corresponding visual representation, are formally codified. Specific semantic content of legal texts can, thus, be semi-automatically visualized to make these documents more informative.
Analysis of Legal Requirements ^
The first step of this approach is an analysis of the legal requirements, e.g. transparency. Article 12 GDPR grants permission to use icons, rather than other visual elements, to communicate data practices. Articles 13–14 GDPR detail the exact pieces of information that must be provided, e.g. the processing purposes. Whilst a human-centered design approach favours exploration, experimentation, and the analysis of users’ needs to steer the design process, in this case it is the law to mandate what information must be provided and how.
Formalization of Legal Knowledge ^
Participatory, Human-Centered Design to Convert Formal Knowledge into Visuals ^
A participatory, multidisciplinary design workshop was held in July 2017 at Stanford University [Legal Design Lab 2017] to create icons for the key data protection notions defined in the ontology. Different visual alternatives were generated, discussed, and concretized in prototypes. The icons were iteratively tested with small samples of individuals to evaluate their level of comprehensibility and to gather alternatives. At the end, some design principles for the visual communication of complex techno-legal concepts were formulated. A data protection icon set was developed afterwards by a graphic artist that followed these guidelines.7
Empirical Evaluation ^
Limitations and Conclusions ^
Berger-Walliser, Gerlinde/Barton, Thomas D./Haapio, Helena, From Visualization to Legal Design: a Collaborative and Creative Process. American Business Law Journal, Vol. 54, No. 2, Summer 2017, pp. 347–392.
Biasiotti, Maria Angela, Semantic Resources for Managing Legislative Information. In: Sartor, Giovanni, Palmirani, Monica, Francesconi, Enrico & Biasiotti, Maria Angela (Eds.), Legislative XML for the Semantic Web: Principles, Models, Standards for Document Management, Springer, Berlin, Heidelberg, 2011.
Brunschwig, Colette, Visualisierung von Rechtsnormen: Legal Design. Schulthess. Zürich, Schweiz. 2001.
Esayas, Samson/Mahler, Tobias/McGillivray, Kevin, Is a Picture Worth a Thousand Terms? Visualising Contract Terms and Data Protection Requirements for Cloud Computing Users. International Conference on Web Engineering, Springer, Berlin, Heidelberg 2016, pp. 39–56.
Etsi, Human Factors (HF); Framework for the Development, Evaluation and Selection of Graphical Symbols, 1998. http://www.etsi.org/ (accessed on 27 December 2017).
European Commission/Directorate-General for Justice and Consumers/Directorate-General for Communication, Special Eurobarometer 431: Data Protection, TNS Opinion and Social, S2075_83_1_431_ENG, 2015. https://data.europa.eu/euodp/en/data/dataset/S2075_83_1_431_ENG (accessed on 23 December 2017).
European Parliament/Council of European Union, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). O.J. L 119, 4.5.2016, p. 1–88.
Hagan, Margaret, Law by Design, 2017. http://lawbydesign.co (accessed on 2 January 2018).
Hansen, Marit, Putting Privacy Pictograms into Practice – a European Perspective. GI Jahrestagung Vol.154, 2009, pp. 703–716.
Holtz, Leif-Erik/Nocun, Katharina/Hansen, Marit, Towards Displaying Privacy Information with Icons. In: Camenisch, Ian, Crispo, Bruno, Fischner-Hubner, Simone, Leenes, Ronald & Russello, Giovanni (Eds.), IFIP PrimeLife International Summer School on Privacy and Identity Management for Life. Springer, Berlin, Heidelberg 2010, p. 338–348.
Legal Design Lab, Design Workshop for EU General Data Protection Regulation, July 2017, http://www.legaltechdesign.com/design-workshop-for-eu-general-data-protection-regulation/.
Palmirani, Monica/Martoni, Michele/Rossi, Arianna/Bartolini, Cesare/Robaldo, Livio, PRONTO: Privacy Ontology for Legal Reasoning. Proceedings of the 21st International Legal Informatics Symposium IRIS 2018. Österreichische Computer Gesellschaft OCG / email@example.com, forthcoming.
Passera, Stefania, Beyond the Wall of Contract Text. Visualizing Contracts to foster Understanding and Collaboration Within and Across Organizations. Doctoral Dissertation, Aalto University, Helsinki, 2017.
Pettersson, John Soren, A Brief Evaluation of Icons in the First Reading of the European Parliament on COM (2012) 0011. In: Camenisch, Ian, Crispo, Bruno, Fischner-Hubner, Simone, Leenes, Ronald & Russello, Giovanni (Eds.), IFIP PrimeLife International Summer School on Privacy and Identity Management. Springer, Berlin, Heidelberg 2014, pp. 125–135.
Popova, Maria, Mozilla’s Privacy Icons: a Visual Language for Privacy Data Rights, 2011. http://bigthink.com/design-for-good/mozillas-privacy-icons-a-visual-language-for-data-rights.
Rossi, Arianna/Palmirani, Monica, A Visualization Approach for Adaptive Consent in the European Data Protection Framework. In: Parycek, Peter & Edelmann, Noella (Eds), Proceedings of the 7th International Conference for E-Democracy and Open Government (CeDEM), Krems, Austria 2017, p. 159–170.
Rossi, Arianna/Palmirani, Monica, From Words to Images through Legal Visualizations. AI Approaches to the Complexity of Legal Systems, Springer, Berlin, Heidelberg, forthcoming.
- 1 See e.g. Hansen 2009, Holtz 2010. For a review, see Rossi/Palmirani 2017.
- 2 European Parliament/Council of European Union 2016. Hereafter: GDPR.
- 3 The literature generally refers to icons depicting concepts related to data practices as «privacy icons». However, they mostly represent concepts of data protection so the term is inexact. In the present article, the expression «privacy icons» will be used interchangeably with the expression «data protection icons» and analogous terms.
- 4 Similarly, for a methodology to generate legal visualizations of norms, see Brunschwig 2001.
- 5 See also Rossi/Palmirani forthcoming.
- 6 https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=legaldocml (all websites accessed in January 2018).
- 7 See http://www.gdprbydesign.cirsfid.unibo.it.
- 8 See the seminal work of [Passera 2017].
- 9 See e.g. Etsi 1998.