Jusletter IT

For a long time, conventional wisdom saw doctors and lawyers serve an ex post function: you get sick, you go to a doctor. You get sued or have a serious legal problem, you go to a lawyer. There is still need for legal care after a problem has arisen, but reactive legal work is no longer the only way to go. Instead of firefighting and problem solving, many lawyers today work proactively, even anticipatorily. This is true especially in the development of privacy solutions and legal technology. Like designers and engineers, lawyers in these contexts work ex ante, as part of a team, seeking to build useful artefacts that  that provide legal protection by design, promote clients’ chances of success, and prevent unnecessary problems. This way of working can be framed as practicing Preventive Law [Brown 1950] or Proactive Law [Siedel/Haapio 2010]. It can also be framed as practicing Legal Design [Legal Design Alliance n.d.].

Legal Design is an interdisciplinary approach to apply human-centered design to prevent or solve legal problems. It prioritizes the point of view of «users» of the law – not only lawyers and judges, but also citizens, consumers, businesses, etc. In many areas of Legal Tech and privacy, the architecture choices of those that design information, interfaces, systems, and experiences can have a significant impact on the people using such artefacts. Research and practice confirm that the people who use legal information, documents, services, and policies are not being served well by their current design [Legal Design Alliance n.d.]. Legal Design seeks to change this. Where legal technologists or privacy professionals seek to provide better legal communications, systems, or solutions, they can find allies in the emerging field of Legal Design.

Ethical values such as fairness, accountability, transparency, intelligibility, informational self-determination, privacy, individual empowerment, and mitigation of biases and of discrimination have become predominant keywords in the technological advancement of the last few years and set the agenda for future technological development [ICDPPC 2018]. Such values attempt to drive, or at least influence, the research that is harvesting the power of artificial intelligence (AI) based on massive amounts of personal and non-personal data. Although research in AI might be the most active field where the embedding of human values and legal principles in technological implementations is currently discussed, research about guiding values in engineering and design is long-standing and embraces a number of different domains. This paper focuses on Value-Sensitive Design, and specifically on Privacy by Design, transparency, and choice architecture for the data protection domain, analyzed through the lenses of Legal Design.

There is a growing need for easy-to-use solutions, on the one hand, and for protecting the users, on the other. Legal designers can bring a new perspective by identifying and making different expectations and requirements visible early on, helping embed them from the beginning into the design specifications, building in navigation tools, affordances and signifiers, and asking questions such as: How can we make privacy communication work better? How can we visualize and simplify things? How can we secure successful and compliant implementation?

In the following we seek similarities between the Proactive and Preventive Law approach  (Section 2) and Privacy by Design (Section 3). Such parallelism leads to the definition of Value-Sensitive Design and its relevance for the theorization and applications of Legal Design, with a focus on participatory design methods (Section 4). Practical examples about the importance of design for the value of transparency (Section 5) and regulatory compliance will also be provided, by devoting special attention to those design patterns that foster privacy and transparency but also to deceptive design patterns that intentionally deceive users (Section 6).

In conventional legal scholarship, much of the discussion has been about interpreting legal requirements and applying them to an existing problem or conflict situation. Proactive legal thinking, instead, seeks to use legal skills and knowledge ex ante, in advance, so that the actors reach their goals and prevent problems and conflicts from arising. The Nordic School of Proactive Law [n.d.] defines Proactive Law as «a future-oriented approach to law placing an emphasis on legal knowledge to be applied before things go wrong. It comprises a way of legal thinking and a set of skills, practices and procedures that help to identify opportunities in time to take advantage of them – and to spot potential problems while preventive action is still possible. In addition to avoiding disputes, litigation and other hazards, Proactive Law seeks ways to use the law to create value, strengthen relationships and manage risk.»

The preventive and promotive dimensions of the proactive approach are grounded in psychological theory [Higgins Lab 2013] and have borrowed concepts from medicine and healthcare. In the context of practicing law, the idea of prevention was first introduced by Louis M. Brown, a US attorney and law professor. One of his fundamental premises was that in curative law it is essential for the lawyer to predict what a court will do, while in Preventive Law it is essential to predict what people will do [Brown 1950 and 1986; Brown/Dauer 1978].

Using the medical analogy, in the proactive approach, the focus is not just on preventing problems or «legal ill-health»; the goal is to promote «legal well-being». The approaches specifically called Proactive Contracting and Proactive Law emerged in the Nordic countries in the late 1990s and early 2000s. In the context of contracting, the pioneers of the approach merged quality and risk management principles with Preventive Law, thereby adding the promotive dimension to the preventive dimension. This laid the conceptual foundation for a new way of thinking: «proactivity = prevention plus» or «proactive = preventive plus promotive» [Haapio 2013].

In the context of in-house and transactional lawyering, much of the lawyer’s work today is about the future: helping to build platforms, systems, or solutions which enable and empower the actors – including people without legal background – do their job, so that complying with legal requirements is built-in, and, where people are involved, easy to do. The time for legal help is when there is a need to plan a platform, notice, disclosure, or a set of terms, or to guide and shape dealings, practices, or relationships. In this way, much of the work of proactive lawyers is invisible: when the systems and solutions to-be and the instruments to-be-developed work for their users, there is no need for «the law» or reactive legal help. Instead, the lawyers’ focus is on supporting collaboration, driving desirable outcomes, creating opportunities, and preventing problems before they arise. This requires communications, policies, contracts, and processes that make sense for the people who work with them. The goal is to create functional, readable, usable, and engaging artefacts that users can understand and put into practice, without experiencing information overload.

A proactive attitude characterizes the Privacy by Design approach. In the past, privacy and data protection have been often considered as a hindrance to business and technological development or, at best, as an afterthought [Cavoukian 2011] that occurred after the last stage of implementation of a technology. The Seventies saw the emergence of Privacy Enhancing Technologies (PETs), a set of technological solutions aimed to minimize privacy risks, by focusing on effective ex ante protection, instead of focusing on ex post remedies [Hartzog 2018]. This paved the way to the emergence of the now renowned concept of Privacy by Design, popularized by [Cavoukian 2011]: privacy requirements should be embedded early on in the architecture and throughout the design of a certain system and business model [EDPS 2018]. Even the concept of privacy by default is meeting acceptance, since it provides that no active action from the user is expected to protect her privacy. On the contrary, her privacy is automatically (i.e. by default) granted: the inactivity of the user does not preclude her from being protected from privacy-invasive practices. Such inactivity and the natural tendency of human beings to stick to the status quo (i.e., the status quo bias) have been exploited for long time to gather personal data from inadvertent data subjects, for instance through the extensive use of pre-ticked boxes in consent forms.

The introduction of data protection by design and data protection by default in Article 25 of the General Data Protection Regulation (GDPR) reflects the reception of such proactive principles into European law and provides that data controllers develop measures to integrate data protection safeguards from the design stage throughout the whole processing in compliance with the GDPR and the data subjects’ rights. Indeed, rather than an afterthought, data processing and relative protections should be the «outcome of a design project» [EDPS 2018, p. 6] oriented to achieve the principles set out in Article 5: lawfulness, fairness, and transparency. In this case, the value of privacy is associated with other values: as some other examples below will also reveal, it is not rare for one value to trigger the promotion of other values.

Privacy by Design shares many assumptions with Value-Sensitive Design [Friedman/Kahn 2007], also known as Design for Values [van den Hoven et al. 2015], an approach to the design of technology «that accounts for human values in a principled and comprehensive manner throughout the design process» [Friedman/Kahn 2007, p. 1186] and «proactively consider[s] human values throughout the process of technology design» [Davis/Nathan 2015, p. 11]. This approach argues that, while design artefacts are traditionally evaluated in terms of usability, reliability and correctness, also human values with ethical import (e.g. privacy, security, trust, accountability, transparency, informed consent, fairness, justice, human dignity, well-being, autonomy, etc.)¹ should be considered a central design criterion. Indeed, technological innovation always implicates human values [Friedman/Kahn 2007] and this view challenges the commonly upheld belief that design is the technical, value-neutral task to develop artefacts according to functional requirements [van den Hoven et al. 2015]. The embedding of values into an artefact defines the affordances and constraints of users and, thus, shapes their actions, their lives, and societies at large. For this reason, values should be articulated early on and throughout the design process, at the time when possibilities of intervention in the architecture are still relevant and less expensive (e.g. in terms of money, time) [van den Hoven et al. 2015]. Researchers and designers should therefore design proactively, meaning that they should identify ex ante the ethical concerns that could arise in the interaction with a certain artefact², instead of waiting for a problem to arise [Davis/Nathan 2015].

As legal designers, i.e. designers of legal artefacts and experiences, we maintain that Value-Sensitive Design can help us to direct our practice and our research. One of the purposes of Legal Design, as explicitly stated in the Legal Design Manifesto [LeDA 2018], is to add and generate value in our work («value-add»), instead of merely managing risk or exclusively taking into account economic considerations. Where the exact definition of which values must be contemplated and embedded in the design of a legal artefact is contextual (i.e., dependent on the stakeholders, the legal artefact, the place of use, etc.), such values can be defined democratically in participatory design processes through the involvement of all the stakeholders that will be impacted by the use of the artefact.

Among the value-centered design approaches, participatory design assumes central relevance as a «design methodology in which the future users of a design participate as co-designers in the design process» [van der Velden/Moertberg 2015, p. 41], as opposed to other design methods that keep distance between designers and prospective users. The underlying values of participation and democracy implicate an activity of mutual learning: co-designers learn from designers about design-specific operational ways, concerns, and constraints, while designers learn from co-designers about their activities and skills, and about the context of use of a certain artefact. Legal designers often resort to collaborative methods since they enable mutual understanding, broaden the perspectives of the designers, and reduce personal bias, while also fostering the development of creative solutions [Berger-Walliser et al. 2017]. Ultimately, Legal Design seeks to recompose the fracture that exists between the needs and goals of the «classical» users of the law, e.g., lawyers, judges, and regulators, on the one hand, and all the other users, e.g., citizens, consumers, and businesses, on the other hand [LeDA 2018]. One classical example that illustrates the distance between such different users is represented by privacy policies, which are generally drafted for a professional target audience, but do not serve the needs of the other individuals who will need to understand them to take conscious privacy-related decisions. In this case, values such as transparency and informed consent should be considered and embedded in the design of interactions that concern the gathering and processing of personal data [Friedman et al. 2005].

For instance, during the DaPIS project³ [Rossi, forthcoming], aimed at designing an icon set to enhance the transparency of communication of data protection notions, participatory design methods enabled the researchers to identify relevant stakeholders and to leverage their skills and experiences to create icons with legal meanings that would arguably reflect the different expectations and goals of the participants. Different groups of stakeholders, each with unique perspectives, objectives and priorities, were implicated in a cycle of participatory design workshops: legal experts, graphic designers, computer scientists, interested laypeople, and a few representatives of the business world. Clearly, different stakeholders held different values. For instance, while designers insisted on the simplicity and legibility of the icons to support usability and responsive design, legal experts maintained that detailedness of the icon had to be valued more highly to avoid oversimplification or misrepresentation of the underlying legal message. The argument given for this latter position concerned information transparency: only such visual elements that are not misleading can support data subjects in forming correct privacy-related mental representations. Collaborative prototyping enabled designers and co-designers to negotiate their positions in a shared design space [van der Velden/Moertberg 2015] and reach a mediated consensus on a satisfying solution.

Previous research in Value-Sensitive Design and Design for Values has highlighted a core set of values that overlap with some of the values that we, as legal designers, attempt to embed in our daily work. Transparency is a crucial value in many different contexts. It can assume different meanings, for instance to communicate the activities of organizations (e.g. companies and governments) or to support the users’ correct mental representation of the functioning of a system in human-computer interaction, thus making it easy for her to learn to understand and use a system. Transparency also assumes central relevance in processes to make the rules implemented in a system explicit and comprehensible, especially for regulatory compliance [Hulstijn/Burgemeestre 2015].

In the data protection domain, transparency figures among the foundational principles of Privacy by Design. It presumes that any data processing can be understood, reconstructed and, thus, explained. The current intense debate about explainable AI and automated decision making testifies the relevance of transparency in the modern data-driven world and its close connection with the values of fairness, accountability and trust⁴. The set of values for design in privacy also includes informed consent, which in turn contributes to supporting the values of trust and autonomy [Friedman/Kahn 2005]. Informed consent and transparency are not only values with ethical impact; they also become instrumental values in the moment that they are regulated by law [van der Velden/Moertberg 2015].

Transparency figures as one of the guiding principles to personal data processing in the GDPR (art. 5) and one of its implementation is information transparency. Article 12 explicitly delineates its attributes: the quality, accessibility, and comprehensibility of the information⁵ describing data practices assume an unprecedented importance to demonstrate compliance with the law. «The concept of transparency in the GDPR is user-centric rather than legalistic»  [Article 29 WP, 2018, p. 5]: the mere availability of information about data practices is ruled out as insufficient, while the specificity of the intended audience and the context of use assume vital importance when designing privacy communication. The common attitude around privacy communication has conventionally been reactive rather than proactive, with endless privacy policies covering any foreseeable eventuality. Privacy policies should not aim at dismissing liability, but should rather try to prevent problems and be genuinely communicative by reflecting through the transparency of their language and presentation the transparency of the processing that they describe. Like Privacy Enhancing Technologies and Transparency Enhancing Technologies [Milena et al. 2013], Legal Design patterns [Haapio et al. 2018; Rossi et al. 2019] offer operational ways to promote transparency and informed consent and, more in general, to translate the abstract principles of Privacy by Design and the regulatory requirements into applicable solutions.

Design-based approaches are classical regulatory instruments that aim to facilitate regulatory purposes, such as the promotion of individual and social good or the prevention of undesirable outcomes [Yeung 2015]. For instance, choice architecture [Sunstein 2014] can embed values in data-gathering technology to promote privacy-preserving behaviours, since «[d]esign decisions establish power and authority in a given setting. They influence societal norms and expectations. When people say they use modern information technologies, what they are really doing is responding to the signals and options that the technology gives them. […] Each design decision reflects an intent as to how an information technology is to function or be used.» [Hartzog 2018, p. 8].

Designers and engineers are «choice architects» [Hartzog 2018, p. 35]: they organize environments to guide people’s actions towards desired outcomes. It is crucial to recall the fact that choice architecture is inevitable [Sunstein forthcoming], especially in an online, device-mediated environment: «there is no such thing as a neutral design in privacy, security, or anywhere else» [Acquisti et al. 2017, p. 32–33]. Such reflections echo Lessig’s words [Lessig 2009] about the power, and consequent responsibility, that code writers bear in the shaping of our digital world: «[a]s the world is now, code writers are increasingly lawmakers. They determine what the defaults of the Internet will be; whether privacy will be protected; the degree to which anonymity will be allowed; the extent to which access will be guaranteed. They are the ones who set its nature» [p. 79].

Thus, as designers and legal designers, we must reflect on and foresee the consequences of our architectural choices. The provision of intelligible communication and the presence of information architecture in documents is a privacy-friendly design choice that promotes transparency, because it concretely supports the understanding of the data subject and the navigation of legal information. Similarly, privacy-preserving defaults and empowering user-friendly options are user-centric measures that are central tenets of the Privacy by Design approach, because they place the human being, rather than e.g. purely economic considerations, at the center of technology development, while giving her control over her data [Cavoukian 2011]. Such design-based approaches either «encourage individuals to prefer some choices over others», such as privacy-preserving behaviours, or «prevent or reduce the probability of the undesired outcome» [Yeung 2015, p. 544–545], such as personal data oversharing.

Design patterns [Haapio et al., 2018; Rossi et al., 2019] can help concretise values, such as transparency and privacy. However, they can also pursue the opposite aim: dark patterns are «malicious patterns that intentionally weaken or exploit the privacy of users, often by making them disclose personal data or consent against their real interest» [Bösch et al. 2016, p. 237] and «deprive them of their agency» [Forbrukerradet 2018, p. 7]. Common practice for service providers is represented by the obscure strategy that make it «hard or even impossible for data subjects to learn how their personal data is collected, stored, and processed» [Bösch et al. 2016]. Indeed, bad information design of privacy notices has deliberately, or simply out of unquestioned tradition, obscured information about data practices and data subjects’ rights and buried it into unintelligible and hard-to-navigate privacy policies [Rossi forthcoming]. Moreover, specific interface design choices, such as privacy-invasive default choices, nudge users to disclose personal information or to inadvertently give consent to certain processing activities on their data. Privacy risks can be downplayed by specific wordings, while the choice for privacy-preserving options can be discouraged by making it seem ethically questionable or insecure or by making such options harder and time-consuming to find and set [Forbrukerradet 2018]. This demonstrates that choice architecture can nudge users towards desirable privacy goals, but it can also be exploited to lure users into privacy-corrosive outcomes [Acquisti et al. 2017].

Although this paper has focused on privacy and data protection, many of its observations can be generalized to other domains as well. While extensive studies for data protection exist, also supported by new regulatory requirements and business innovation, research on how to embed values in other legal artefacts is still underrepresented. Within the Legal Design research and practice, we propose a proactive attitude as a central tenet to drive desirable outcomes for all the stakeholders [LeDA 2018] and to guide ethical and sustainable choices.

Proactive Legal Design seeks, in conclusion, to promote justice and human dignity: it can foster the legal literacy of individuals, by enabling them to understand how to use legal information, services, and policies, and how these apply to them, thus empowering people to become fully functional members of democratic societies⁶. The inclusion of all relevant stakeholders in the design process also promotes the democratic co-definition of the legal artefacts that will impact them. Transparency, autonomy, privacy, security, fairness, and accountability are among the central values that Legal Design can proactively promote in its everyday practice.

Acquisti, Alessandro/Adjerid, Idris/Balebacko, Rebecca/Brandimarte, Laura/Cranor, Lorrie faith/Komanduri, Saranga/Leon, Pedro Giovanni/Sadeh, Norman/Schaub, florian/Sleeper, Manya/Wang, Y, Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online. ACM Computing Surveys (CSUR), vol. 50(3), 2017, pp. 44.

Article 29 Working Party, Guidelines on Transparency under Regulation 2016/679, 17/ENWP260, April 2018.

Berger-Walliser, Gerlinde/Barton, Thomas B./Haapio, Helena, From Visualization to Legal Design: a Collaborative and Creative Process. American Business Law Journal, vol. 4(2), 2017, pp. 347-392.

Bösch, Christoph/Erb, Benjamin/Kargl, Frank/Kopp, Henning/Pfattheicher, Stefan, Tales from the dark side: Privacy dark strategies and privacy dark patterns. In: Proceedings on Privacy Enhancing Technologies 2016, No. 4, 2016, p. 237–254.

Brown, Louis M., Preventive Law. Prentice-Hall, Inc., New York, NY 1950.

Brown, Louis M., Lawyering through Life – The Origin of Preventive Law. Fred B. Rothman & Co, Littleton, CO 1986.

Brown, Louis M./Dauer, Edward A., Planning By Lawyers: Materials on Nonadversarial Legal Process.: The Foundation Press, Inc., Mineola, NY 1978.

Cavoukian, Ann, Privacy by Design in Law, Policy and Practice. A White Paper for Regulators, Decision-Makers, and Policy-Makers. 2011.

Davis, Janet/Nathan, Lisa P. 2015Value Sensitive Design: Applications, Adaptations, and Critiques. In: van den Hoven, Jeroen, Vermaas, Pieter, van den Poel, Ibo (Eds.), Handbook of Ethics, Values and Technological Design. Dordrecht Springer, 2015, pp. 11-40.

European Data Protection Supervisor (EDPS), Opinion 05/2018. Preliminary Opinion on Privacy by Design, May 2018. https://edps.europa.eu/sites/edp/files/publication/18-05-31_preliminary_opinion_on_privacy_by_design_en_0.pdf (accessed 6 January 2019).

Forbrukerradet, Deceived by Design. How Tech Companies Use Dark Patterns to Discourage Us from Exercising our Rights to Privacy, 2018. Available at: https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf (accessed 6 January 2019).

Friedman, Batya/Lin, Peyina/Miller, Jessica K., Informed consent by design. In: Simson, Garfinkel, Cranor, Lorrie Faith (Eds.), Security and Usability, O’Reilly Media, 2005, pp. 503–530.

Friedman, Batya/Kahn, Peter H., Human Values, Ethics, and Design. In: Sears, Andrew, Jacko, Julie A. (Eds.), The Human-Computer Interaction Handbook, CRC Press, 2007, ppp. 1223-1248.

Haapio, Helena, Next Generation Contracts: A Paradigm Shift. Lexpert Ltd, Helsinki 2013.

Haapio, Helena/Hagan, Margaret/Palmirani, Monica/Rossi, Arianna, Legal Design Patterns for Privacy. In: Schweighofer, Erich, Kummer, Franz, Saarenpää, Ahti & Schafer, Burkhard (Eds.), Data Protection / LegalTech. Proceedings of the 21th International Legal Informatics Symposium IRIS 2018. Editions Weblaw, Bern 2018, pp. 445-–450.

Hartzog, Woodrow, Privacy’s Blueprint: The Battle to Control the Design of New Technologies. Harvard University Press, Cambridge, 2018.

Higgins Lab, Research Areas: Regulatory Focus. Columbia University. http://higginsweb.psych.columbia.edu/research/#rf (accessed 7 January 2019).

Hulstijn, Joris/Burgemeestre, Brigitte, Design for the Values of Accountability and Transparency. In: van den Hoven, Jeroen, Vermaas, Pieter, van den Poel, Ibo (Eds.), Handbook of Ethics, Values and Technological Design. Dordrecht Springer, 2015, pp. 303-334.

ICDPPC, Declaration on Ethics and Data Protection in Artificial Intelligence. Brussels, 23^rd October 2018. https://icdppc.org/wp-content/uploads/2018/10/20180922_ICDPPC-40th_AI-Declaration_ADOPTED.pdf (accessed 28 December 2018).

Janic, Milena/Wijbenga, Jan Pieter/Veugen, Thijs, Transparency Enhancing Tools (TETs): an overview. In: Bella, G., Lenzini, Gabriele (Eds.), Proceedings of Third International Workshop on Socio-Technical Aspects in Security and Trust, IEEE, 2013, pp. 18-25.

Legal Design Alliance, LeDA, The Legal Design Manifesto v 1.0, https://www.legaldesignalliance.org/ (accessed 30 October 2018).

Lessig, Lawrence, Code and Other Laws of Cyberspace. ReadHowYouWant.com, 2009.

Nordic School of Proactive Law (NSPL), Mainpage, http://www.juridicum.su.se/proactivelaw/main/ (accessed 7 January 2019).

Rossi, Arianna, Legal Design for the General Data Protection Regulation. A Methodology for the Visualization and Communication of Legal Concepts. Alma Mater Studiorum Università di Bologna. Dottorato di Ricerca in Law, Science and Technology, 30 Ciclo, Forthcoming.

Rossi, Arianna/Ducato, Rossana/Haapio, Helena/Passera, Stefania/Palmirani, Monica, Legal Design Patterns: Towards a New Language for Legal Information Design. In: Proceedings of the 22nd International Legal Informatics Symposium IRIS 2019.

Siedel, George/Haapio, Helena, Using proactive law for competitive advantage, American Business Law Journal, Vol. 47, No. 4, 2010, p. 641–686. DOI:10.1111/j.1744-1714.2010.01106.x.

Sunstein, Cass R., Nudging: a very short guide. Journal of Consumer Policy, Vol. 37, No. 4, 2014, p. 583–588.

Sunstein, Cass R., Nudging and Choice Architecture: Ethical Considerations. Yale Journal on Regulation, forthcoming. Avaialble at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2551264.

Van Den Hoven, Jeroen/Vermaas, Pieter E./van de Poel, Ibo, Design for Values: an Introduction. In: van den Hoven, Jeroen, Vermaas, Pieter, van den Poel, Ibo (Eds.), Handbook of Ethics, Values and Technological Design. Dordrecht Springer, 2015, pp. 1-7.

Van Der Velden, Maja/Moertberg, Christina, Participatory Design and Design for Values. In: van den Hoven, Jeroen, Vermaas, Pieter, van den Poel, Ibo, Handbook of Ethics, Values and Technological Design. Dordrecht Springer, 2015, pp. 41-66.

Yeung, Karen, Design for the Value of Regulation. In: van den Hoven, Jeroen, Vermaas, Pieter, van den Poel, Ibo (Eds.), Handbook of Ethics, Values and Technological Design. Dordrecht Springer, 2015, pp. 447-472.