Nobody reads privacy policies. They are long, complex and tedious documents. Too often these agreements are not drafted to be read and understood by non-experts: they are rather written by lawyers for lawyers. This is why the General Data Protection Regulation (GDPR) introduces user-centered transparency requirements for the provision of information about data practices.
For example, the GDPR recommends to provide such information in combination with machine-readable icons “in order to give in an easily visible, intelligible, and clearly legible manner a meaningful overview of the intended processing” (Article 12.7). Indeed, research shows that visual communication can help individuals to navigate and make sense of cumbersome legal texts.
Our research questions are:
- What should such icons represent?
- Which unique features have icons with respect to other kinds of visualizations?
- Which challenges to creation and interpretation do icons present?
- What is the function and context of use of data protection icons?
- Which existing technologies can be used to create machine-readable icons?
- Do icons enhance individuals’ navigation and understanding of privacy policies?