Nobody reads privacy policies. They are long, complex and tedious documents. Too often these agreements are not drafted to be read and understood by non-experts: they are rather written by lawyers for lawyers. This is why the General Data Protection Regulation (GDPR) introduces user-centered transparency requirements for the provision of information about data practices.

For example, the GDPR recommends to provide such information in combination with machine-readable icons “in order to give in an easily visible, intelligible, and clearly legible manner a meaningful overview of the intended processing” (Article 12.7). Indeed, research shows that visual communication can help individuals to navigate and make sense of cumbersome legal texts.

Our research questions are:

  • What should such icons represent?
  • Which unique features have icons with respect to other kinds of visualizations?
  • Which challenges to creation and interpretation do icons present?
  • What is the function and context of use of data protection icons?
  • Which existing technologies can be used to create machine-readable icons?
  • Do icons enhance individuals’ navigation and understanding of privacy policies?