DaPIS: an Ontology-based Data Protection Icon Set Monica Palmirani*, Arianna Rossi* Law via the Internet Florence, October 11, 2018 *CIRSFID, University of Bologna; ICR, University of Luxembourg
The information paradigm Right to be informed: And to be in control of our personal data: I have no idea of what is written here, but I AGREE 2. Problems with the information paradigm
Hurdles to effective privacy communication Wrong audience Wall of text Onslaught of notices Wrong timing Document s length 2. Problems with the information paradigm
The right to transparent information in the GDPR Art. 12: Machine-readable, standardised icons for an easily visible, intelligible and clearly legible overview of the intended processing 3. Transparency in the GDPR
Behavioural insights in the GDPR The concept of transparency in the GDPR is user-centric rather than legalistic. Article 29 Data Protection Working Party Guidelines on Transparency 2018 3. Transparency in the GDPR
From law to code to visualizations Lawyer-readable Machine-readable Human-readable
PrOnto: the Privacy Ontology Legal bases Data Data are processed Purposes Agents Data are processed for a specific purpose Have obligations Have rights Processing operations Rights & obligations 4. PrOnto: the Privacy Ontology
4. PrOnto: the Privacy Ontology Data
PrOnto: the Privacy Ontology Right to be informed Right to access Right to data portability Rights of the data subject Right to erasure Agents & Roles Processing operations 4. PrOnto: the Privacy Ontology Legal bases Processing purposes
Concept mining in privacy policies Consent Profiling Data subjects rights 5. Law, Code & Visualizations
Automatic retrieval of icons Consent Profiling Data subjects rights 5. Law, Code & Visualizations
DaPIS: Data Protection Icon Set Right to be informed Right to access Right to data portability Rights of the data subject Right to erasure Agents & Roles Processing operations 4. PrOnto: the Privacy Ontology Legal bases Processing purposes
Representation of data protection concepts and their interpretation Icon Representation Interpretation Concept Transfer of personal data outside the EU Knowledge Interpretant 6. Symbols and semiotics
Is a picture worth a thousand words? 6. Symbols and semiotics
No shared visual vocabulary for legal matters 6. Symbols and semiotics
6. Symbols and semiotics Some shared visual vocabulary from GUIs & cybersecurity
Legal Design Legal Design is an interdisciplinary approach to apply human-centered design to prevent or solve legal problems. M. Hagan, Legal Design Lab, Stanford Law School It prioritizes the point of view of users of the law not only lawyers and judges, but also citizens, consumers, businesses, etc. Legal Design Manifesto 2018 7. Legal Design
The design cycle M. Hagan, Law by Design, http://lawbydesign.co/ 7. Legal Design
DaPIS s design cycle Exploratory design workshop @Legal Design Lab, Stanford Law School 2nd evaluation @UNIBO Law&Design for Privacy @UNIBO with Academy of Arts 1st evaluation @Legal Design Lab, Stanford Law School 8. DaPIS: the Data Protection Icon Set Law&Design for Privacy @CIRSFID with Academy of Arts 3rd evaluation online
Agents & roles Data subject Supervisory authority Data controller 8. DaPIS: the Data Protection Icon Set
Data subjects rights Right to be informed Right to erasure Right to rectification Right to access 8. DaPIS: the Data Protection Icon Set
Processing purposes Provision of the service Service enhancement Research purposes Statistical purposes Security Profiling Direct marketing 8. DaPIS: the Data Protection Icon Set
Processing operations Anonymization Automated decision-making Pseudonymization Copying Encryption 8. DaPIS: the Data Protection Icon Set
Data storage and data transfer Data storage in the EU Transfer outside of the EU 8. DaPIS: the Data Protection Icon Set
Clear symbols versus unclear symbols? Transfer outside of the EU Provision of the service Problems: Necessity of standardization & education Representation: precision versus usability 8. DaPIS: the Data Protection Icon Set
9. Context of use Context of use privacy policies
Context of use multi-layered approach 9. Context of use
Context of use conditions & consequences 9. Context of use
10. Conclusions Check it out: https://www.legaldesignalliance.org/
10. Conclusions A network of legal information