Abstract
Privacy policies inform on personal data collection and processing practices, allowing people to make informed decisions about a given service. However, they are difficult to understand due to their length and use of legal terminology. To address this issue, regulatory bodies propose the use of graphical representations for privacy policies. This paper reviews the development of current graphical and iconified representations for privacy policies. We conduct a literature study on existing iconified libraries, we categorise them and compare these libraries with regard to the specifications from the European General Data Protection Regulation (GDPR). The results of this paper show that currently no iconified library fully satisfies the criteria specified in the GDPR. Our major contribution lays in the actionable insights offered to researchers, policymakers, and regulatory bodies in an effort to develop standardised graphic and iconified representations of privacy policies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- 3.
- 4.
GDPR, Article 12(7).
- 5.
Adapted from the definition in Lexico, by Oxford Dictionary.
References
Cranor, L.F.: P3P: making privacy policies more useful. IEEE Secur. Priv. 1(6), 50–55 (2003)
Edwards, L., Abel, W.: The use of privacy icons and standard contract terms for generating consumer trust and confidence in digital services. Technical report, CREATe working paper series (2014). https://doi.org/10.5281/zenodo.12506
European Parliament: Compromise amendements on Articles 1-29. Technical report, COMP Article 1. 07.10.2013 (2013)
Fischer-Hübner, S., Zwingelberg, H., Bussard, L., Verdicchio, M.: UI prototypes: policy administration and presentation - version 2. Technical report (2010)
Hansen, M.: Putting privacy pictograms into practice - a European perspective. GI Jahrestagung 154, 1–703 (2009)
Helton, A.: Privacy commons icon set (2009). http://aaronhelton.wordpress.com/2009/02/20/privacy-commons-icon-set/. Accessed November 2019 through web archive
Holtz, L.E., Zwingelberg, H., Hansen, M.: Privacy policy icons. In: Privacy and Identity Management for Life, pp. 279–285. Springer (2011)
Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A nutrition label for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 4. ACM (2009)
Lämmel, R., Pek, E.: Understanding privacy policies. Empirical Softw. Eng. 18(2), 310–374 (2013)
Lannerö, P.: Fighting the biggest lie on the internet: common terms beta proposal. Metamatrix AB (2013). http://commonterms.org/commonterms_beta_proposal.pdf. Accessed November 2019
Mehldau, M.: Iconset für Datenschutzerklärungen (2007). https://netzpolitik.org/2007/iconset-fuer-datenschutzerklaerungen/. Accessed November 2019
Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017)
Proctor, R.W., Ali, M.A., Vu, K.P.L.: Examining usability of web privacy policies. Int. J. Hum.-Comput. Interact. 24(3), 307–328 (2008)
Raskin, A.: Privacy icons. http://www.azarask.in/blog/post/privacy-icons/. Accessed November 2019 through web archive
Rundle, M.: International data protection and digital identity management tools. In: Presentation at IGF 2006, Privacy Workshop I, Athens (2006). http://www.lse.ac.uk/management/research/identityproject/. Accessed November 2019
Schwartz, A.: Looking back at P3P: lessons for the future. Center for Democracy & Technology (2009). https://www.cdt.org/files/pdfs/P3P_Retro_Final_0.pdf. Accessed November 2019
Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the 4th ACM International Workshop on Security and Privacy Analytics, IWSPA 2018, pp. 15–21. ACM (2018). https://doi.org/10.1145/3180445.3180447
Zaeem, R.N., German, R.L., Barber, K.S.: PrivacyCheck: automatic summarization of privacy policies using data mining. ACM Trans. Internet Technol. (TOIT) 18(4), 53 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
de Jong, S., Spagnuelo, D. (2020). Iconified Representations of Privacy Policies: A GDPR Perspective. In: Rocha, Á., Adeli, H., Reis, L., Costanzo, S., Orovic, I., Moreira, F. (eds) Trends and Innovations in Information Systems and Technologies. WorldCIST 2020. Advances in Intelligent Systems and Computing, vol 1160. Springer, Cham. https://doi.org/10.1007/978-3-030-45691-7_75
Download citation
DOI: https://doi.org/10.1007/978-3-030-45691-7_75
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45690-0
Online ISBN: 978-3-030-45691-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)