Information

The transparency principle demands that all information or communication regarding the processing of personal data be concise, transparent, understandable and easily accessible in clear and simple terms.

Why is information important?

Informing data subjects is fundamentally important as it allows them to understand the purpose of the processing and how their data are used. The transparency of the processing is one of the main ways of establishing trust with data subjects.

Information indicates those in charge of the processing (data controller) and allows data subjects to know where to file a request relating to their data, such as exercising their rights. Information must be provided when collecting data or when there is a change in the processing.

Information must be easily accessible

Information must be easy to access: the user must be able to find it easily, whether in a digital environment or not (information note, etc.).

The methods and techniques chosen to make information accessible can vary, depending on the context and interactions with data subjects: pop-ins, tooltips, dedicated pages, QR code, audio messages, videos, display boards, paper documentation, information campaigns, etc.

Example

In this example, the user wants to learn more about the information collected by a fitness monitoring app.

Focus of attention

Information  - Accessible - Attention
In this case, the user is told nothing about the location of her information. She needs to delve deep into the application to find her data.

Possible approach

Information  - Accessible – Possible Approach
In this case, the elements linked to one’s personal data are directly accessible in the menu through the “Data Management” link.

Information must be understandable, simple and clear

The information must be understood by most of the targeted public, expressed in clear and simple terms. This is expressed by the use of vocabulary adapted to the targeted public, short phrases and a direct style, avoiding complex legal or technical, abstract or ambiguous terms. Special attention will be taken on this point if addressing children or vulnerable persons (for example a patient or employee).

Example

In this example, the user consults the privacy policy of the website he is visiting.

Focus of attention

Information - Simple - Attention
In this introduction to the privacy policy, the language used is particularly complex and technical. This makes its content difficult to understand for data subjects not familiar with this type of expression and it will not encourage them to read the privacy policy further.

Possible approach

Information - Simple - Possible Approach
This rewording lightens the structure of sentences and highlights the key points of the privacy policy for the data subject. These points are in fact easily accessible through the use of anchors

Information must be intelligible and concise

Good information must be effective and succinct. To avoid the pitfall of excessive information that submerges the user, it is necessary to provide the most relevant information at the right time. This information dissemination approach in the user experience does not aim to replace privacy policies, providing a centralising document and giving the detail of data practices, but to provide a first level of information and highlight the important characteristics of processing.

Information related to data protection must be kept separate from information that is not specifically linked to privacy (like contractual clauses or general terms and conditions of use), as it contributes to fair processing of data and helps establish a trusting relationship with users.

Example

In this example, the user creates an account on a social network and is confronted to a first level of information.    

Focus of attention

Information - Concise - Attention
In this case, the information on personal data collection are made available in the registration form but it is dense and not contextual: the link with the action of signing up to the service is not self-evident. This discrepancy and the presentation of the text does not encourage the user to read it. The information cannot therefore be considered to be legible.

Possible approach (animated example)

Information - Concise - Possible Approach
In this case, the user experience has been reviewed to briefly explain the use of the data collected when entered. This contextual information is used to make the way data is used easily understandable. Diluting concise information within the user journey is a way of gradually increasing awareness on the processing. The information is therefore more legible.

Find out more

If you want to find out more about informing data subjects and the notion of transparency, you can consult the links below:

(fr) How to inform data subjects and guarantee transparency? cnil.fr

A detailed explanation of how to inform data subjects, referring to articles of the GDPR and the law.

(fr) Examples of information notices cnil.fr

Examples illustrating ways of drafting information notices, depending on different contexts.

Guidelines on Transparency pdf

EDPB guidelines setting out the transparency concept.

Données & Design par LINC