This design pattern is part of the LINC’s research initiative focusing on interface design. It comes from frequent proposals made by participants of the Data & Design workshops to implement the principle of transparency provided in the GDPR. It can be used and adapted to the specific context of your services and products. However, its reuse as such do not guarantee compliance with the GDPR in general and the principle of transparency in particular.
This pattern proposes to give examples of how personal data processing works to help understand it. These may include the type of data collected, security measures, sensitive processing aspects, legal elements or jargon. The examples help to illustrate the information on personal data protection and make it more tangible for individuals.
Using the pattern in the user journey
► When signing-up: this pattern is particularly well suited for an onboarding to provide transparent information to the person about their data and the parameters they choose. For example, each setting can be associated with concrete cases that explain it: who can see a profile if it is private, or which types of passwords are not strong.
► When setting one’s preferences: this pattern highlights the consequences of one’s choice when they enable or disable a setting. For example “By enabling geolocation you will see content based on your current location or the places you have been. For example, if you regularly visit a football stadium, we will send you content related to that activity such as information about upcoming football matches.”
► The examples should not give the impression that they are the only way to use the data, process it etc., if this is not the case.
► Examples should be objective. They should not minimise the extent of a data processing operation or present it in a particularly positive light.
► Examples are not a substitute for full information, use of plain language or definitions of technical terms
► This pattern can also be used in explanatory videos or a table
► The examples are useful in making people aware of processing that may not be visible at first glance.
► In the case of a service already in use, examples can be tailored to real-life situations. For example: “We have identified apparently fraudulent connection attempts from an IP other than the one you usually use” or “We are offering you an advertisement for shoes as a result of searches you have made using the term “shoe”.