Structuring by purpose
This design pattern is part of the LINC’s research initiative focusing on interface design. It comes from frequent proposals made by participants of the Data & Design workshops to implement the principle of transparency provided in the GDPR. It can be used and adapted to the specific context of your services and products. However, its reuse as such do not guarantee compliance with the GDPR in general and the principle of transparency in particular.
This pattern proposes to structure the information in an interface by purpose of processing, as any personal data processing must be carried out for a specific purpose. The relevant information is thus grouped together to describe each use of personal data in a precise manner.
This approach makes the processing clear and transparent by bringing together and describing precisely why it is set up and how it works. This allows individuals to quickly identify the different uses of their data and to fully understand each of them.
Using the pattern in the user journey
► When signing-up: this pattern can be used to group the different fields needed to register for a service by the purposes to which they are associated, as Vino does. This informs individuals about the use of their data in a way that is integrated with the user experience and makes the link between a purpose and the data processed clear. However, this approach needs to be complemented by additional information, for example in a privacy policy, especially as some of the purposes implemented by a service (e.g. ensuring the security of user data and the service) may not be concretely/visually apparent on the registration form.
► In a privacy policy: this pattern can be used in a privacy policy and highlights the purposes of processing pursued by the service. This allows individuals to quickly see how their data is used, to find precise information for each of these uses and to potentially act and control certain purposes by having the appropriate means at their disposal. When the service is changing its data processing, this pattern is particularly relevant to highlight the new purposes of the processing and show the associated data
► When using the service: this pattern is particularly relevant for informing people about purposes that result in directly visible elements in the interfaces, such as targeted advertising. Information relating to these purposes can thus be made available, either by integrating it directly into the interface, or by using a visual means such as an icon to indicate that information is available and easily accessible.
► In case of a problem with the data or its use: this pattern may be particularly relevant where an individual does not understand why some of their data is collected or used. By highlighting the reasons, i.e. the purposes, for which their data is processed, it enables individuals to understand how a processing operation works, which may answer all or part of their question.
► When setting one’s preferences: this pattern is particularly relevant in the case of managing consent, as these are always linked to a specific purpose. This pattern can also be used to structure a dashboard.
Tips
► When used in a privacy policy, this pattern has limitations in associating certain information required by the GDPR with a purpose (e.g. identity of the organisation, DPO contact). This pattern must therefore be complemented by other sections independent of the data, which allow covering this information.
► The information required by the GDPR that fits particularly well with this purpose-based approach is: the legal basis, the recipients, transfers outside the EU and the rights of individuals. Listing the data or indicating the categories of data processed and their retention periods is also relevant.
► It is possible to present this pattern in a synthetic way using a table.
► A template can be used to present the information on purposes in a systematic, simple and standardised way.
► With this pattern, it is necessary to think about the hierarchy of purposes, especially when there are many of them. They can be grouped and organised according to the categories of actors involved (e.g. users, the service, third parties), the reasonable expectation of individuals in regard of the use of their data or the intrusive nature of the purposes.
► The section on the rights of individuals is particularly well suited to this approach by purpose, with either details of their exercise or a redirection to the way in which they can be exercised. As a reminder, depending on the legal basis used, a person may have the possibility to consent or object to certain purposes of data processing.
► Other ways of structuring your privacy policy are possible and relevant, such as using a data structure, depending on the nature of your processing and the people using your service. Combining these structures is also a possibility.