This design pattern is part of the LINC’s research initiative focusing on interface design. It comes from frequent proposals made by participants of the Data & Design workshops to implement the principle of transparency provided in the GDPR. It can be used and adapted to the specific context of your services and products. However, its reuse as such do not guarantee compliance with the GDPR in general and the principle of transparency in particular.
This pattern aims to present the information related to personal data and their processing in a table format. This presentation gives a synthetic view and structures the information available in a homogeneous way for quick browsing.
Using the pattern in the user journey
► In a privacy policy : this pattern is a good alternative or complement to textual descriptions for presenting information about a data processing operation. It can be used in many ways and may be appropriate to use with a purpose structure or a data structure as it is a simple and clear way of presenting some of the interconnected information required by the GDPR such as data relationships, purposes, retention periods and legal bases. It can also be used as a summary to synthetise the information in a given section of the privacy policy.
Tips
► It is necessary to pay attention to the dimensions of the table and its cells, especially the horizontally. In cases where it is particularly long and wide, it is important to make it easy to read and navigate. This is particularly true on mobile phones. For this type of terminal, it is necessary to design a responsive version of the table or to display in another form the information contained in the table in order to ensure easy access on a mobile medium.
► To make the table accessible to people with disabilities, a relevant summary describing its contents and structure should be added to the table in order to make it easier to read. One should also make sure that the column and row headers are correctly declared using the <th> tag with a unique id attribute, a scope attribute with the value “col” or “row” respectively, and a WAI-ARIA role attribute with the value “columnheader” or “rowheader” respectively.
► A table is not always the best way to present parts of the information required by the GDPR. It is better to design tables that present a sub-part of the information about the processing, and that act as a complement to a textual approach.
► Icons can be used in a table to make it easier to read or identify certain information, such as the processed data categories.