Easy privacy information via icons? Yes, you can!

We are very pleased to announce that the European Centre on Privacy and Cybersecurity (ECPC) is among the winners of the Italian Data Protection Authority’s “Easy privacy information via icons? Yes, you can!” data protection icons contest! Launched on 15 March 2021, the contest called upon members of the public to develop a set of icons which may be used in Article 13 and 14 GDPR information notices to improve transparency. We could not be more elated that our efforts have been recognized by the Garante per la protezione dei dati personali as one of the most effective and accurate representations of the transparency norms conveyed in information notices.[1]

As you may already know, within the context of the Data Protection as a Corporate Social Responsibility Research Project (DPCSR) led by Prof. Dr. Paolo Balboni at ECPC, we have been working on the concept of data protection icons for the past two years together with Kate Francis, external PhD student at Maastricht University, and the Data Protection, Intergovernmental, and Business Stakeholders of the project. One of the primary aims of the forthcoming Maastricht DPCSR Framework is found in the cardinal principle of transparency, which can be improved with the help of visual aids such as data protection icons. Following this logic, and with the goals of furthering sustainable and transparent data processing and stimulating the provision of comprehensive, manageable, and meaningful information to individuals, in 2020 we developed five DPCSR data protection icons for potentially high-risk processing activities (e.g., marketing, fully automated processing, data transfer, data sharing in exchange for direct profit/value, and the processing of sensitive data) which will be rendered machine-readable. In 2021, we also carried out an extensive user survey of our DPCSR icons which received more than 500 responses and led us to make material changes to two of our original five icons to make them more comprehensible and therefore better suited to further transparent information provision to data subjects.   

Given this background and upon learning of the Italian Data Protection Authority’s contest, we convened the DPCSR Icon Working Group (Icon WG) which is comprised of the researchers from ECPC and Stakeholders from the DPCSR project with UX design expertise. To prepare the icons for the contest, the Icon WG followed the same scientific methodology we used for the development of our potentially high-risk DPCSR Icons. We developed a total of 16 icons that correspond to the information organizations are required to provide to users under arts. 13 and 14 GDPR which we submitted to the Italian Data Protection Authority in the spring of 2021.

The fact that our Art. 13 and 14 GDPR icons have been selected by the Italian Data Protection Authority confirms the effectiveness of our multidisciplinary methodology and workflow developed in the context of the DPCSR project. It furthermore highlights the relevance and quality of our research in the Data Protection as a Corporate Social Responsibility Research Project. According to Prof. Dr. Paolo Balboni, “When combined with more traditional data protection information, data protection icons have the potential to increase transparency for users with respect to how their data is handled. Furthermore, as suggested by the results of our empirical research we carried out at ECPC, the majority of internet users we surveyed think that data protection icons are a useful tool which can help to bridge the knowledge gap between users and data controllers, making data processing activities more understandable and hence transparent. Organizations are invited to use our icons as they will be part of the forthcoming Maastricht Data Protection as CSR Framework.” 

Many thanks to all the members of the DPCSR Icon WG and to the Italian Data Protection Authority for this prestigious recognition!

For more information about the Data Protection as a Corporate Social Responsibility Research Project, see our dedicated website: https://www.maastrichtuniversity.nl/ecpc/csr-project

_{[1] As stated in the Italian Data Protection Authority’s press release, the Evaluation Group established by the Authority for the contest selected three proposed icon sets that best met the criteria of completeness and conformity to the content of the norms. 59 proposals were received. Proposals were evaluated based on the concept (which includes effectiveness and conciseness); visual aspects (graphics, legibility, clarity); originality; and inclusiveness (gender equality, non-discrimination). For more information, see: https://www.garanteprivacy.it/temi/informativechiare}