How to Make Privacy Policies both GDPR-Compliant and Usable
Karen Renaud, Lynsay A. Shepherd
TL;DR
This paper presents a method to create privacy policies that are both compliant with GDPR regulations and user-friendly, by synthesizing legal requirements with usability guidelines to produce a practical template.
Contribution
It offers a novel synthesis of GDPR requirements and usability guidelines, resulting in a practical privacy policy template that balances compliance and user needs.
Findings
Developed a GDPR compliance checklist for privacy policies.
Derived usability design guidelines from research literature.
Provided a usable, compliant privacy policy template.
Abstract
It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this. We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.