In Autumn 2015, we ran the class Legal Design Lab: Consumer Contracts, with a specific focus on how to improve user engagement and comprehension of privacy policies. Specifically, we considered mobile phones’ and apps’ privacy policies.
The class combined scholarly examination of the dynamics of consumer contracts, with a hands-on design approach about how new technologies and interactions could improve user experience of these contracts.
The Privacy Dashboard
Group 2 proposed a central dashboard on a mobile phone, that would let a person view and control the privacy practices that apply to their data. For example, on the iPhone, there would be a distinct Privacy app, alongside the Settings app.
On opening, the user could see what all of the different privacy trade-offs there are, based on the phone provider’s policy, as well as third party app’s policies. For any of these trade-offs that allow the user to make an opt-in or opt-out, the dashboard would let them make this choice immediately there.
The dashboard would explain what the different groups of settings mean, and what the advantages and draw-backs of sharing data might be.
The group also proposed that the user could be able to adopt a curated set of data policy settings in one choice, rather than customizing the settings on their own. For example, the privacy dashboard could offer them ‘role models’ or ‘leaders’ for privacy settings. A user could adopt these models’ settings — and then tweak them as preferred.
The Visual Diagram of Data Privacy
Group 3 proposed a visualization of how data traveled, how it is shared, and how it is stored. They gathered together all the various policy clauses that applied to certain categories of data — like, for photo data, location data, etc. Then they created graphic maps of if this data stayed on the phones, on Apple servers, on 3rd party servers, or even beyond.
One location for this visual diagram would be on the Apple website, if people had a full screen to view the entire diagram at once.
Another would be on the phone, on the app’s setting or the policy page, where the diagram would be radically simplified. It would only show the path of one kind of data.
Persona-Based Privacy Stories
Group 3 also proposed a story-based model. Rather than presenting information about the privacy practices through legal clauses and standard policy languages, the idea is to show the practices through a series of stories.
The group created a series of fictionalized personas, based on their user research and testing. For each of these personas, they wrote out stories that demonstrated the core messages of the privacy policies, but through human examples.
Location Data Dashboard
Team 1 found proposed that specific attention be given to location data policies. Phones or apps should have dashboards that pull out all the information that could affect how the user’s personal data is treated.
Their user research with young female mobile phone users revealed that these users’ main interest in privacy policies was around location data. They didn’t want to necessarily sift through the policy to find all the clauses that applied to location, and then figure out how it affected the treatment of their data.
The team created an app-friendly presentation of how their location data is treated, in order to give them a central insight into their data’s treatment.