Design

Consider privacy throughout your design activities

You can address privacy issues through a range of design activities, including UI sketching, information architecture, prototyping, and content design:

• You could try using privacy concepts as a prompt for generating ideas, such as a ‘crazy eights’ sketching exercise that explores how your product might work if it processed no personal information.
• You should avoid using real user data when prototyping or mocking up interfaces. Realistic dummy data or synthetic data is safer.
• Critique sessions offer good opportunities to ask what-if questions about privacy. You could, for example, use the ICO’s Overview of data protection harms as a discussion prompt.
• If you are a design leader, you should make it clear that designers should consider privacy in their work. You could also specify that you will not sign designs off until the team shows how they have handled privacy questions.

Communicate privacy information in ways people understand

You should design experiences that allow people to understand what happens to their personal information, to help meet the requirements of the UK GDPR’s transparency principle and people’s right to be informed:

• Privacy information should be easy to read and understand. You must make it concise, transparent, intelligible, easily accessible, and use clear and plain language.
• People may not always read privacy notices. It may not be sufficient to only use this way of communicating privacy information. You should use a variety of techniques such as ‘just-in-time’ notices or a layered approach, where appropriate.
• Your users may not understand technology and privacy as well as you. Remember that the consequences of decisions may not be obvious to others, even if they are to you.

• You should recognise and respect use cases that don’t fit your ideal user journey.

Choose the right moments

Timing is everything. You should identify the moments when people might expect to make decisions about information, and when they are in the best state of mind to make reasonable, informed choices:

• Consider when in the user journey you should discuss privacy. You must provide privacy information at the time of collecting personal information from the person it relates to, but consider additional moments.

• The right moments may vary for different people with different needs.
• Whatever moments you choose, you should ensure people have enough time and knowledge to consider their options fully.

Ensure consent is valid

Consent is one of six lawful reasons for processing personal information. Your data protection colleagues can advise you about whether you need to seek consent for your use case. Consent must be freely given, specific and informed, and given by a clear affirmative act. It must represent an active choice and be as easy to withdraw as it is to give.

How you present choices in an interface can help people make better decisions, but it can also affect their actions and invalidate their consent:

• You must offer consent interfaces that are unambiguous and involve a clear affirmative action (an opt-in). Pre-ticked opt-in boxes are specifically banned under UK GDPR.
• If you offer multiple choices in a consent interface, you must not make one more appealing or prominent than another. This is likely to invalidate the user’s consent.
• Similarly, you must not use option labels that invite guilt or another negative emotion. Sometimes known as ‘confirmshaming’, this can bias people’s choices and invalidate their consent. You must not use ‘biased framing’ to emphasise the supposed benefits of one particular option to make it more appealing or the supposed risks of another to discourage people from
  selecting it.
• When relying on consent for your lawful reason for processing data, you must ask for specific consent for each time you use data in a new way or for a different purpose. They should not be bundled together under a single consent choice.
• You should think carefully about when to use consent interfaces. Use too few and you may not comply with UK GDPR requirements, if you are using consent as your lawful reason. However, over-using unnecessary consent popups causes decision fatigue, training people to accept information sharing or other uses of their information blindly in every product they encounter.
• You must offer people a way to reopen consent interfaces later on. It must be as easy to withdraw consent as it is to give it.

Empower people to exercise their information rights in the interface

The UK GDPR gives people various rights about their personal information. These rights include:

• right of access – people have the right to get access to their personal information, and should be able to request a copy;
• right to rectification – people have the right to request that inaccurate information is rectified, or that incomplete information is completed;
• right to data portability – people have the right to move, copy or transfer personal information easily from your product to another, in a safe and secure way; and
• rights related to automated decision-making and profiling.

Your organisation must allow people to exercise these rights. Since it is good practice to provide privacy information through the same medium used to collect it, you should consider how you could help people exercise their rights directly through your product.