Designing the GDPR welcome mat and creating great UX around it
It's Spring 2019 and it’s already been close to a year since GDPR came into force. You have seen many cookie messages on websites that you visit, asking you to give consent. Some do it the right way and some don’t. Here is how you can do a great GDPR compliant cookie layer a.k.a. welcome mat.
What’s GDPR? GDPR is not a directive, but a regulation. Non-compliance has severe penalty and consequences. But what does it mean for designers?
At the design phase of any product, service or process, you must consider privacy and data protection and continue to do so throughout the lifecycle of same. Also consider technical and third-party tools that will be part of the product or service.
Who does it affect?
The first question as a designer is who does it affect? Simple questions and a simple answer as well: It affects any company operating in the EU, doesn’t matter where they are based. The main objective of GDPR is Data protection and transparency. What does this mean?
- People have more control over their personal data
- People have the power to opt in and opt out
- A level playing field for all businesses
The basic requirements for the effectiveness of a valid legal consent are defined in article 7 and specified further in recital 32 of the GDPR. Consent must be freely given, specific, informed and unambiguous.
In order to obtain freely given consent, it must be given on a voluntary basis. The element “free” implies a real choice by the data subject. Any element of inappropriate pressure or influence which could affect the outcome of that choice renders the consent invalid. In simple terms:
The user must have the rights to opt in and opt out without negative consequences and the consent is by doing a clear action and not implied.
Why create a good UX around GDPR?
- GDPR will create a distinct competitive advantage for those companies who invest in crafting great user experiences around what “explicit consent” actually looks like. Companies will build relationships based on transparency, honesty and long-term trust. The latter is especially important in 2019, considering the increased media attention regarding digital privacy.
- Users will have the same expectations for excellent experiences in the website and applications they use.
Here is a nice introductory video on GDPR.
When you need to talk to clients and important stakeholders outside or within your company. You need facts to convince and here are some of them.
1. Companies need to get consent from the user.
2. The privacy policy must be in a clear language, no legal jargon.
3. Companies need to be more transparent about data use:
- Transferring user data outside the EU
- Well defined purpose to collect and process data
- Use of algorithms
4. Stronger rights for the user
- Inform user about data breach (within 72 hours)
- Users can move their data to different platforms or companies
- Right to access or get a copy of their data
- Right to erase all data
5. Stronger enforcement: Fines of 20 million € or 4 percent of total turnover
Ok, now that’s a lot of facts and information to gather and process. Now, the next step is where it gets exciting for the designer.
Translating into meaningful design
Before you start designing, you need to speak with the legal team and other stakeholders to know the company policy on cookies and data collected. Once you have this information you can start designing. You need to have a separate page for cookie policy and general terms & conditions. This is helpful for the user not to confuse the two.
Keep in mind the following:
1. The language used should be clear, straightforward language and not complicated legal language.
2. Consent from the user, this has an effect on cookies, email communication and marketing.
3. Transparency about how the data is used and processed by the company.
Here are some good examples of the cookie prompts (welcome doormats)
- Tata, BBC, Google and many more use similar banners that are small. You can make the copy text fun as Tata have with theirs.
2. Financial Times make it obvious and use a modal window to catch your attention.
3. Cookiebot.com goes one step further and helps you opt for non-compulsory cookies.
Some good examples of the privacy policy page
Allianz breakdown the cookies used into different sections and makes it easier for user to understand and make decisions. The copy used also is going to have a big impact.
Unilever’s cookie page gives you specific details about the cookies used and why they are used. They make it easy to opt in and out with the checkboxes.
It’s also important to note, if a user does not accept the terms (close the cookie popup), that does not mean the user has given consent to use cookies. The cookie and general terms and conditions should be easily accessible.
Summary
1. Make it easy for the user to opt in and opt out of cookies
2. Privacy policies will have to be written in a clear, straightforward language
3. The user will need to give an affirmative consent before his/her data can be used by a business. Silence is no consent.
4. Businesses will be able to collect and process data only for a well-defined purpose. They will have to inform the user about new purposes for processing
5. Distinguish between privacy and cookie settings.
___________________________________________________________________
Enjoyed the article? Clap 👏 👏👏 a few times below to recommend it to other interested readers!
If you want to know more about bitgrip just follow us on Twitter @bitgrip_berlin or subscribe our medium channel to receive updates on the latest articles.
