Writing privacy notices people will actually read: A GDPR legal design challenge
Clear, transparent, intelligible and easily accessible. Not words that always apply to documents coming out of legal. But a privacy policy that meets these requirements is no longer a nice-to-have. The GDPR actually requires this of your privacy notice. According to the regulation, companies’ privacy policies have to be concise and transparent. This means that writing privacy policies in plain English, presented in a way that’s accessible for non-legal readers, is not a nice-to-have: it’s a legal obligation, clarified in the transparency guidelines.
What’s more, it’s not just the regulator who’ll hold you to this. After Facebook’s controversial provision of millions of users’ data to third parties, and the consequent political firestorm, as well as the #DeleteFacebook mood, customers are engaged with privacy like never before. All eyes are on your privacy policy — but does it stand up to the scrutiny?
As the implementation deadline for GDPR approaches, we’ve seen businesses everywhere updating their privacy policies to comply with its requirements, but we see very few that truly meet this standard of readability. Even the most forward-looking businesses fall into bad habits and throw dense text onto the page like it’s going out of fashion. Even Google have let theirs run past 3,000 words — surely they can do better than this!
The principles of legal design always guide us at Juro: start with the needs of end-users and work backwards. Privacy policies post-GDPR and post-#DeleteFacebook must be legal design-friendly, to comply with legislation and to make sure users are informed and happy. Making complex legal documents simple is hard. It’s as much a design challenge as a legal one, and the leading thinkers on legal design can help you visualize the task ahead. It’s a challenge you need to get right to thrive and to stand out post-GDPR.
So don’t just dump authorship of your privacy policy on an overworked legal team and hope for the best. Involve content writers, marketers and designers in the process from the outset and always keep the end user at the front of your mind. The user experience must drive the process — yes, it has to communicate a certain amount of regulatory information, but take the opportunity to be creative and find memorable ways to represent that on screen. It’s one of the most important and, hopefully, well-read documents pertaining to your business that you’ll ever publish: so make it readable to everyone and tell your customers the data story they need to hear in a compelling, accessible way.
At Juro, we’re busy running a design sprint on our own privacy notices (more on this soon) — see the steps we are taking here. As customers, employees and suppliers increase their interest in privacy generally, getting this touchpoint right can be a real win for the whole business. Get it wrong, and you might turn customers off before they read it, storing up confusion and even disputes for later on. As lawyers, that’s a risk we have to mitigate.
With the closing of our latest funding round, find out more about how we will be investing to bring design thinking to contract workflow.
This article was originally posted here on the Juro Blog.
