Paul Matthews & Virginia Power – GDPR compliance and UX consequences

A main goal of GDPR is data protection by design. But we also want to encourage consent in order to enable service development. How can digital products get this balance right at the UI level? Through examples and a collaborative design sprint, this workshop will explore and critique approaches.

The new EU-wide data protection legislation – GDPR – came into force at the end of May. It is a set of principles for data controllers (anyone processing user data) to protect the rights of data subjects (the general public), particularly around the use of personal data – anything that allows a person to be identified – and other forms of potentially sensitive information such as medical history. Another principle is the right to an explanation for algorithmic decisions.

The GDPR is really a mindset and lacks detailed prescription for UI design in implementation of consent, explanation and right to be forgotten. There is an excellent opportunity for organisations, through innovative UX, to champion data protection and ethical design while keeping their customers / audience “on board”.

In this workshop, we will quickly recap the key ideas in GDPR and see how much knowledge is already in the room. We will look at some examples from around the web in consent and data transparency and critique them from the perspectives of the user and the site owner.

Next, we will work in teams to paper prototype the onboarding, privacy/settings dashboard and algorithmic output of a hypothetical AI-based service. By passing them around we will analyse each others’ designs from both ethical and compliance viewpoints.

About Paul

Paul teaches UX, digital design, information management and social media research. His current research interests encompass the UX of intelligent systems, sociotechnical design for e-mental health and the visualisation of scientific ideas. He also works with students on “live” projects for internal research teams, student startups and external clients.

About Virginia

Virginia is an information professional, academic and technology specialist with over 35 years’ information services management experience within educational and cultural heritage sectors. Virginia specialises in Knowledge Management, IT ethics, data governance and UX. Virginia is studying for her PhD researching participatory culture and the paradigm of user-generated content in information repositories.