How to make privacy policies both GDPR-compliant and usable

Karen Renaud; Lynsay Shepherd

doi:10.1109/CyberSA.2018.8551442

How to make privacy policies both GDPR-compliant and usable

Karen Renaud
, Lynsay Shepherd

Department of Cybersecurity and Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

41 Citations (Scopus)

940 Downloads (Pure)

Abstract

It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.
We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.

Original language	English
Title of host publication	2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
Publisher	IEEE
Chapter	18
Number of pages	8
ISBN (Electronic)	9781538645659
ISBN (Print)	9781538645666
DOIs	https://doi.org/10.1109/CyberSA.2018.8551442
Publication status	Published - 29 Nov 2018
Event	2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment: 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) - Grand Central Hotel, Glasgow, United Kingdom Duration: 11 Jun 2018 → 12 Jun 2018

Conference

Conference	2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment
Abbreviated title	Cyber SA
Country/Territory	United Kingdom
City	Glasgow
Period	11/06/18 → 12/06/18

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 4 Quality Education
SDG 9 Industry, Innovation, and Infrastructure

Keywords

Privacy
Guidelines
Usability
Companies
Design methodology

Access to Document

10.1109/CyberSA.2018.8551442

Shepherd_HowToMakePrivacyPoliciesBothGDPR-CompliantAndUsable_Author_2018Accepted author manuscript, 3.12 MB

Cite this

@inproceedings{d31c7c59eabe4478a2dda906276995d7,

title = "How to make privacy policies both GDPR-compliant and usable",

abstract = "It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this. We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.",

author = "Karen Renaud and Lynsay Shepherd",

year = "2018",

month = nov,

day = "29",

doi = "10.1109/CyberSA.2018.8551442",

language = "English",

isbn = "9781538645666",

booktitle = "2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)",

publisher = "IEEE ",

note = "2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment : 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), Cyber SA ; Conference date: 11-06-2018 Through 12-06-2018",

}

Renaud, K & Shepherd, L 2018, How to make privacy policies both GDPR-compliant and usable. in 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE , 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Glasgow, United Kingdom, 11/06/18. https://doi.org/10.1109/CyberSA.2018.8551442

TY - GEN

T1 - How to make privacy policies both GDPR-compliant and usable

AU - Renaud, Karen

AU - Shepherd, Lynsay

PY - 2018/11/29

Y1 - 2018/11/29

N2 - It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this. We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.

AB - It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this. We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.

U2 - 10.1109/CyberSA.2018.8551442

DO - 10.1109/CyberSA.2018.8551442

M3 - Conference contribution

SN - 9781538645666

BT - 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

PB - IEEE

T2 - 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment

Y2 - 11 June 2018 through 12 June 2018

ER -

How to make privacy policies both GDPR-compliant and usable

Abstract

Conference

UN SDGs

Keywords

Access to Document

Fingerprint

Cite this