A user-centered privacy policy

The goal of various guideline documents published by the former Article 29 Working Party (WP29) and its successor, the European Data Protection Board (EDPB), is to enable data controllers (e.g. website operators) to consistently apply GDPR requirements as […]

This follow-up on the "layered approach" discusses the EDPB guidelines’ suggestions for shaping the transparency information itself: content, language, accessibility, intelligibility, etc.

Internalizing the history and philosophy behind the General Data Privacy Regulation is key for every designer in privacy-critical contexts. The GDPR is not a law that specifies detailed demands for consent forms or the like—it is a change agent for embracing ethical principles in dealing with personal data, across the EU and beyond.

“I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that.

Terms of Service; Didn’t Read (ToS;DR) is a site that dissects the terms and privacy policies nobody ever reads and evaluates […]

If you’re working with privacy notices for the web, chances are that you have seen the privacy policy of juro.com, which rose to fame during the 2018 spring of GDPR panic as an example of legal design applied in a real-world project. Juro and Stefania […]

There is a lot of interesting analysis and recommendation in the “Growing up digital” report from the UK’s Children’s Commissioner referenced in this article - and the simplified terms and conditions (that nobody ever reads) are only […]