• User-centred transparency design for privacy – Part II: Content design

    This follow-up on the "layered approach" discusses the EDPB guidelines’ suggestions for shaping the transparency information itself: content, language, accessibility, intelligibility, etc.

  • Bookmark: Designing accessible web with privacy – when web browsing reveals information

    Lukasz Olejnik presents how implementing accessibility in browsers may compromise the privacy of users of assistive technology.

  • Bookmark: The Digital Human – Jigsaw

    This brilliant Podcast episode makes the rather abstract formula that "privacy is not about individuals' decisions" tangible through real-life examples.

  • How did the GDPR come to be? And what do a film maker and two NGOs think about it?

    Brief notes from a public screening of “Democracy”, an award-winning documentary about how the new European data protection law came to be, followed by a podium discussion with the director and representatives of privacy NGOs. I’ve praised and recommended this film before: “Democracy – Im Rausch der Daten”. Even watching it again, at an event […]

  • Event picks for Privacy Week Berlin 2018

    Privacy Week Berlin is taking place next week for the first time, with a range of interesting events (mostly in German, it appears). Here are my picks, if only my schedules allow.

  • The costs and benefits of tracking scripts – business vs. user

    Jeremy Keith: "Too many businesses treat analytics and tracking scripts as victimless technologies—they only see the benefits (in data acquisation) without understanding the costs (in performance)."

  • User-centred transparency design for privacy – Part I: The layered approach

    The EDPB’s official “Guidelines on Transparency” under GDPR are a valuable, yet little-known, resource for designers. In this article series, I examine the 40-pager for contributions on putting individuals in control of their personal data through user-centred design – beyond compliance, but by discussing ideas for truly privacy-centred user experience. The goal of various guideline […]

  • Bookmark: Report: Deceived by Design

    A detailed report, documenting how Google, Facebook and Microsoft use UI dark patterns to deceive and manipulate users towards accepting low privacy defaults; by the Norwegian Consumer Council.

  • Bookmark: Modern myth: Nothing to hide? Collected responses to a dangerous fallacy

    Anyone who is concerned with surveillance will hear this statement over and over again. Though dangerous and false, it is very persistent. And we are fed up with it. Ten points against the notion that you have “nothing to hide”.

  • Self-hosting maps: taking control over UX and users’ privacy

    OpenMapTiles allows for efficient self-hosting of embeddable OSM maps without significant resource requirements and with reasonable effort for a web professional.

  • Reposting a Tweet by Frederike Kaltheuner

    "Privacy was once misconstrued as being about hiding and secrecy. Now it’s understood to be something much more pressing: power dynamics between the individual, the state and the market."

  • Can we PLEASE talk about privacy, not GDPR, now?

    Let’s not bury this under “achievement unlocked by May 25” but use the momentum to work on new ideas how to proceed from here. Likely everybody had to take shortcuts in recent weeks. Now, with pressure off, is the time to share what we have learned – and continue to keep working on new ideas for privacy first, compliance second.

  • Reposting a Tweet by DataEthics

    "Data Ethics" is an inspiring book making the case for ethical design of businesses and products; PDF now available for free

  • The Indieweb privacy challenge (Webmentions, silo backfeeds, and the GDPR)

    Originally intended to showcase a privacy-centred implementation of emerging social web technologies – with the aim to present a solution not initially motivated by legal requirements, but as an example of privacy-aware interaction design – my “social backfeed” design process unveiled intricate challenges for Indieweb sites, both for privacy in general and legal compliance in […]

  • Event: “Website Privacy Extreme” (16 May in Helsinki/FIN)

    An experimental hacking event for active webizens concerned about privacy first and legal compliance second. The goal is to take it to the extreme: challenging 'common practices' and pushing the boundaries.

  • Collaborative list of GDPR-compliant DPA contracts

    One of many GDPR tasks before May 25 is to sign Data Processing Agreements with third-party services you use for your website, newsletter, etc. For an easy start, we created a collaborative online list to provide an easy starting point – please use for your benefit! …and contribute back?

  • “Working Draft” podcast on privacy and GDPR (in German)

    Baltasar, Joschi and I discuss importance and implications of the GDPR for web designers and developers - on the Working Draft podcast, hosted by Hans Christian Reinl.

  • Bookmark: GDPR: 10 examples of best practice UX for obtaining marketing consent

    I was delighted to find this blog post, reviewing recent examples of UX solutions for GDPR-compliant marketing consent. This is the kind of reviews designers concerned with privacy need, in order to generate an industry-wide debate about (slowly emerging) practices and work out optimal solutions over time.

  • Challenge GDPR: undesirable effort or entrepreneurial opportunity?

    The efficient combination of legal risk management and privacy-sensitive design ensures a good ROI for GDPR compliance efforts.

  • Eight valuable insights from a discussion panel on opportunities of the GPDR

    A high-profile expert panel met in Berlin on 31 Jan to discuss the nature and risks, but above all the rewards and opportunities of the GDPR. This blog post summarizes eight key thoughts emerging from the presentations and discussions at this inspirational and positively spirited discussion of the new privacy regulation. Hosted by privacy messenger […]

  • Bookmark: When Trading Track Records Means Less Privacy

    Just anonymising data does not mean it is no longer personal data - more often than not it needs to be treated with similar care as data that carries individual identifiers.

  • No title

    The GDPR: not a revolution, but an evolution – its core is similar to the 1995 directive, but now enforced more strictly; figure from “The GDPR is a call to practice ethical design”

  • Bookmark: Apps, Trackers, Privacy, and Regulators – A Global Study of the Mobile Tracking Ecosystem

    Particularly relevant for privacy design is the authors' category of ATS-C: third-party services that may process unique identifiers despite their primary purpose is not tracking as such.

  • Bookmark: GDPR consent design: how granular must adtech opt-ins be?

    The wireframes presented in this article should make every UX designer cringe: Johnny Ryan of PageFair embarks on a step-by-step journey through various GDPR requirements and Article 29 Working Party opinions/guidelines, illustrating how the wide range of purposes adtech companies process personal data for would—when taking the law as literal as possible—require consent dialogues of […]

  • The GDPR is a call to practice ethical design

    Internalizing the history and philosophy behind the General Data Privacy Regulation is key for every designer in privacy-critical contexts. The GDPR is not a law that specifies detailed demands for consent forms or the like—it is a change agent for embracing ethical principles in dealing with personal data, across the EU and beyond.

  • Reposting a Tweet by Smashing Magazine

    Amen! "While I feel that performance has finally found its place on the agenda in web projects, it’s about time to push privacy, accessibility and ethics to the spotlight as well. Still way too often forgotten or dismissed for the sake of business."

  • Talk: “Designing away the cookie disclaimer”

    My lightning talk from the beyond tellerrand Berlin warm-up on 2017-11-06: privacy as a core aspect of ethical UX design. "Don’t ask yourself 'does what we are doing require a cookie banner', but instead do something that respects the spirit of these privacy rules in the first place."

  • PrivacyBadger un-tracks Twitter’s t.co links

    I'm in awe! Just noticed that PrivacyBadger, the EFF's browser privacy tool, has already for a while been replacing all t.co URLs with the canonical URL of the real link target in my browser.

  • The significance of the reformation in today’s digital world?

    "Reformatory" thinking, the idea that no individual should be subject to external control and limitation of their freedoms, is probably needed in 2017 just as much as it was in 1517. I spent a few hours on the 500th anniversary day of Luther's reformation to familiarize myself with the philosophical thoughts by theologist Johanna Haberer.

  • Reposting a Tweet by Laura Kalbag

    "It’s so important that we understand the human impact of what we’re building and where we’re coming from. It is more than shiny buzzwords."

  • Tracking is so much more than just cookies

    The issue with tracking is not only one of obvious trackers but that, at least in theory, every piece of content loaded from other sites than the originating domain enables some degree of tracking.

  • Bookmark: Smart Cities and Our Brave New World

    Uh-oh. While generally enthusiastic of using technology for solving mankind’s problems, and with the global phenomenon of urbanisation amassing plenty of those, this analysis by Privacy International drawing a grim picture of the forces at play around much-hyped “smart cities” makes me cringe: Smart cities represent a market expected to reach almost $760 billion dollars […]

  • Bookmark: Report: Corporate Surveillance in Everyday Life

    Admitted, “Corporate Surveillance in Everyday Life” is a long and depressing read for a Friday. In this comprehensive report on the state of corporate surveillance, Wolfie Christl of Cracked Labs illustrates just how deep the logic of surveillance has evolved in today’s world: This report finds that the networks of online platforms, advertising technology providers, […]

  • No title

    In today’s issue of the ICO’s blog series on “GDPR myths”, Deputy Commissioner Steve Wood addresses the fact that upcoming privacy regulations are only an evolution of long-standing principles. In the end, it boils down to six simple principles: Many of the fundamentals remain the same and have been known about for a long time. […]

  • Bookmark: ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy

    In this pre-Snowden essay from 2007 (PDF), Daniel J. Solove presents one of the most thorough attempts to disprove the “I have nothing to hide” attitude towards privacy I have encountered: the problem with the nothing to hide argument is the underlying assumption that privacy is about hiding bad things Solove introduces a four-fold taxonomy […]

  • Film: “Democracy – Im Rausch der Daten” (de)

    “Democracy” by David Bernet is an exceptional film. Who would think that the birthing of an EU law could provide enough drama to power a feature-length documentary, given that the Brussels bureaucracy machine is commonly seen as a closed, cold and robotic community out of touch with real people’s concerns. The film, prominently featuring MEP Jan […]

  • Bookmark: When services harm people

    Following introductory words on “service needs” and “business needs” vs. “user needs”, Maria Izquierdo and Martin Jordan showcase some instances where data is (even in breach of legal contracts) collected against users’ interest and with the potential to harm them. The responsibility for avoiding such issues, they state, lies with those designing these systems: If […]

  • Reposting a Tweet by HannahJane Parkinson‏

    A great article, can’t decide which parts to quote – pls read the whole thing. And start working on alternative futures tmrw (designers!) I quit Facebook in 2013, and as a direct result of this, I have fallen out of touch with many friends. People have had babies, people have got married and divorced and […]

  • Privacy in tech: a sociological, not a mechanical challenge

    "Privacy settings" in social web services are only a small part of the complex social phenomenon that is privacy; looking at the 2006 "Privacy paradox" and the 2014 "New privacy paradox" could help leading the discussion on privacy in tech from a far more sociological rather than mechanical perspective.

  • Bookmark: Still Blogging in 2017

    An hommage to the web, its freedom and why it still is the superior medium for self-expression online, by Tim Bray: The great dan­ger is that the Web’s fu­ture is mall-like: No space re­al­ly pub­lic, no store­fronts but na­tion­al brands’, no vi­su­als com­posed by am­a­teurs, noth­ing that’s on of­fer just for its own sake, and […]