Centre for Internet and Society

Use of Visuals and Nudges in Privacy Notices

saumyaa — 2018-08-22T13:16:15Z

Nudging in privacy notices can be a privacy-enhancing tool. For example, informing users of how many people would have access to their data would help them make a decision. However, nudges can also be used to influence users towards making choices that compromise their privacy. For example, the visual design of default options on digital platforms currently nudge users to share their data. It is critical to ensure that there is mindful use of nudges, and that it is directed at the well being of the users.

Edited by Elonnai Hickok and Amber Sinha

Former Supreme Court judge, Justice B.N. Srikrishna, who is currently involved in drafting the new data-privacy laws for India, was quoted recently by the Bloomberg^[1]. Acknowledging the ineffectiveness of consent forms of tech companies that leads to users’ data being collected and misused, he asked if we should have pictograph warnings for consent much like the warnings that are given on cigarette packets. His concern is that an average Indian does not realise how much data they are generating or how it is being used. He attributed this to the access issues with the consent forms presented by companies which are in the English language. In the Indian context, Justice Srikrishna pointed out, considerations around literacy and languages should be addressed.

The new framework being worked on by Srikrishna and his committee comprising academics and government officials, would make the tech companies more accountable for data collection and use, and allow users to have more control over their own data. But, in addition to this regulatory step towards privacy and data protection, the concern towards communication of companies’ data practices through consent forms or privacy notices is also critical for users. Currently, the cryptic notices are a barrier for users, as are the services that do not provide incremental information about the use of the service - for example, what data is being shared with how many people or what data is being collected at what point, instead relying on blanket consent forms taken at the beginning of a service. Visuals can go a long way in making these notices and services accessible to users.

Although, Justice Srikrishna chose the extreme example of warnings on cigarette packets, visually depicting the health risks of cigarette smoking using repulsive imagery, the underlying intent seems to be of using visuals as a means of giving an immediate and clear warning about how people’s data is being used and by whom. It must be noted that the effectiveness of warnings on cigarette packets is debatable. These warnings are also a way in which manufacturers consider their accountability met, which is a possible danger with privacy notices as well. Most companies consider that their accountability is limited to giving all the information to the users without ensuring that the information is communicated to help the user understand the risks. Hence, one has to be cautious of the role of visuals in notices so that they are used with the primary purpose of meaningful communication and accessibility that can be used to inform further action. The visual summary of the data practice in terms of how it will affect the user will also serve as a warning.

The warning images on cigarette packets are an example of the user-influencing design approach called nudging^{^[2]}. While nudging techniques are meant to be aimed at the users’ well being, it brings forward the question of who decides what is beneficial for the users. Moreover, the harm in cigarette smoking is more obvious, and thus the favourable choice for the users is also clearer. But, in the context of data privacy, the harms are less apparent. It is difficult to demonstrate the harms or benefits of data use, particularly when data is re-purposed or used indirectly. There is also no single choice that can be pushed when it comes to the use and collection of data. Different users may have different preferences or degrees to which they would like to allow the use of their data. This raises deeper questions about the extent to which privacy law and regulation should be paternalistic.

Nudges are considered to follow the soft or libertarian paternalism approach, where the user is not forbidden any options but only given a push to alter their behaviour in a predictable way^{^[3]}. It is crucial to differentiate between the strong paternalistic approach that doesn’t allow a choice at all, the usability approach, and the soft paternalistic approach of nudging, as mentioned by Alessandro Acquisti in his paper, ‘The Behavioral Economics of Personal Information’^{^[4]}. In the usability approach, the design of the system would make it intuitive for users to change settings and secure their data. The soft paternalistic approach of nudging would be a step further and present secure settings as a default. Usability is often prioritised by designers. However, soft paternalism techniques help to enhance choice for users and lead to larger welfare^{^[5]}.

Nudging in privacy notices can be a privacy-enhancing tool. For example, informing users of how many people would have access to their data would help them make a decision^{^[6]}. However, nudges can also be used to influence users towards making choices that compromise their privacy. For example, the visual design of default options on digital platforms currently nudge users to share their data. It is critical to ensure that there is mindful use of nudges, and that it is directed at the well being of the users.

The design of privacy notices should be re-conceptualised to ensure that they inform the users effectively, keeping in mind certain best practices. For instance, a multilayered privacy notice can be used, which includes a very short notice designed for use on portable digital devices where there is limited space, condensed notice that contains all the key factors in an easy to understand way, and a complete notice with all the legal requirements^{^[7]}. Along with the layering of information, the timing of notices should also be designed to be at setup, just in time of the user’s action, or at periodic intervals. In terms of visuals, infographics can be used to depict data flows in a system. Another best practice is to integrate privacy notices with the rest of the system. Designers are needed to be involved early in the process so that the design decisions are not purely visual but also consider information architecture, content design, and research.

Practice based frameworks should be developed for communication designers in order to have a standardised vocabulary around creating privacy notices. Additionally, multiple user groups and their varied privacy preferences must be taken into account. Finally, an ethical framework must be put into place for design practitioners in order to ensure that the users’ well being is prioritised, and notices are designed to facilitate informed consent. Further recommendations and concerns regarding the design of privacy notices, and the use of visuals can be read here.

Justice Srikrishna’s statement is an important step towards creating effective privacy notices with visuals. The conversation on the need to design privacy notices can lead to clearer and more comprehensible notices. Combined with the enforcement of fair collection and use of data by companies, well designed notices will allow users more control and a real choice to opt-in or out of a service and make informed choices as they engage with a service. Justice Srikrishna’s analogy seems to recommend using visuals to describe what type of data is being collected and for what purposes at the time of taking consent. Though cigarette warnings may not be the most appropriate analogy, this is a good start, and it is important to explore how visuals and design can be used throughout a service - from beginning to end - to convey and promote awareness and informed choices by users. It is also important to extend this conversation outside of privacy into the realm of security and understand how visuals and design can inform users’ awareness and personal choices around security when using a service.

^{^[1]} https://www.bloomberg.com/news/articles/2018-06-10/tech-giants-nervous-as-judge-drafts-first-data-rules-in-india

^{^[2]} http://www.ijdesign.org/index.php/IJDesign/article/viewFile/1512/584

^{^[3]} https://www.andrew.cmu.edu/user/pgl/psosm2013.pdf

^{^[4]} https://www.heinz.cmu.edu/~acquisti/papers/acquisti-privacy-nudging.pdf

^{^[5]} https://www.heinz.cmu.edu/~acquisti/papers/acquisti-privacy-nudging.pdf

^{^[6]} https://cis-india.org/internet-governance/files/rethinking-privacy-principles

^{^[7]} https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/ten_steps_to_develop_a_multilayered_privacy_notice__white_paper_march_2007_.pdf

For more details visit https://cis-india.org/internet-governance/blog/use-of-visuals-and-nudges-in-privacy-notices

Unbox Festival 2019: CIS organizes two Workshops

saumyaa — 2019-02-26T01:53:39Z

Centre for Internet & Society organized two workshops at the Unbox Festival 2019, in Bangalore, on 15 and 17 February 2019.

'What is your Feminist Infrastructure Wishlist?

The first workshop 'What is your Feminist Infrastructure Wishlist?' was on Feminist Infrastructure Wishlists that was conducted by P.P. Sneha and Saumyaa Naidu on 15 February 2019. The objective of the workshop was to explore what it means to have infrastructure that is feminist. How do we build spaces, networks, and systems that are equal, inclusive, diverse, and accessible? We will also reflect on questions of network configurations, expertise, labour and visibility. For reading material click here.

AI for Good

With a backdrop of AI for social good, we explore existing applications of artificial intelligence, how we interact and engage with this technology on a daily basis. A discussion led by Saumyaa Naidu and Shweta Mohandas invited participants to examine current narratives around AI and imagine how these may transform with time. Questions around how we can build an AI for the future will become the starting point to trace its implications relating to social impact, policy, gender, design, and privacy. For reading materials see AI Now Report 2018, Machine Bias, and Why Do So Many Digital Assistants Have Feminine Names?

For info on Unbox Festival, click here

For more details visit https://cis-india.org/internet-governance/blog/unbox-2019-festival

The PDP Bill 2019 Through the Lens of Privacy by Design

saumyaa — 2020-11-12T10:55:00Z

PDP Bill 2019 Design Analysis

For more details visit https://cis-india.org/internet-governance/the-pdp-bill-2019-through-the-lens-of-privacy-by-design

Picking ‘Wholes’ - Thinking in Systems Workshop

saumyaa — 2019-06-05T14:35:35Z

A System's Thinking masterclass was conducted by Dinesh Korjan on 27th and 28th May in the CIS Delhi office.

It was organised as part of the Digital Identity project to explore the use of system’s thinking approach in a digital identity system, and addressing questions of policy choices and uses, while creating such a system. The workshop was attended by Amber Sinha, Ambika Tandon, Anubha Sinha, Pooja Saxena, Radhika Radhakrishnan, Saumyaa Naidu, Shruti Trikanad, Shyam Ponappa, Sumandro Chattapadhyay, Sunil Abraham, Swati Gautam, and Yesha Paul.

Dinesh Korjan is a proponent of the strategic use of design for the larger good. He is a product designer and co-founder of Studio Korjan in Ahmedabad. He complements his practice with active engagement in academics and teaches at many leading design schools including NID, Ahmedabad, Indian Institute of Technology (IIT), Gandhinagar, Srishti School of Art Design & Technology, Bangalore, and CEPT University, Ahmedabad.

The masterclass was aimed at learning to address complex problems using systems thinking approach. It involved experiential and collaborative learning through discussions, and doing and making activities. The workshop began with identifying different actors, processes, institutions, and other entities involved in a complex problem. The method of role-playing was introduced to learn to detail out and map the problem. Concepts such as synergy/ emergence, relationships, and flows were introduced through examples and case studies. These concepts were applied while mapping complex problems to find insights such as patterns, purposes, feedback loops, and finally a leverage. The workshop also introduced the idea of ephemeralization. Participants were prompted to find solutions that require least input but have greatest impact.

For further reading click here

For more details visit https://cis-india.org/internet-governance/blog/picking-2018wholes2019-thinking-in-systems-workshop

India's Position on Multi-stakeholderism vs Multilateralism

saumyaa — 2018-08-16T15:35:24Z

For more details visit https://cis-india.org/internet-governance/files/indias-position-on-multi-stakeholderism-vs-multilateralism

Design Concerns in Creating Privacy Notices

saumyaa — 2018-06-06T13:45:40Z

The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions.

This blog post was edited by Elonnai Hickok.

The Role of Design in Enabling Informed Consent

Currently, privacy notices and choice mechanisms, are largely ineffective. Privacy and security researchers have concluded that privacy notices not only fail to help consumers make informed privacy decisions but are mostly ignored by them. [1] They have been reduced to being a mere necessity to ensure legal compliance for companies. The design of privacy systems has an essential role in determining whether the users read the notices and understand them. While it is important to assess the data practices of a company, the communication of privacy policies to users is also a key factor in ensuring that the users are protected from privacy threats. If they do not read or understand the privacy policy, they are not protected by it at all.

The visual communication of a privacy notice is determined by the User Interface (UI) and User Experience (UX) design of that online platform. User experience design is broadly about creating the logical flow from one step to the next in any digital system, and user interface design ensures that each screen or page that the user interacts with has a consistent visual language and styling. This compliments the path created by the user experience designer. [2] UI/UX design still follows the basic principles of visual communication where information is made understandable, usable and interesting with the use of elements such as colours, typography, scale, and spacing.

In order to facilitate informed consent, the design principles are to be applied to ensure that the privacy policy is presented clearly, and in the most accessible form. A paper by Batya Friedman, Peyina Lin, and Jessica K. Miller, ‘Informed Consent By Design’, presents a model of informed consent for information systems. [3] It mentions the six components of the model; Disclosure, Comprehension, Voluntariness, Competence, Agreement, Minimal Distraction. The design of a notice should achieve these components to enable informed consent. Disclosure and comprehension lead to the user being ‘informed’ while ‘consent’ encompasses voluntariness, competence, and agreement. Finally, The tasks of being informed and giving consentshould happen with minimal distraction, without diverting users from their primary taskor overwhelming them with unnecessary noise.[4]

UI/UX design builds upon user behaviour to anticipate their interaction with the platform. It has led to practices where the UI/UX design is directed at influencing the user to respond in a way that is desired by the system. For instance, the design of default options prompts users to allow the system to collect their data when the ‘Allow’ button is checked by default. Such practices where the interface design is used to push users in a particular direction are called “dark patterns”.[5] These are tricks used in websites and apps that make users buy or sign up for things that they did not intend to. [6] Dark patterns are often followed as UI/UX trends without the consequences on users being questioned. This has had implications on the design of privacy systems as well. Privacy notices are currently being designed to be invisible instead of drawing attention towards them.

Moreover, most communication designers believe that privacy notices are beyond their scope of expertise. They do not consider themselves accountable for how a notice comes across to the user. Designers also believe that they have limited agency when it comes to designing privacy notices as most of the decisions have been already taken by the company or the service. They can play a major role in communicating privacy concerns at an interface level, but the issues of privacy are much deeper. Designers tend to find ways of informing the user without compromising the user experience, and in the process choose aesthetic decisions over informed consent.

Issues with Visual Communication of Privacy Notices

The ineffectiveness of privacy notices can be attributed to several broad issues such as the complex language and length, their timing, and location. In 2015, the Center for Plain Language [7] published a privacy-policy analysis report [8] for TIME.com [9], evaluating internet-based companies’ privacy policies to determine how well they followed plain language guidelines. The report concluded that among the most popular companies, Google and Facebook had the more accessible notices, while Apple, Uber, and Twitter were ranked as less accessible. The timing of notices is also crucial in ensuring that it is read by the users. The primary task for the user is to avail the service being offered. The goals of security and privacy are valued but are only secondary in this process. [10] Notices are presented at a time when they are seen as a barrier between the user and the service. People thus, choose to ignore the notices and move on to their primary task. Another concern is disassociated notices or notices which are presented on a separate website or manual. The added effort of going to an external website also gets in the way of the users which leads to them not reading the notice. While most of these issues can be dealt with at the strategic level of designing the notice, there are also specific visual communication design issues that are required to be addressed.

Invisible Structure and Organisation of Information

Long spells of text with no visible structure or content organisation is the lowest form of privacy notices. These are the blocks of text where the information is flattened with no visual markers such as a section separator, or contrasting colour and typography to distinguish between the types of content. In such notices, the headings and subheadings are also not easy to locate and comprehend. For a user, the large block of text appears to be pointless and irrelevant, and they begin to dismiss or ignore it. Further, the amount of time it would take for the user to read the entire text and comprehend it successfully, is simply impractical, considering the number of websites they visit regularly.

The privacy policy notice by Apple [11] with no use of colours or visuals.

The privacy policy notice by Twitter [12] no visual segregator

Visual Contrast Between Front Interface and Privacy Notices

The front facing interface of an app or website is designed to be far more engaging than the privacy notice pages. There is a visible difference in the UI/UX design of the pages, almost as if the privacy notices were not designed at all. In case of Uber’s mobile app, the process of adding a destination, selecting the type of cab and confirming a ride has been made simple to do for any user. This interface has been thought through keeping in mind the users’ behaviour and needs. It allows for quick and efficient use of the service. As opposed to the process of buying into the service, the privacy notice on the app is complex and unclear.

Uber mobile app screenshots of the front interface (left) and the policy notice page (right)

Gaining Trust Through the Initial Pitch

A pattern in the privacy notices of most companies is that they attempt to establish credibility and gain confidence by stating that they respect the users’ privacy. This can be seen in the introductory text of the privacy notices of Apple and LinkedIn. The underlying intent seems to be that since the company understands that the users’ privacy is important, the users can rely on them and not read the full notice.

Introduction text to Apple’s privacy policy notice [13]

Introduction text to LinkedIn’s privacy policy notice [14]

Low Navigability

The text heavy notices need clear content pockets which can be navigated through easily using mechanisms such as menu bar. Navigability of a document allows for quick locating of sections, and moving between them. Several companies miss to follow this. Apple and Twitter privacy notices (shown above), have low navigability as the reader has no prior indication of how many sections there are in the notice. The reader could have summarised the content based on the titles of the sections if it were available in a table of contents or a menu. Lack of a navigation system leads to endless scrolling to reach the end of the page.

Facebook privacy notice, on the other hand is an example of good navigability. It uses typography and colour to build a clear structure of information that can be navigated through easily using the side menu. The menu doubles up as a table of contents for the reader. The side menu however, does not remain visible while scrolling down the page. This means while the user is reading through a section, they cannot switch to a different section from the menu directly. They will need to click on the ‘Return to top’ button and then select the section from the menu.

Navigation menu in the Facebook Data Policy page [15]

Lack of Visual Support

Privacy notices can rely heavily on visuals to convey the policies more efficiently. These could be visual summaries or supporting infographics. The data flow on the platform and how it would affect the users can be clearly visualised using infographics. But, most notices fail to adopt them. The Linkedin privacy notice [16] page shows a video at the beginning of its privacy policy. Although this could have been an opportunity to explain the policy in the video, LinkedIn only gives an introduction to the notice and follows it with a pitch to use the platform. The only visual used in notices currently are icons. Facebook uses icons to identify the different sections so that they can be located easily. But, apart from being identifiers of sections, these icons do not contribute to the communication of the policy. It does not make reading of the full policy any easier.

Icon Heavy ‘Visual’ Privacy Notices

The complexity of privacy notices has led to the advent of online tools and generators that create short notices or summaries for apps and websites to supplement the full text versions of policies. Most of these short notices use icons as a way of visually depicting the categories of data that is being collected and shared. iubenda [17], an online tool, generates policy notice summary and full text based on the inputs given by the client. It asks for the services offered by the site or app, and the type of data collection. Icons are used alongside the text headings to make the summary seem more ‘visual’ and hence more easily consumable. It makes the summary more inviting to read, but does not reduce the time for reading.

Another icon-based policy summary generator was created by KnowPrivacy. [18] They developed a policy coding methodology by creating icon sets for types of data collected, general data practices, and data sharing. The use of icons in these short notices is more meaningful as they show which type of data is collected or not collected, shared or not shared at a glance without any text. This facilitates comparison between data practices of different apps.

Icon based short policy notice created for Google by KnowPrivacy [19]

Initiatives to Counter Issues with the Design of Privacy Notices

Several initiatives have called out the issues with privacy notices and some have even countered them with tools and resources. The TIME.com ranking of internet-based companies’ privacy policies brought attention to the fact that some of the most popular platforms have ineffective policy notices. A user rights initiative called Terms of Services; Didn’t Read [20] rates and labels websites’ terms & privacy policies. There is also the Usable Privacy Policy Project which develops techniques to semi-automatically analyze privacy policies with crowdsourcing, natural language processing, and machine learning. [21] It uses artificial intelligence to sift through the most popular sites on the Internet, including Facebook, Reddit, and Twitter, and annotate their privacy policies. They realise that it is not practical for people to read privacy policies. Thus, their aim is to use technology to extract statements from the notices and match them with things that people care about. However, even AI has not been fully successful in making sense of the dense documents and missed out some important context. [22]

One of the more provocative initiatives is the Me and My Shadow ‘Lost in Small Print’ [23] project. It shows the text for the privacy notices of companies like LinkedIn, Facebook, WhatsApp, etc. and then ‘reveals’ the data collection and use information that would closely affect the users.

Issues with notices have also been addressed by standardising their format, so people can interpret the information faster. The Platform for Privacy Preferences Project (P3P) [24] was one of the initial efforts in enabling websites to share their privacy practices in a standard format. Similar to KnowPrivacy’s policy coding, there are more design initiatives that are focusing on short privacy notice design. An organisation offering services in Privacy Compliance and Risk Management Solutions called TrustArc, [25] is also in the process of designing an interactive icon-based privacy short notice.

TrustArc’s proposed design [26] for the short notice for a sample site

Most efforts have been done in simplifying the notices so as to decode the complex terminology. But, there have been very few evaluations and initiatives to improve the design of these notices.

Recommendations

Multilayered Privacy Notices

One of the existing suggestions on increasing usability of privacy notices are multilayered privacy notices. [27] Multilayered privacy notices comprise a very short notice designed for use on portable digital devices where there is limited space, condensed notice that contains all the key factors in an easy to understand way, and a complete notice with all the legal requirements. [28] Some of the examples above use this in the form of short notices and summaries. The very short notice layer consists of who is collecting the information, primary uses of information, and contact details of the organisation.[29] Condensed notice layer covers scope or who does the notice apply to, personal information collected, uses and sharing, choices, specific legal requirements if any, and contact information. [30] In order to maintain consistency, the sequence of topics in the condensed and the full notice must be same. Words and phrases should also be consistent in both layers. Although an effective way of simplifying information, multi-layered notices must be reconsidered along with the timing of notices. For instance, it could be more suitable to show very short notices at the time of collection or sharing of user data.

Supporting Infographics

Based on their visual design, the currently available privacy notices can be broadly classified into 4 categories; (i) the text only notices which do not have a clearly visible structure, (ii) the text notices with a contents menu that helps in informing of the structure and in navigating, (iii) the notices with basic use of visual elements such as icons used only to identify sections or headings, (iv) multilayered notices or notices with short summary before giving out the full text. There is still a lack of visual aid in all these formats. The use of visuals in the form of infographics to depict data flows could be more helpful for the users both in short summaries and complete text of policy notices.

Integrating the Privacy Notices with the Rest of the System

The design of privacy notices usually seems disconnected to the rest of the app or website. The UI/UX design of privacy notices requires as much attention as the consumer-facing interface of a system. The contribution of the designer has to be more than creating a clean layout for the text of the notice. The integration of privacy notices with the rest of the system is also related to the early involvement of the designer in the project. The designer needs to understand the information flows and data practices of a system in order to determine whether privacy notices are needed, who should be notified, and about what. This means that decisions such as selecting the categories to be represented in the short or condensed notice, the datasets within these categories, and the ways of representing them would all be part of the design process. The design interventions cannot be purely visual or UI/UX based. They need to be worked out keeping in mind the information architecture, content design, and research. By integrating the notices, strategic decisions on the timing and layering of content can be made as well, apart from the aesthetic decisions. Just as the aim of the front face of the interface in a system makes it easier for the user to avail the service, the policy notice should also help the user in understanding the consequences, by giving them clear notice of the unexpected collection or uses of their data.

Practice Based Frameworks on Designing Privacy Notices

There is little guidance available to communication designers for the actual design of privacy notices which is specific to the requirements and characteristics of a system. [31] The UI/UX practice needs to be expanded to include ethical ways of designing privacy notices online. The paper published by Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor, called, ‘A Design Space for Effective Privacy Notice’ in 2015 offers a comprehensive design framework and standardised vocabulary for describing privacy notice options. [32] The objective of the paper is to allow designers to use this framework and vocabulary in creating effective privacy notices. The design space suggested has four key dimensions, ‘timing’, ‘channel’, ‘modality’ and ‘control’. [33] It also provides options for each of these dimensions. For example, ‘timing’ options are ‘at setup’, ‘just in time’, ‘context-dependent’, ‘periodic’, ‘persistent’, and ‘on demand’. The dimensions and options in the design space can be expanded to accommodate new systems and interaction methods.

Considering the Diversity of Audiences

For the various mobile apps and services, there are multiple user groups who use them. The privacy notices are hence not targeted to one kind of an audience. There are diverse audiences who have different privacy preferences for the same system. [34] The privacy preferences of these diverse groups of users’ must be accommodated. In a typical design process for any system, multiple user personas are identified. The needs and behaviour of each persona is used to determine the design of the interface. Privacy preferences must also be observed as part of these considerations for personas, especially while designing the privacy notices. Different users may need different kinds of notices based on which data practices affect them.[35] Thus, rather than mandating a single mechanism for obtaining informed consent for all users in all situations, designers need to provide users with a range of mechanisms and levels of control. [36]

Ethical Framework for Design Practitioners

An ethical framework is required for design practitioners that can be followed at the level of both deciding the information flow and the experience design. With the prevalence of ‘dark patterns’, the visual design of notices is used to trick users into accepting it. Design ethics can play a huge role in countering such practices. Will Dayable, co-director at Squareweave, [37] a developer of web and mobile apps, suggests that UI/UX designers should “Design Like They’re (Users are) Drunk”. [38] He asks designers to imagine the user to be in a hurry and still allow them access to all the information necessary for making a decision. He concludes that good privacy UX and UI is about actually trying to communicate with users rather than trying to slip one past them. In principle, an ethical design practice would respect the rights of the users and proactively design to facilitate informed consent.

Reconceptualising Privacy Notices

Based on the above recommendations, a guiding sample for multilayered privacy notices has been created. Each system would need its own structure and mechanisms for notices, which are integrated with its data practice, audiences, and medium, but this sample notice provides basic guidelines for creating effective and accessible privacy notices. The aesthetic decisions would also vary based on the interface design of a system.

Sample Fixed Icon for Privacy Notifications

A fixed icon can appear along with all privacy notifications on the system, so that the users can immediately know that the notification is about a privacy concern. This icon should capture attention instantly and suggest a sense of caution. Besides its use as a call to attention, the icon can also lead to a side panel for privacy implications from all actions that the user takes.

Sample Very Short Notice on Desktop and Mobile Platforms

The very short notices can be shown when an action from the user would lead to data collection or sharing. The notice mechanism should be designed to provide notices at different times tailored to a user’s needs in that context. The styling and placement of the ‘Allow’ and ‘Don’t Allow’ buttons should not be biased towards the ‘Allow’ option. The text used in very short and condensed notice layers should be engaging yet honest in its communication.

Sample Summary Notice

The summary or the condensed notice layer should allow the user to gauge at a glance, how the data policy is going to affect them. This can be combined with a menu that lists the topics covered in the full notice. The menu would double up as a navigation mechanism for users. It should be visible to users even as they scroll down to the full notice. The condensed notice can also be supported by an infographic depicting the flow of data in the system.

Sample Navigation Menu

All the images in this section use sample text for the purpose of illustrating the structure and layout

The full notice can be made accessible by creating a clear information hierarchy in the text. The menu which is available on the side while scrolling down the text would facilitate navigation and familiarity with the structure of the notice.

Conclusion

The presentation of privacy notices directly influences the decisions of users online and ineffective notices make users vulnerable to their data being misused. But currently, there is little conversation about privacy and data protection among designers. Design practice has to become sensitive to privacy and security requirements. Designers need to take the accountability of creating accessible notices which are beneficial to the users, rather than to the companies issuing them. They must prioritise the well-being of users over aesthetics and user experience even. The aesthetics of a platform must be directed at achieving transparency in the privacy notice by making it easily readable.

The design community in India has a more urgent task at hand of building a design practice that is informed by privacy. Comparing the privacy notices of Indian and global companies, Indian companies have an even longer way to go in terms of communicating the notices effectively. Most Indian companies such as Swiggy, [39] 99acres, [40] and Paytm [41] have completely textual privacy policy notices with no clear information hierarchy or navigation. Ola Cabs [42] provides an external link to their privacy notice, which opens as a pdf, making it even more inaccessible. Thus, there is a complete lack of design input in the layout of these notices.

Designers must engage in conversations with technologists and researchers, and include privacy and other user rights in design education in order to prepare practitioners for creating more valuable digital platforms.

For more details visit https://cis-india.org/internet-governance/blog/design-concerns-in-creating-privacy-notices

Design and the Open Knowledge Movement

saumyaa — 2019-04-01T12:13:00Z

With the objective of connecting the open knowledge movement with design, the Access to Knowledge team at the Centre for Internet and Society co-organised the Wikigraphists Bootcamp India 2018 with the Wikimedia Foundation during September 28-30, 2018 in New Delhi. The event was held at the School of Design at Ambedkar University Delhi. As part of the bootcamp, a panel discussion was held in order to bring together design practitioners, educators, open knowledge contributors, and design students to explore how design and open knowledge communities can engage with each other. In this post, Saumyaa Naidu shares the learnings from the panel discussion aimed at exploring the potential collaborations between design and the open knowledge movement.

Introduction

Exchange between Design Academics and Open Knowledge

Potential Means of Engagement with Open Knowledge in Design Practice

Applications of Open Knowledge in Design Education

Conclusion

Introduction

Design has historically been functioning in a closed paradigm, both with regard to practice and education. The design process, resources, and products are largely proprietary and limit who can access them. On the other hand, increased use of digital technology offers the potential for greater access and knowledge sharing. In this setting, a dialogue on design and openness becomes essential. There is a need to build sensitivity among designers towards open knowledge and open access practices. Such an exchange can not only allow for design resources and products to be available in the open domain, but also help designers build an extensive shared knowledge base.

With the objective of connecting the open knowledge movement with design, the Access to Knowledge team at the Centre for Internet and Society co-organised the Wikigraphists Bootcamp India 2018 with the Wikimedia Foundation from 28th to 30th September, 2018 in New Delhi. The event was held at the School of Design at Ambedkar University Delhi. As part of the bootcamp, a panel discussion was held in order to bring together design practitioners, educators, open knowledge contributors, and design students to explore how design and open knowledge communities can engage with each other.

The discussion was preceded by an introduction to the open knowledge movement and its potential in creating access and inclusion, by Satdeep Gill. Satdeep is a community outreach coordinator for India at the Wikimedia Foundation. He is also one of the founding members of Punjabi Wikimedians User Group. Satdeep was the programme leader for the Wikiconference India in 2016. The introduction provided a brief history of copyrights and the beginning of the copyleft movement. It discussed creative commons licensing and the role of Wikipedia in the open knowledge movement.

The panel included Suchitra Balasubrahmanyan, Pooja Saxena, and Shyamal. Suchitra Balasubrahmanyan is the dean at the School of Design in Ambedkar University Delhi (AUD). Her research has been on multiple areas such as history of craft and design, and design education in India. Her practice focuses on social communication design. Pooja Saxena is a typeface and graphic designer whose work centres on multi-script design. She has designed an Ol Chiki typeface for Santali language which is available for free and open use. Pooja also teaches typography at several design schools including Pearl Academy, National Institute of Design, and Srishti school of Art, Design, and Technology. Shyamal is an independent researcher and an ornithologist. He has been contributing to Wikipedia for over fifteen years now. In addition to his contributions about the biodiversity of birds, he has also created several illustrations relating to the same. The panel was moderated by Saumyaa Naidu, a designer and researcher at the Centre for Internet and Society (CIS).

The discussion was aimed at addressing three primary questions around design and the open knowledge movement; how academic materials in design inform unstructured or open knowledge spaces and in what ways do these unstructured spaces come back into design education?, what are the potential means of engagement with open knowledge in design practice?, and in what ways can it be applied in design education?

Exchange between Design Academics and Open Knowledge

The discussion began with an enquiry into the challenges faced in the design of knowledge production and the knowledge production of design. It was directed at understanding the various ways in which design education and academia interact with open knowledge. Prof. Suchitra responded by saying that it is still early days for such an interaction to take place as the discipline of design itself is very proprietary in its approach. The work created in different areas of design is often guarded. Locating the discussion at the School of Design in AUD, she suggested that the Social Design course, which looks at the social application of design, believes in socially produced knowledge and contributing to it. However, the university is constrained by the academic environment which does not facilitate the open exchange of knowledge. There is a culture of copyright and protection of work in academia, and heavy funding is required for journal subscriptions. There is an imbalanced gatekeeping of knowledge as countries like India, which have weaker currencies, cannot access this knowledge or contribute to it. The social design community, a small community yet, is interested in making this knowledge freely accessible, in community participation, in co-designing, and in challenge the idea of one ‘super-designer’ who gets all the credit.

Open knowledge spaces such as Wikipedia often make their way into classrooms when students use these resources for assignments. It was pointed out by Prof. Suchitra that there is a lack of regard among students for giving due attribution to material taken from such platforms. Social Sciences universities also consider Wikipedia as an unreliable source, and discourage its use. There is a need to build the culture of knowledge sharing, borrowing, and contribution. She believes that this should be initiated at the level of school education, and not just design schools, so it is internalised at an early stage. She also shared an epistemological concern regarding such a cultural shift in design as it is commonly believed that the knowledge designers produce belongs to them and their livelihoods are connected to it. Hence, open knowledge and open source are antithetical to the profession. This means that the profession itself has to be imagined differently. The social design programme, in this regard, is trying to ensure that when students create work based on interactions with a community, also go back and present it to the community. This is to say that the work produced cannot be exclusively owned by the designers.

The open knowledge movement in India is closely tied to accessibility of information in Indian languages. The availability of a design knowledge base in Indian languages was discussed in this context. Prof. Suchitra explained that most design education in India is in English and is borrowed from another cultural and geographical setting. Design is a discipline of making, and making has its own language. In that sense, the act and content of design transcends language. But, it is the pedagogy which is held by language. The act of making, which is ubiquitous, and is done naturally by everybody, gets held back when it comes to the transmission in different languages. There can be sanskritised words for design terminology, but the vocabulary of everyday use should be applied to represent this knowledge. The School of Design is looking for ways in which important and more provocative texts in design can be made available in other Indian languages. When students are exploring a career in design and they want to learn about it, the information about courses, programmes, and universities should also be available in their language.

The students at AUD recently demanded that education at the university be provided in multiple languages. Since AUD is funded by the Delhi state government, the students want the medium of instruction to include languages of the state (Hindi, Urdu, and Punjabi) apart from English. However, in order to accomplish this, the university would require multilingual teachers. At a personal level, Prof. Suchitra feels that the medium of instruction cannot be monolingual, and that it is good to be multilingual. There is also the conflict that it doesn’t do justice to either languages, and there is no neat answer yet. She believes that technology provides some answers in the sense that students can access the material through translations in whichever language they prefer. Being located in Delhi, the university attracts students from all parts of the country, so it needs to be multilingual in different ways. Technology can intervene and provide a layer by which access can be given in the language of one’s choice. She inferred that this is not a question of one or two languages, but of languages everywhere.

Potential Means of Engagement with Open Knowledge in Design Practice

Presently, there is limited participation from design practitioners on open knowledge platforms. From the perspective of a design practitioner and educator, Pooja Saxena explained that apart from Wikipedia, designers use The Noun Project, which offers both free and paid ways to use icons. She mentioned how students also use this platform but it appears that they are not as interested in contributing to it. They are guarded about the work they create but are fine with using someone else’s work that is available for free. Pooja suggested a much needed change in the understanding that open knowledge simply means that it is open for use. It must be seen as a community which one needs to engage with in whichever capacity and give back to. Agreeing with Prof. Suchitra, Pooja also observed that students fail to give fair attribution when any work is available for free. There is a lack of training and communication around attribution among designers. Regarding open source softwares meant for image making and creating illustrations, Pooja said that despite her several attempts of using them, she has always gone back to proprietary softwares. She believes that there are not enough people contributing to making these open source applications better to work with. A middle path she recommended for designers is creating work in formats which can be edited across applications, so that the work created can be built upon in any application, and is not bound by a proprietary software.

As an experienced Wikipedian, Shyamal also stressed upon the idea of finding ways to productively give back to the open knowledge community. He talked about the opportunities that design students have in terms of creating quality images and graphics, and making them available for public use. An example of such an opportunity could be creating clipart or icons that can be used for roadside signages or other such public resources. Another possibility he proposed was publishing rough drafts or discarded work on platforms like Wikipedia, so it can be refined and used by others. It is not well known that aside from the textual part of Wikipedia, there exists a larger environment which includes projects like Wikidata, which is a semantic database, and Wikimedia Commons, which is meant for a variety of media such as images, video, audio, and even 3D models now. This offers a variety of options to designers to make their work available for open use. Another aspect that Shyamal brought attention to in this regard is to make the work available in a way that it can be easily found by others, by effectively using metadata and writing appropriate descriptions.

A relevant example of engagement of design with the open knowledge community was shared by Pooja through her type design project. This included designing a typeface family for the Ol Chiki script, which is used to write in the Santhali language. The project was initiated by Subhashish Panigrahi at CIS in order to set up the Santhali Wikipedia. But, at the time there were no unicode compliant fonts available for Ol Chiki. This was a clear example of how a design intervention in the form of a typeface could lead to knowledge being shared and possibly even created in the future. The project was then funded by the Access to Knowledge programme at CIS. Pooja described the process of designing the typeface. She mentioned that even though the Santhali language is spoken by over 6 million people, Ol Chiki is not a commonly used script. The script itself was invented less than a hundred years ago, which meant that there is little documentation available of the script to look at. The team then engaged with the community to understand how they would like the letters to look like, and whether the letters in the font were correct. This was done through comprehensive feedback forms to test the letters and ask specific questions around their form and placement. The exercise was repeated a number of times to get accurate letters.

Through this process, Pooja made a key observation on perfection. Designers are often trained to share or show their work only when they think it is perfect. But, in the case of the typeface, it was impossible to achieve something even close to being finished without showing it and seeking help from the community. The project also led to inspiring a design student from the National Institute of Design, who belongs to the Santhal community, to create letters in Ol Chiki script as part of the ‘36 days of type’ challenge on Instagram. The typeface thus, can contribute towards such projects as well. Pooja concluded that the typeface being available for free can also lead to students making a version of it that serves their purpose better.

Further on open typefaces for Indian languages, Shyamal spoke about the several issues regarding the use of Indian languages, specific to Wikipedia and in general as well. He correlated the lack of academic disciplines in Indian languages with the lack of vocabulary of technical terms. Several people also oppose borrowing words from other languages. In an example of needing to translate the labels of an illustration of a four-stroke engine into an Indian language, the engineer would not know the terms in that language, and the language expert will not know enough about engineering. Shyamal suggested transliterating English words as a first step, so that somebody who doesn’t know English can understand what the word sounds like. Another technical concern is the use of open source fonts of Indian languages for better compatibility on Wikimedia Commons. The platform replaces proprietary fonts with equivalent open source ones during the process of uploading. This changes the typesetting in the illustration in terms of spacing between the letters and sentences, and the resulting design can end up looking different from the intended one. Hence, it is important to include identification and use of open source fonts as part of the learning process in design.

Shyamal further talked about the need to create more awareness about copyright. He explained that the fact that anything we create is automatically copyrighted is not really understood by most people. People posting images on Facebook and Instagram would allow others to use their work when asked, but would hesitate to give a written permission. It would be useful to license out the work. This lack of copyright awareness hinders the creation of a vast visual database on Wikimedia Commons. There is little visual information available online about objects, monuments, maps, places, etc. in India. The advantage of using systems like Wikipedia is that you can geotag places, you can semantically describe them so that people who speak other languages can find that content. The value of availability of such content online for an outsider is not well understood yet. As a practice, when learning something new, Shyamal himself tries to add it on Wikipedia or on related projects, so that it can be of use to anyone else looking for it as well.

On encouraging designers to contribute to open knowledge, Pooja advised that designers can contribute through side projects or self-initiated projects as they are not looking to make any money from them to begin with, and would be able to share the work for free. These side projects can take the form of resources or tools that other people can use to build something else. She also pointed out that it is not necessary that designers cannot get paid to do open work, and shared the example of the Ol Chiki typeface, which was paid for by a patron. There are also organisations that commission projects which are supposed to be available for free use because those organisations need that product to be available for free. Google fonts for example, commissions the typefaces to designers which are eventually available as free and open fonts. It is important for designers to be aware that such opportunities exist, and that they need to be sought.

Applications of Open Knowledge in Design Education

The discussion led to several suggestions on involving design students in the open knowledge movement. Pooja recommended that students can be encouraged to make their assignments available on Wikimedia Commons. Design students are often expected to work on projects that address problems that exist in the real world. In most cases, these projects remain with the students and not get implemented in the real world. If such projects were available on open platforms like Wikimedia Commons, they can be taken forward by others who are tackling the same concerns. It is also something that design students would benefit from because their work will be publicly available.

In order to address the disregard for attributions pointed out earlier, Prof. Suchitra stressed upon the need to build a culture among design students to attribute fairly. This would allow for acceptable acknowledgement to someone who has produced work and contributed it to the open domain. She added that this is being initiated in other design spaces such as the Decolonise Design group, which some design faculties are a part of. The group looks at ways of finding different cultural anchors for design. One such project is where design faculties have gotten together to share design assignments, in order to see what kind of assignments we set in the classroom for teaching various kinds of concepts in design. The faculties are trying to form an international platform where teaching methods can be shared and a bank of design assignments can be created. These methods and assignments are otherwise considered proprietary.

Prof. Suchitra also talked about the onus on public funded educational institutions to make their work available on open platforms, at least in projects which have a larger use. The Industrial Design Centre (IDC), Powai already has a portal on which design related educational material is available for anyone who is interested. They offer an online course in design which anyone can register for and attend. It is only for the certification at the end of the course, that one needs to pay to take an exam. Design courses otherwise tend to be quite expensive. She mentioned that the School of Design at AUD has been contemplating sharing the thesis work that students produce on Academia, a platform for academics to share research papers, where it can be downloaded for free. This allows for the work to be viewed by people outside the school, which is a significant step for young designers. Design as a profession fundamentally does not allow sharing, and this certainly needs to change. She gave the example of textiles, where the traditional artworks and motifs are picked up from different sources and placed on fabrics. Such reuse borders on unethical practice. Therefore, we need to identify the boundaries of open source. The ethical aspects of it need to be opened up and discussed, otherwise it can lead to asymmetrical knowledge practices. The attribution or acknowledgement that the work individually or culturally belongs to somebody, needs to be recognised.

On the learning by doing approach in design education, Pooja raised the concern that there is a lack of attention towards ‘learning by reading’. Design related reading materials are not available on open platforms and in different languages. She suggested that even if the readings are available in English, it is also useful for them to be available in a vocabulary that is more acceptable for someone for whom it is not their first language. Further, the ‘doing’ is also framed by a certain perspective, and often that perspective is quite closed. It does not take into account where the students is coming from. For example, a branding assignment for a product for new mothers does not consider how eighteen year old students would understand the product without any interaction with the users. It doesn’t ask why does it have to be branding to begin with. It also limits the objective to ‘selling something’ while there are other ways in which design can intervene. In the assignments where students engage with a community, there is often a clear asymmetry between the students and the people they are designing for. There is a vast gap in the knowledge and experience shared by the two. Consequently, students are forced to either assert themselves in this community or misrepresent themselves. This also takes away from students wanting to share their work on open platforms. Pooja recommended that they would be more willing to put the work out in the open when they are working with their own community because they can then see how it affects people in a much more direct way.

Conclusion

The discussion brought forward various intersections in design and open knowledge, and the possible ways in which the two can lend to each other. Broader interventions such as a cultural shift in design around sharing work and discussing its ethical aspects, availability of academic material in design on open platforms and in different Indian languages, sensitivity around fair attribution and copyrights among designers, and designers seeking out or self initiating projects that contribute to the open domain were discussed. In terms of specific steps, ideas including design practitioners creating works in formats which are editable on open applications, adding more visual content on platforms like Wikimedia Commons, creating and using more open typefaces in Indian languages, and students sharing their assignments on open platforms were considered. Other ways of engagement with design education could be through internships and workshops that demonstrate the need for open knowledge systems.

During the interaction with the audience, another key concern was brought up by Govind Sivan, a student at the School of Design at AUD. He spoke about the prevalent approach in design schools of giving primary importance to originality. Students work towards thinking of unique ideas and any similarity between their own and a classmate’s assignment is seen as a failure of creativity. Such an approach goes on to curb shared knowledge and collaborative working, and needs to be changed in order to make way for openness in design. Prof. Suchitra also advised that there is more value to design in thinking of it as a collaborative project.

Design is also gradually opening up its process to include the people being designed for through open research methods such as co-design and participatory design. All aspects of a design process such as need identification, data gathering, and the end product can be conceptualised for openness. These directions can be explored by both designers and the open knowledge community for the creation of a greater and more accessible knowledge base.

For more details visit https://cis-india.org/a2k/blogs/saumyaa-naidu-design-and-the-open-knowledge-movement

Cybersecurity Visuals Media Handbook: Launch Event

saumyaa — 2019-12-06T09:27:37Z

6th December | 6 pm | Centre for Internet and Society, Bangalore

The existing cybersecurity imagery in media publications has been observed to be limited in its communication of the discourse prevailing in cybersecurity policy circles, relying heavily on stereotypes such as hooded men, padlocks, and binary codes.

In order to enable a clearer, more nuanced representation of cybersecurity concepts, we, at CIS, along with Design Beku are launching the Cybersecurity Visuals Media Handbook. This handbook has been conceived to be a concise guide for media publications to understand the specific concepts within cybersecurity and use it as a reference to create visuals that are more informative, relevant, and look beyond stereotypes.

We will be launching the interactive digital handbook on 6th December, 2019, at the Centre for Internet and Society, Bangalore, at 6 pm. The event would include a discussion on the purpose, process, and concepts behind this illustrated guide by CIS researchers and Design Beku.

The launch will be followed by a panel discussion on Digital Media Illustrations & the Politics of Technology. We will be joined by Padmini Ray Murray, Paulanthony George, and Kruthika N S in the panel. It will be moderated by Saumyaa Naidu.

Padmini Ray Murray

Padmini founded the Design Beku collective in 2018 to help not-for-profit organisations explore their potential through research-led design and digital development. Trained as an academic researcher, Padmini currently as the head of communications at Obvious, a design studio. She regularly gives talks and publishes on the necessity of technology and design to be decolonial, local, and ethical.

Paulanthony George

Paulanthony hates writing bios in the third person.
My research focuses on the relationships between made objects, the maker and the behaviour of making, in the context of spreadable digital media (and behaviours stemming from it). I study internet memes inside and outside of India and phenomenon such as dissent, satire, free expression and ambivalent behaviour fostered by them. The research is at the intersection of digital ethnography, culture studies, human-computer interaction, humour studies and critical theory. I spend my time watching people. I draw them, the way they are, the way some people want to be and sometimes I have interesting conversations with them.

Kruthika N S

Kruthika NS is a lawyer at LawNK and researcher at the Sports Law & Policy Centre, Bengaluru. She uses art as a medium to explore the intersections of the law and society, with gender justice featuring as the central theme of her work. Her art has included subjects such as the #MeToo movement in India, and the feminist principles of the internet, among several other doodles.

Saumyaa Naidu

Saumyaa is a designer and researcher at the Centre for Internet and Society.

Agenda
6:00 - 6:15 pm - Introduction
6:15 - 6:45 pm - Presentation on the Media Handbook by Paulanthony George
6:45 - 7:00 pm - Tea/ Coffee
7:00 - 8:00 pm - Panel discussion on Digital Media Illustrations & the Politics of Technology
8:00 - 8:30 pm - Tea/ Coffee and Snacks

The interactive version of handbook can be accessed here. The print versions of the handbook can be accessed at: Single Scroll Printing, Tiled-Paste Printing.

For more details visit https://cis-india.org/internet-governance/blog/cybersecurity-visuals-media-handbook-launch-event