How to cite this article:  “Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection” by Arianna Rossi and Monica Palmirani in Design Issues Volume 36, Issue 3, Summer 2020, pp. 82-96, published by The MIT Press.   The original publication is available at:  https://www.mitpressjournals.org/doi/abs/10.1162/desi_a_00605  ©2020 Massachusetts Institute of Technology  Can Visual Design Provide Legal Transparency? The Challenges  for Successful Implementation  of Icons for Data ProtectionArianna Rossi, Monica Palmirani 1 European Parliament and Council of  IntroductionEuropean Union, Regulation (EU) In 2018, a key year for data privacy and data protection in the 2016/679 of the European Parliament  European Union, the General Data Protection Regulation (GDPR) and of the Council of 27 April 2016 on  became applicable.1 With it came a series of new duties and rights the Protection of Natural Persons with destined to revolutionize the ecosystem of personal data gathering Regard to the Processing of Personal Data and on the Free Movement of Such and processing. The GDPR introduced a number of significant pro-Data, and Repealing Directive 95/46/EC visions that potentially produce far-reaching effects because its (General Data Protection Regulation), OJ obligations apply to any organization offering services or goods to L 119, 4.5.2016, p. 1–88, 2016. https:// individuals on European soil. As a general aim, the GDPR is eur-lex.europa.eu/eli/reg/2016/679/oj. intended to re-establish a balance between those entities collecting 2 See Article 29 Data Protection Working Party, Guidelines on Transparency  and processing personal data (i.e., the data controllers) and individ-Under Regulation 2016/679, 17/EN uals to whom that personal data belong (i.e., the data subjects), who WP260rev. 01 (2018). https://ec.europa. often are unaware of the extent of the processing. eu/newsroom/article29/document.cfm?  To reach this goal, the GDPR put a priority on design. The action= display&doc_id=51025 (accessed regulators assigned unprecedented relevance to the design quality November 12, 2019). The Article 29 Working Party was an independent  of the information describing both the processing practices for per-advisory body with the mission of  sonal data and the rights of the concerned data subjects. This infor-providing expert advice to the Member mation is commonly communicated in privacy notices. Under the States and recommendations to the  GDPR, the nature, accessibility, and comprehensibility of the infor-European Commission about the  mation describing data privacy practices must demonstrate com-application of data protection laws through the publication of guidelines  pliance with the transparency obligations laid down in Article 12.2 and opinions, as well as to guarantee The GDPR requires that any communication addressed to data uniform application of the law across  subjects must be designed in a “concise, transparent, intelligible the EU. Under the GDPR, the work  and easily accessible form, using clear and plain language.”3 of the WP29 is continued by its   Such attention to design—including the modality and replacement body, the European Data Protection Board. efficacy of data privacy communication—represents a landmark in 3 GDPR Article 12.1. EU data protection law. It reflects decades of research documenting 4 For an overview of the problems related the absolute incapacity of traditional privacy policies to inform to privacy disclosures, see Arianna Rossi people’s privacy-related decisions. These traditional treatments et al., “When Design Met Law: Design of data privacy information take the form of lengthy, overly com-Patterns for Information Transparency,” Droit de la Consommation = Consumen- plex, unintelligible, and hard-to-navigate documents.4 The design terecht: DCCR [Consumers protection of privacy communication tends to be so poor that some scholars law] 122–23 (2019): 92–7; Florian Schaub have even categorized traditional privacy communication as dark et al., “A Design Space for Effective  Privacy Notices,” Symposium on Usable Privacy and Security (SOUPS), Carleton University, Ottawa, Canada, July 22–24,  © 2020 Massachusetts Institute of Technology  82 DesignIssues:  Volume 36, Number 3  Summer 2020 https://doi.org/10.1162/desi_a_00605patterns—as “obscure strategies” that make it “hard or even im-possible for data subjects to learn how their personal data is collected, stored, and processed.”5 The GDPR challenges this dysfunction. The previous information paradigm focused on the quantity of information as a signifier of effective disclosure.6 Mean-while, the quality of legal information design has been ignored. The Article 29 Working Party (WP29), in its guidelines on transpar-ency maintains that the concept of transparency should be inter-preted and applied in a user-centric manner.7 Thus, privacy notices should not just superficially comply with the legal provision on mandated disclosure, but should be effective, informative tools. Hence, the design of legal communication must account for the specificity of the intended audience and the characteristics of human cognition to provide transparent, comprehensible, and nav- 2015; George Milne and Mary Culnan, igable disclosures. “Strategies for Reducing Online Privacy  Remarkably, the GDPR even acknowledges the potential of Risks: Why Consumers Read (or Don’t visual design to enhance the comprehensibility of privacy terms. Read) Online Privacy Notices,” Journal  of Interactive Marketing  18, no. 3  Namely, it provides for the possibility of disclosing information to (2004): 15–29; and Wainer Lusoli et al., data subjects with text in combination with standardized visual “Pan-European Survey of Practices, Atti- icons to give “in an easily visible, intelligible and clearly legible tudes and Policy Preferences as Regards manner a meaningful overview of the intended processing.”8 Such Personal Identity Data Management” icons must be machine-readable when presented in electronic for-(Publications Office of the European mat.9Union, 2012). DOI: 10.2791/81962.  Although the European Commission’s role is to give direc-5 Dark patterns are “malicious patterns tions on the creation of the icons through delegated acts, the that intentionally weaken or exploit the necessity of experts’ involvement is emphasized in Recital 166 of privacy of users, often by making them the GDPR.10 In addition, the WP29, prior to any EU standardization, disclose personal data or consent against encourages an “evidence-based approach” and the necessity for their real interest.” See Christoph  Bösch et al., “Tales from the Dark Side: “extensive research in conjunction with industry and the wider Privacy Dark Strategies and Privacy Dark  public as to the efficacy of icons in this context.”11 Patterns,”  Proceedings on Privacy  The research and the open problems described in the Enhancing Technologies 2016 , no. 4 following sections aim to contribute to the emerging debate on (2016): 242. evidence-based design standards for data protection icons in 6 Andreas Oehler and Stefan Wendt, “Good Consumer Information: The  the EU. Section 2 discusses possible explanations for the use of Information Paradigm at Its (Dead) End?”  icons in the data protection domain by listing some advantages Journal of Consumer Policy  40, no. 2 and disadvantages. Section 3 introduces the methodological (2017): 188. choices for the design of DaPIS, the icon set created as a means to 7 WP29,  Guidelines on Transparency , 5. fulfill the GDPR’s requirements. Section 4 addresses some major 8 GDPR , Article 12.7.9 GDPR , Article 12.7. challenges that surfaced while designing DaPIS and advances 10 See  GDPR , Article 12.8 and Article 92. some potential answers for further research. We focus on the object See also  GDPR , Recital 166, which of representation of the icons, their function, the methods for their states that “…[D]elegated acts should evaluation, and their interpretation. be adopted in respect of criteria and  This article also contributes to the broader discussions requirements for […] information to  be presented by standardised icons and of design’s role in effective regulation and public access to rights procedures for providing such icons.  and laws. Can visual representations of complex technical and It is of particular importance that the legal information effectively help people make sense of it—and Commission carry out appropriate  consultations during its preparatory  work, including at expert level.” 11 WP29,  Guidelines on Transparency , 26.DesignIssues:  Volume 36, Number 3  Summer 2020 83take action to protect their own interests? Can design offer a 12 See, e.g., Colette R. Brunschwig, “On means for effective participation in civic and consumer life? This Visual Law: Visual Legal Communication and Practices and their Scholarly Explo- article’s discussion of the particular visualizations of GDPR ration,” Zeichen und Zauber des Rechts: communications provides some evidence of existing possibilities Festschrift für Friedrich Lachmayer [Signs and constraints.and Magic of Law: Commemorative  for Friedrich Lachmayer], ed. Erich  Why Icons for the Legal Domain? Schweihofer et al. (Bern: Editions Weblaw, 2014): 899–933; and Volker Among the several possible visual means that can enhance the Boehme-Nessler,  Pictorial Law:  transparency of legal communication, the European legislators Modern Law and the Power of Pictures  have overtly mentioned pictograms. But why is that? In this sec-(Berlin: Springer Science & Business tion, we suggest a few complementary explanations for this spe-Media, 2010). cific choice. 13 See Thomas Barton et al., “Successful Contracts: Integrating Design and  Technology,” in Legal Tech, Smart  Visual Design for the Legal DomainContracts and Blockchain, ed. M.  Visual communications of legal matters represent a rather novel, Corrales et al. (Singapore: Springer, but increasingly growing field of study.12 Two opposing positions 2019): 69–72. “Visualizations seem to have been expressed as to how legal communications might be have a positive impact on information finding…, understanding… and  affected by visual design. One view highlights the attested benefits recalling….” See Stefania Passera and of visualizations for the communication of legal matters, mostly Helena Haapio, “Transforming Contracts derived from empirical evidence. For example, visualizations of from Legal Rules to User-Centered  legal matters can support comprehension in the following ways: Communication Tools: A Human-  …clarifying what written language does not manage   Information Interaction Challenge,”  Communication Design Quarterly   to explain fully; making the logic and structure of the  Review 1, no. 3 (2013): 42.  documents more visible; supporting evidence, analysis,   14 Colette Brunschwig, “Multisensory Law  explanation, and reasoning in complex settings; and  and Therapeutic Jurisprudence: How  providing an alternative access structure to the contents,  Family Mediators Can Better Communi-  especially to the non-experts working with the document.13cate with Their Clients,” Phoenix Law Review 5, no. 5 (Summer 2012): 744.15 On icons for the data protection domain, The other view states that, because the law is traditionally ex-see Samson Esayas et al., “Is a Picture pressed through linguistic utterances (i.e., law is “verbocentric”14), Worth a Thousand Terms? Visualising visual communication poses risks. Indeed, according to this view, Contract Terms and Data Protection graphical means would not be able to transmit the nuances of Requirements for Cloud Computing Users,” in International Conference on legal language,15 and they would be more open to interpretation 16Web Engineering (Cham, Switzerland): than written statements.  Thus, visual communication would Springer, 2016): 42; and Christopher  augment, rather than minimize, the risks of misunderstandings. F. Mondschein, “Some Iconoclastic In addition, it would constitute a problem in court because no Thoughts on the Effectiveness of  established framework or vocabulary exists for interpreting and Simplified Notices and Icons for Inform-ing Individuals as Proposed in Article 12 interrogating visual legal documents, unlike the well-established (1) and (7) GDPR,” European Data  legal hermeneutics for verbal provisions.17Protection Law Review 2 (2016): 518.  The cautious observations of the latter view disregard three 16 “Visual communication is freer and  essential aspects of the actual use of visual design. First, visual less controlled than language-based elements generally are not meant to completely replace text in communication. …[I]mages leave more legal documents.18 Rather, illustrations, such as diagrams, time-room for internal development and  19interpretation.…Images are potentially lines, icons, and comics, complement words.  Second, the aim is more anarchic than words.” Boehme-Nessler, Pictorial Law, 89.17 On hermeneutics of visual artifacts,  see, e.g., Jay A. Mitchell, “Whiteboard and Black-Letter: Visual Communication 84 DesignIssues:  Volume 36, Number 3  Summer 2020not to have visual elements represent legal meanings as precisely  in Commercial Contracts,” University  as verbal expressions can do. Instead, they can clarify, give salience of Pennsylvania Journal of Business Law 20 (2018): 837–43; and Naomi Mezey, to, and improve memorability and navigability of information—for “The Image Cannot Speak for Itself: Film, instance, by making visible abstract relations between concepts Summary Judgment, and Visual Literacy,” (e.g., sequences or conditions) that are typical of legal documents.20 Valparaiso University Law Review 48 In the legal domain, then, clarifying that different kinds of visual (2013): 3. elements convey different types of information and adopt different 18 That icons, or visual elements in general, should substitute for words completely  functions is important; some of these functions are not inherently is a common misconception in the legal pictorial. For example, timelines illustrate temporal sequences and sphere. See, e.g., Esayas et al., “Is a  comic strips can properly represent narratives, while companion Picture,” 45; and Gerlinde Berger-Wal- icons can support strategic reading in long documents. liser et al., “From Visualization to Legal  Users’ interpretation of legal documents does not corre-Design: A Collaborative and Creative  Process,” American Business Law  spond to the hermeneutical activity of legal professionals. Whereas Journal 54, no. 2 (2017): 349. the latter is a specific methodology for the interpretation of legal 19 Helena Haapio and Stefania Passera, provisions, the former is a regular communicative process final-“Contracts as Interfaces: Exploring  ized to the understanding of a (linguistic or non-linguistic) mes-Visual Representation Patterns in  sage. Although we recognize the need for extensive research on the Contract Design,” in Legal Informatics, ed. Daniel Katz et al. (Cambridge:  first aspect, we focus in this article on the latter.Cambridge University Press, 2016). 20 Haapio and Passera, Contracts as  Icons for the Legal DomainInterfaces, 14 online. As simplified visual illustrations, icons cannot enhance compre-21 Connie Malamed, Visual Language  hensibility of data practices as other visual elements that involve for Designers: Principles for Creating Graphics That People Understand  complex content (e.g., videos or comics) could do. However, they (Beverly, MA, MD: Rockport Publishers, can be recognized, processed, and memorized with ease and thus 2009): 119. can serve as cognitive support for the classification of content 22 Sarah Isherwood et al., “Icon Identifi- better than text can, as graphic user interfaces successfully demon-cation in Context: The Changing Role of strate.21 In addition, we note a widespread belief that icons can Icon Characteristics with User Experi-ence,” Human Factors 49, no. 3 (2007): overcome linguistic and cultural barriers, which also is commonly 22465. For a critical examination of the  held in the juridical domain.  Whereas this belief holds true for supposed universality of icons, see, e.g., standardized conventions (e.g., the traffic signs and the graphical Robert Dewar, “Design and Evaluation  symbols used in public spaces) and for icons representing concrete of Public Information Symbols,” in  objects, the meaning of symbols that are not semantically transpar-Visual Information for Everyday Use: Design and Research Perspectives, ed. ent must be learned rather than deduced.23 Harms Zwaga et al. (London: Taylor &  However, given the verbo-centricity of the law, icons are less Francis, 1999), 285–303. disruptive non-linguistic elements than comics and other possible 23 Isherwood et al., “Icon Identification in visual mechanisms that would completely transform legal Context,” 467. notices.24 Moreover, well-accepted examples of pictograms used as 24 Margaret Hagan, “Rethinking Data  Privacy Communication Design: Three  universal shorthand for critical legal-technical information do Big Questions from Bologna,” Legal exist. These examples include the pictograms of Creative Com-Design and Innovation (website) (2018), mons licenses for intellectual property.25 Other widely used and https://medium.com/legal-design- even internationally standardized symbols include traffic signs, and-innovation/rethinking-data-privacy- warning signs, and labeling schemes for energy consumption.26 communication-design-3-big-questions-Other popular pictograms symbolize notions related to cybersecu- from-bologna-13275a987047 (accessed November 11, 2019). rity (e.g., the padlock for secure communications and connections) 25 https://creativecommons.org/share- your-work/licensing-considerations/ (accessed February 10, 2020).26 For traffic signs, warning signs,  and labeling schemes for energy  DesignIssues:  Volume 36, Number 3  Summer 2020 85and to data access permissions (e.g., the geolocation symbol). In  consumption, respectively, see United all these cases, the rationale supports the creation of a common pic-Nations Economic Commission for Europe (UNECE), https://www.unece.org/filead- tographic system that can become universally recognizable when min/DAM/trans/conventn/Conv_road_ used consistently.27signs_2006v_EN.pdf (accessed February  A few initiatives for the creation of an icon language to sum-10, 2020); UNECE, “Globally Harmo- marize data practices exist, although they have neither gained nized System of Classification and Label- acceptance nor reached extensive adoption.28 Two European-led ling of Chemicals,” GHS Rev. May 8, 2019, https://www.unece.org/index. efforts are of note. The first was conducted as part of the European 29php?id= 51896&L=0 (accessed Febru- PrimeLife project,  which is the most structured attempt to create ary 10, 2020); and European Commis- and assess icons for the data protection domain in the EU. The sec-sion (website), About the Energy Label ond presented six icons and their description in table format and and Ecodesign, https://ec.europa.eu/ was included in the 2013 Draft report on the GDPR proposal.30 The info/ energy-climate-change-environ-ment/ standards-tools-and-labelsprod- display of such icons would have constituted a legal obligation for ucts-labelling-rules-and-requirements/ data controllers if the amendments had been approved. Although energy-label-and- ecodesign/about_en the icons were ultimately discarded, traces of this proposal can be (accessed February 10, 2020). found in the GDPR’s call for icons.27 For a discussion on the standardization of data protection icons, see Arianna Rossi and Gabriele Lenzini, “Making the Case Methodology for the Design of DaPISfor Evidence-Based Standardization of Following the GDPR’s revamped interest for pictograms as trans-Data Privacy and Data Protection Visual parency-enhancing means and taking stock of the lessons derived Indicators,” JOAL, Special Issue on from the few previous attempts to design privacy icons, our “Visual Law,” Rossana Ducato, guest ed., research group drafted the DaPIS (Data Protection Icon Set), an Vol. 8, no. 1 (2020), ISSN: 2372-7152. Open access at: https://ojs.law.cornell. icon set representing core concepts of EU data protection law.31edu/index.php/joal/article/view/103.28 See, e.g., Mary Rundle, “International An Ontological FoundationPersonal Data Protection and Digital In the creation of DaPIS, we followed participatory design methods Identity Management Tools,” Berkman and structured it toward the goal of integration with semantic Center Research Publication No. 2006–06), https://papers.ssrn.com/sol3/papers. technologies. DaPIS was modeled on a specific, formal conceptual-ization of EU data protection law;32cfm?abstract_id=911607; Matthias  and it represents key notions Mehldau, Iconset, “Data-Privacy Declara- grouped in categories, such as the rights of the data subjects and tions v0.1,” https://netzpolitik.org/wp- the purposes of data processing. The meaningful combination of upload/data-privacy-icons-v01.pdf these legally significant categories can support a uniform visual (accessed February 10, 2020; Joshua design scheme.Gomez et al., KnowPrivacy (website), “Privacy Coding Methodology” (2009),  Our team deliberately created the icon set to be modular, http://knowprivacy.org/policies_method- systematic, and semantic, so that it was not just a visual design ology.html; Renato Iannella and Adam intervention, but an intelligent one. The visual signs representing Finden, “Privacy Awareness: Icons and fundamental concepts (e.g., right, withdraw, consent) can be com-Expression for Social Networks,” 8th bined to express complex legal meanings (e.g., the right to with-International Workshop for Technical, Economic and Legal Aspects of Business draw consent) in the same pictogram. We primarily used the root/Models for Virtual Goods, incorporating referent icon design approach, where the root is a constant symbol the 6th International Open Digital Rights representing the category, while the referent specifies the subcate-Language Workshop, September 31– gory.33 We thereby ensured visual uniformity among the icons October 1, 2009, Namur, Belgium, eds. belonging to the same class, to ease their recognition. For instance, Alapan Arnab and Jean-Noël Colin (Namur: Presses universitaires de Namur, an upward-facing hand distinguishes the icons depicting the rights 2010), 1–15; Privacy Icons (web page) of the data subjects from the other conceptual classes (see Figure 1). https://wiki.mozilla.org/Privacy_Icons (updated June 28, 2011; “Final HCI  Research Report,” ed. Cornelia Graf et al., Primelife Deliverable D4.1.5 (2011), 86 DesignIssues:  Volume 36, Number 3  Summer 2020Figure 1 DaPIS pictograms representing the various rights of the data subject and showing the modularity of the icon set: a) rights of the  data subject; b) right to be informed;  c) right to rectification; d) right to erasure;  e) right of access; f) right to data portability;  g) right to object to processing; h) right to restriction to processing; i) right to withdraw consent; j) right to lodge a complaint to the supervisory authority. Figure created by the authors. The icons have been released under a Creative Commons Attributions-ShareAlike 4.0 International License.The ontological foundation was also instrumental for the creation  http://primelife.ercim.eu/images/stories/deliverables/d4.1.5-final_hci_research_ of a machine-readable icon set (as enshrined by GDPR Article report-public.pdf; European Parliament, 12.8)—that is, an icon language whose elements have computer-“Compromise amendments on Articles interpretable meanings that are explicitly and formally defined in 1–29.” COMP Article 1. 07.10.2013 the ontology. This capability allows for semi-automatic retrieval (2013): 30–32, https://www.europarl.europa.eu/meetdocs/2009_2014/docu- and display of the visualizations encoded in the ontology after ments/libe/dv/comp_am_art_01-29/ the semantic expressions of the privacy policy in natural language comp_am_art_01-29en.pdf (accessed (e.g., “you,” “user”) have been associated with their corresponding February 12, 2020); TrustArc (blog), ontological class (e.g., “data subject”) through an Extensible “TRUSTe and Disconnect Introduce Visual Markup Language (XML) mark-up.34 The mark-up elements also Icons to Help Consumers Understand  Privacy Policies” (2014), https://www. allow for a structured, semantically enriched document layout that trustarc.com/blog/2014/06/23/truste-dis- improves its information architecture: It allows for visualizing connect-introduce-visual-icons-to-help- structural elements that convey information hierarchy and thereby consumers-understand-privacy-policies/ facilitate the reading (or, more accurately, skimming) activity. Our (accessed November 11, 2019). (The vision was that semantically enriched privacy policies can be lever-icons are no longer available.); Privacy-Tech (website), “Privacy Icons” (2017) aged to generate a user-friendly visual layer composed of struc-https://www.privacytech.fr/privacy- tured layout and icons that can ease the navigation of these icons/ (accessed February 12, 2020); and documents and increase comparability across them, both for Louisa Specht-Riemenschneider and human beings and intelligent systems. Linda Bienemann, “Informationsvermitt- lung durch standardisierte Bildsymbole - ein Weg aus dem Privacy Paradox?” Semiotic Considerations[Communication of information through To create DaPIS, a communicative and semiotic consideration of standardized symbols—a way out of the design was adopted because “one of the principal functions of privacy paradox?] in Datenrecht in der design is to communicate.”35 Design in this perspective is a dia-Digitalisierung [Data Law in Digitalisa-tion], ed. Louisa Specht-Riemenschneider logue between designer and intended user. Hence, it is not a mono-et al. (Berlin: Erich Schmidt Verlag, 2019). directional but a bidirectional process. Given “the existence of 29 See, e.g., Graf, Final HCI Research expressive intent and interpretative response,” design is a form of Report. mediated, asynchronous communication.36 Like written commu-30 See, e.g., European Parliament,  nication, the interpretation of the message embedded in the arti-Compromise amendments. 31 For further details about the design of fact (e.g., icon, button, visualization) is carried out in a different DaPIS, see Arianna Rossi and Monica time and place than its production. The designer tries to encode a Palmirani, “What’s in an Icon? Promises specific meaning in an artifact (like an icon) so that final users can and Pitfalls of Data Protection Icono-graphy,” in Data Protection and Privacy:  Data Protection and Democracy, ed. Dara Hallinan et al. (Oxford: Hart Publishing: DesignIssues:  Volume 36, Number 3  Summer 2020 87correctly decode the intended meaning (e.g., the icon’s function)  2020); Arianna Rossi and Monica  through their interaction with the artifact. However, users do not Palmirani, “DaPIS: An Ontology-Based Data Protection Icon Set,” in Knowledge have direct access to the original intentions of the designer, who of the Law in the Big Data Age: Frontiers must therefore be able to anticipate any problematic interpre- in Artificial Intelligence and Applications, tation that would lead to misunderstandings, frustration, or errors. eds. Ginevra Peruginelli and Sebastiano Ultimately, the interpretation, rather than the intention, is what Faro, Volume 317 (Amsterdam: IOS  determines success of use of a certain design.37Press, 2019), 181–95, DOI: 10.3233/FAIA190020; Arianna Rossi, “Legal  This asynchronous interpretation matters greatly for legal Design for the General Data Protection design. In the design of information, graphics, interfaces, and sys-Regulation: A Methodology for the  tems, the problem of mediated communication acquires even Visualization and Communication of  deeper significance if the actions taken by a user based on her Legal Concepts” (PhD thesis, Alma Mater understanding of the artifact have legal consequences. Incorrect Studiorum Università di Bologna; PhD  in Law, Science and Technology 2019): interpretation of interface elements, including icons, toggle bars, Chapter 6. and buttons, might cause users to unintentionally give consent 32 For a thorough description of the data to privacy-invasive practices. Indeed, some legal scholars have protection ontology PrOnto and its goals, voiced fears of misjudgments: Mondschein has maintained that see Monica Palmirani et al., “PrOnto:  boiling down complex legal disclosures to a set of icons would Privacy Ontology for Legal Reasoning,”  in International Conference on Electronic affect their quality and explanatory nature, more than correcting Government and the Information Systems for information overload.38 Misrepresentations also constitute Perspective, eds. Andreas Kő and Enrico a risk, when the visual translation of complicated processes is Francesconi, Lecture Notes in Computer limited by predefined and potentially inappropriate categories or Science, vol. 11032 (Cham, Germany: elements. The few existing user studies carried out on the interpre-Springer, 2018): 139–52. DOI: 10.1007/ 978-3-319-98349-3_11. tation of privacy icons have demonstrated that sign reception can 33 Lisa Fontaine et al., “Signs That Work, be misguided.39 Phase 2: Symbol Design Research  Therefore, as a crucial cautionary element, our team has Report,” (2010): 8; http://www.health- prioritized an “evidence-based approach,” with the aim of provid-designnetwork.net/s/2-UHCS-Research- ing a rigorous assessment of the efficacy of icons as legal transpar-Report.pdf (accessed February 12, 2020).4034 Akoma Ntoso (http://www.akomantoso. ency mechanisms.  Because images, and especially pictograms, are org) is a legal open XML standard  polysemic, establishing whether they convey the intended message for legislative, judiciary, and legal  to the audience is necessary. Icon interpretation is a non-linear documents. See Monica Palmirani and task and depends both on context and on the extent to which the Fabio Vitali, “Akoma-Ntoso for Legal repertoire of signs of designers and users correspond.41 To align Documents,” in Legislative XML for the Semantic Web, ed. Giovanni Sartor et al. designers’ intentions and users’ interpretation, we have relied on (Dordrecht: Springer, 2011): 75–100. participatory design methods in the phases of conception and cre-35 Woodrow Hartzog, Privacy’s Blueprint: ation of the icons. The Battle to Control the Design of New Technologies (Cambridge, MA: Harvard Participatory Design MethodsUniversity Press, 2018): 27. For a general review of communicative and semiotic EU regulators have not provided any indication about the modality considerations of design, see Clarisse of implementation of the GDPR’s icons; meanwhile, the European Sieckenius de Souza, The Semiotic Engi- Commission has deliberately let solutions arise in a bottom-up neering of Human-Computer Interaction manner, from civil society and industry, before adopting a binding (Cambridge, MA: MIT Press, 2005). act that imposes EU standardization.42 However, this approach has 36 Nathan Crilly et al., “Design as Communi-cation: Exploring the Validity and Utility caused a lack of uniformity among the existing approaches, which of Relating Intention to Interpretation,” results in weak incentives for the adoption of and investment in Design Studies 29, no. 5 (2008): 425–27.37 Crilly et al., “Design as Communication,” 442.38 Mondschein, “Iconoclastic Thoughts,” 515. 88 DesignIssues:  Volume 36, Number 3  Summer 2020privacy indicators, and in a proliferation of differing icon sets. This 39 See, e.g., Leif-Erik Holtz et al., “Towards inconsistent visual design hinders users’ abilities to easily Displaying Privacy Information with Icons,” in IFIP PrimeLife International recognize icons and rely on them for guidance on the law and Summer School on Privacy and Identity their rights.43Management for Life, ed. Simone  We designed DaPIS using participatory design methods Fischer-Hübner et el. (Berlin, Heidelberg): with two purposes in mind: to allow for the expression of multi-Springer, 2010): 338–48; John Sören  faceted values and priorities of the different stakeholders who Pettersson, “A Brief Evaluation of Icons in the First Reading of the European  might be affected by the icon set and to avoid overlooking any fun-Parliament on COM (2012) 0011,” in IFIP damental aspect of legal icon design.44 We held a series of work-International Summer School on Privacy shops involving various stakeholders (i.e., a heterogeneous group and Identity Management (Springer, of graphic designers, lawyers and legal scholars, computer scien-2014): 125–35; and Iannella et al.,  tists, communications professionals, interested laypeople, and rep-“Privacy Awareness,” 1–15.40 WP29, Guidelines on Transparency, 26. resentatives of the business world), with the intention of combining 41 Ryan Abdullah and Roger Hübner,  their different visions.45 The preparatory, conceptual work for the Pictograms, Icons & Signs: A Guide to design of the graphical symbols involved mind-mapping tech-Information Graphics (New York: WW niques to gather a wide choice of motifs for each preselected legal Norton, 2006), 14. notion.42 Directorate General Justice and Con-sumers, European Commission, private  For instance, graphic professionals proposed the root/refer-communication reported in Serge Tagne, ent icon design approach and sought to ensure the quality and Transparence dans le RGPD. Les icônes overall coherence of the visual design. They provided plausible tiendront-elles la promesse? [Transpar- contexts of use for the icons. Meanwhile, legal experts and com-ency in the GDPR. Will the icons keep the puter scientists guided the interpretation of the abstract legal-tech-promise?], thesis, ISEP (2018): annex 1.43 Joel Reidenberg et al., “Trustworthy  nical definitions described in the GDPR. Moreover, individuals Privacy Indicators: Grades, Labels, Certi- from for-profit business enterprises offered a critical voice on the fications, and Dashboards,” Washington expected hurdles to the implementation of the icons in the market. University Law Review 96 (2019): 1409. Laypeople offered a non-specialized view that supported the 44 See, e.g., Maja van der Velden and Chris- development of universally understandable symbols, as opposed tina Moertberg, “Participatory Design and Design for Values,” in Maja van den to graphical conventions known only to professionals.46 Hoven et al., Handbook of Ethics, Values  Involving multiple stakeholders also underlined crucial dif-and Technological Design (Dordrecht: ferences among their views and priorities. One of the most evident Springer, 2015): 41–66. See also Arianna divergences concerned expectations about the visual representa-Rossi and Helena Haapio, “Proactive tions of legal notions: Whereas legal scholars defended the impor-Legal Design: Embedding Values in the Design of Legal Artefacts,” in Internet  tance of a literal and detailed “visual translation” of the concepts to of Things: Proceedings of the 22nd Inter- avoid their misrepresentation and oversimplification, designers national Legal Informatics Symposium emphasized the crucial relevance of criteria like simplicity and leg-IRIS 2019, ed. Eric Schweighofer et al. ibility of the icons to support ease of recognition and the ability to (Vienna: Editions Weblaw, 2019): 537–44. render them on a variety of devices and screen sizes. Collaborative 45 The first workshop was held in July 2017 at the Legal Design Lab of Stanford Law prototyping enabled the different stakeholders to negotiate their School, Stanford, CA. Subsequent work- views in a shared design space and to reach a satisfactory media-shops were organized over the course of tion.47 The final DaPIS comprises 37 elements.482018 at the CIRSFID (Interdepartmental Centre for Research in the History,  Open Questions and Problems Philosophy, and Sociology of Law and  in Computer Science and Law) of  During the development of the research, a series of open questions the University of Bologna (Italy) in  emerged, and we propose these questions as a guide for future collaboration with the Academy of Fine work in visual design for legal transparency.Arts of Bologna and the Associazione Italiana Informatica Giuridica.46 For instance, for computer scientists the prototypical representation of data is a DesignIssues:  Volume 36, Number 3  Summer 2020 89The Challenge of the Object of RepresentationOne fundamental question concerns the objects that the visual language should represent. Previous design efforts fall into three approaches to object representation. The first focuses on single  cylinder, while for laypeople, the file objects and concepts that are proper to the privacy and data pro-folder is a more recognizable symbol.  tection domain (e.g., the concept of “pseudonymization” or that of See Arianna Rossi and Monica Palmirani, “encryption”).49 The second tries to visually represent statements “From Words to Images Through Legal Visualizations,” in AI Approaches to  about such concepts, referring to the presence of a certain data the Complexity of Legal Systems, ed.  practice (e.g., “Site contains third-party ads”50). The third approach Ugo Pagallo et al. (Cham: Springer): 80. includes attempts to give an indication of the lawfulness of specific 47 Van der Velden and Moertberg, Partici- data practices (e.g., “No personal data are collected beyond the patory Design, 59.minimum necessary for each specific purpose of the processing”51). 48 DaPIS is available for download at  http://gdprbydesign.cirsfid.unibo.it/ The aim here is to rate such practices to provide meaningful advice dapis-2/ (accessed November 11, 2019) and to inform users’ decisions on whether to use a certain ser-and is licensed under a Creative  vice—or to head elsewhere. Similarly, other approaches put an Commons Attributions-ShareAlike 4.0 emphasis on risky data processing aspects.52International License. This problem and question introduces an additional cri-49 As in the cases of Mehldau, Iconset;  Iannella et al., Privacy Awareness;  tique about the icons’ fit to represent knowledge in law.53 Icons are Holtz et al., Towards Displaying;  generally best fit to depict concrete concepts, such as objects and PrivacyTech, Privacy Icons; Specht- people. Abstract data protection notions (e.g., “processing pur-Riemenschneider and Bienemann, poses”) are inherently difficult to visualize and to decode. Individ-Bildsymbole [Pictograms].uals must resort to contextual elements, previous experience, and 50 As in the case of Moskowitz and  Raskin, Privacy Icons. learned knowledge to correctly interpret them. For this reason, 51 As in the cases of Rundle, “International supplementing icons with textual labels or other interface design Personal Data Protection”; European  elements can explain their meaning and therefore facilitate their Parliament, “Compromise Amendments interpretation.54 Such elements are necessary at first exposures in (LIBE) Committee, Draft Report. cases where the relationship between the graphical symbol and 52 Zohar Efroni et al., “Privacy Icons: A  Risk-Based Approach to Visualisation  its meaning is arbitrary and cannot be inferred. Therefore, expecta-of Data Processing,” European Data  tions of what icons can do, when based on the ways icons have Protection Law Review 5, no. 3 (2019): been used to symbolize concrete concepts, are inappropriate in this 352–66; and Max von Grafenstein et al., case, and the expectations are what must be reviewed. It is only by “Designing Privacy Icons & Testing for  providing enough interpretative context, preferring concrete con-its Effectiveness by an Interdisciplinary Research Methodology” (2019), https:// cepts over abstract ones and actively supporting the learning of the privacyiconsforum.eu/projects/designing- association between pictogram and meaning that icons can aspire privacy-icons-and-testing-for-its-effec- to communicate universally and univocally. However, icons repre-tiveness/ (accessed January 22, 2020). sent only one of the possible solutions to the endemic lack of trans-53 The issue of the icons’ object of repre- parency in privacy notices.55sentation has been more extensively explored in Rossi and Palmirani,   Another critique of the use of icons to clarify legal con- “What’s in an Icon?”: 69–70. cepts moves from the fact that these graphical symbols are not 54 See, e.g., Susan Wiedenbeck, “The  suitable to communicate the nuanced notions expressed in legal Use of Icons and Labels in an End User terms. The legal experts that took part in DaPIS’s participatory Application Program: An Empirical  workshops expected to accurately translate the legal definitions Study of Learning and Retention,”  Behaviour & Information Technology  into their visual equivalents by preserving the sheer amount of 18, no. 2 (1999): 68–82. details and the complexity that characterize legal provisions. The 55 For a collection of transparency-enhanc-ing design patterns (including but not  limited to icons) for privacy notices, see Rossi et al., “When Design Met Law,” 99–120.90 DesignIssues:  Volume 36, Number 3  Summer 2020underlying hypothesis predicted that the addition of more traits and symbols to a pictogram would improve icon comprehension. In addition, the jurists firmly supported a literal translation of the concepts into the pictograms to decrease the set of plausible inter-pretations to one univocal meaning. Informed by this position, the initial prototypes of DaPIS resulted in complex and detailed picto-grams. However, our user studies revealed that literal, precise rep-resentations appeared confusing and overwhelming to the users, instead of representing meaningful guidance.  Remarkably, even the opposite problem was encountered: Some concepts lack a precise definition, not only because natural language is ambiguous in itself, but also because legal and, in par-56 Jaspreet Bhatia et al., “A Theory of Vagueness and Privacy Risk Perception” ticular, privacy terms are deliberately left vague to be open to (24th International Requirements  interpretation.56 For instance, data processing can be necessary to Engineering Conference (RE), Beijing, provide a certain service (e.g., a maps app needs the user’s geoloca-2016), IEEE Xplore, 26, DOI: 10.1109/ tion data to guide her to the desired destination). Thus, legal RE.2016.20. expressions, such as “we use the data we collect to provide you 57 “‘Third party’ refers to a natural or legal person, public authority, agency or body with the information and services that you requested from us,” other than the data subject, controller, constantly figure among the processing purposes of a service pro-processor and persons who, under the vider but is not further specified. Visualizing such a vague “pur-direct authority of the controller or  pose of provision of the service” has thus represented a challenge. processor, are authorized to process  An emblematic and extreme case also is represented by the concept personal data,” GDPR Article 4.10.58 The topic of the icons’ function has  of “third party,” which is a fundamental concept in data protection been more thoroughly discussed in Rossi regulation and is legally defined by what it is not, instead of by and Palmirani, “What’s in an Icon?”: what it is.57 For these reasons, similar abstract and loose legal 72–75 and in Arianna Rossi and Gabriele  notions were difficult to translate into easily interpretable visuals.Lenzini, “Which Properties has an Icon?  A Critical Discussion on Evaluation  Methods for Standardised Data  The Challenge of Defining Icon Functions58Protection Iconography,” in Proceedings The diversity concerning the icons’ object of representation, as of STAST (Berlin, Heidelberg: Springer, described, also is reflected in the different functions that an icon forthcoming), Section 5. set can assume related to transparency in privacy disclosures.59 59 See Abdullah and Hübner, Pictograms, Graphical symbols depicting individual notions can accompany 17, 30.60 See the companion icon pattern in headings or key points of the notice to saliently indicate where Haapio and Passera, “Contracts as  specific information can be found. These “companion icons” are Interfaces,” 26; see also related  meant to break the wall of text and thereby to attract readers’ atten-examples in Rossi et al., “When Design tion and help them to skim through the document to efficiently Met Law,” 105, 108–109. identify specific information.60 Evidence shows that they can 61 Behavioural Insights Team, Best  61Practice Guide: Improving Consumer increase readers’ comprehension of privacy policies.  This design Understanding of Contractual Terms and pattern can be particularly advantageous in lengthy documents Privacy Policies: Evidence-based Actions that are devoid of an information hierarchy. for Businesses (London: Behavioural  Symbols that try to unequivocally communicate to users Insights, 2019), 11–12, https://assets. what privacy practices are stated or are absent from a privacy pol-publishing.service.gov.uk/government/uploads/system/uploads/attachment_ icy add a layer of meaning to companion icons. For instance, visual data/file/831400/improving-consumer-understanding-contractual-terms- privacy-policies.pdf. The work was  commissioned by the Department of Business, Energy and Industrial  Strategy of the United Kingdom.DesignIssues:  Volume 36, Number 3  Summer 2020 91symbols can signal that profiling of the data subject occurs or that personal data are anonymized. Whether this practice respects the user’s privacy preferences or not is left to the user to discern.  A system of icons also can attract users’ attention to specif- ic data practices that can be considered risky (e.g., automated deci-sion-making that has significant legal implications for the data subject62) or unlawful (e.g., processing a larger amount of data than necessary, thus contradicting the principle of data minimization63). In this view, icons assume the role of warning signs, like those indicating explosive or poisonous materials, those signaling the security or insecurity of an internet connection, or those communi-cating a potential risk to the driver. Conversely, visual elements that act as “quality seals” and highlight good practices (e.g., “Pro-cessing of data within Europe or a third country with a sufficient level of data protection”64) also can be very informative for users’ decisions about their privacy. Given the ontology of concepts used as a methodologi- cal framework to create the icons, DaPIS depicts individual concepts that cover the different ontological classes. This choice allows practitioners and researchers to devise and explore auto-mated or semi-automated concept-mining techniques that recog-nize where a certain subject is described in a text and that display the corresponding icons, serving the function of information-mark-ers. However, this approach is feasible only in standardized, well-structured privacy policies, where each thematic section covers one topic. Moreover, the adoption of companion elements reflects a deliberate, cautious position about the interpretability of icons. Instead of trying to completely replace the legal text, the aim is to attract the data subject’s attention and to aid in the navigation of 62 “The data subject shall have the right not long legal documents, thus supporting the reader’s interpretation to be subject to a decision based solely through a combination of textual and pictorial cues.on automated processing, including   Another fundamental reason to adopt icons representing profiling, which produces legal effects  concerning him or her or similarly  individual concepts is that providing any kind of decontextualized significantly affects him or her,” GDPR judgment about the lawfulness or riskiness of a legal practice Article 22. might be problematic.65 Sentence-level icons arguably could be 63 “Personal data shall be: ...adequate, rele- more informative and thus more helpful for data subjects’ privacy-vant and limited to what is necessary in related decisions, but they also would entail an interpretation relation to the purposes for which they are processed (data minimisation),” about the goodness of such practices and thus would interfere with GDPR Article 5(1)(c). the autonomy and self-determination of individuals. Moreover, 64 See Privacy Icons, “Disconnect.” See indicating the riskiness of a certain practice per se and a priori can Specht-Riemenschneider and Bienemann, be a questionable choice, given that context is key to determine the “Informationsvermittlung.” level of risk. For example, profiling might be problematic if used 65 See Rossi and Palmirani, “What’s in an Icon?”: 72–73. for price discrimination, but it might be considered useful and 66 Pedro Giovanni Leon et al., “Privacy and even desirable if aimed at providing targeted special offers. More-Behavioural Advertising: Towards Meet- over, research has demonstrated that privacy preferences vary ing Users’ Preferences,” (Symposium on greatly66; what is considered invasive by one person might be con-Usable Privacy and Security (SOUPS), sidered acceptable by another.Carleton University, Ottawa, Canada, July 22–24, 2015).92 DesignIssues:  Volume 36, Number 3  Summer 2020 In addition, even the adoption of such icons by data control-lers might be troublesome. The GDPR states that the data controller decides whether to use icons in combination with written informa-tion to comply with the transparency obligation. Expecting that a service provider would deliberately warn its users about practices that they would find unfavorable is unreasonable.67 However, third-party services that provide visual indicators for the data pro-tection practices of data controllers offer an alternative solution. For instance, Terms of Service; Didn’t Read (ToS;DR) uses crowd-sourcing to analyze privacy policies and so to provide the visual ratings68; meanwhile, Polisis uses deep learning.69 Both third-party solutions can be contested because they reflect mediated interpre-tations (by non-expert humans and by artificial intelligence that was trained on manually annotated data, respectively) and might therefore be subject to error. However, some scholars maintain that 67 Reidenberg et al., “Trustworthy Privacy this approach represents a viable manner to implement an actual Indicators,” 16. “informed consent” and are starting to investigate this research 68 See TOS;DR, Classification, https://tosdr.70org/classification.html (accessed January direction.24, 2019).  For all these reasons, a multi-stakeholder discussion with 69 Hamza Harkous et al., “Polisis: Auto- policy-makers, the public, and regulated organizations is advisable. mated Analysis and Presentation of  The European Commission, service providers, citizens, consumer Privacy Policies Using Deep Learning,” associations, practitioners, and researchers and scholars from disci-arXiv:1802.02561v2 (2018).70 See, e.g., Efroni et al., “Privacy Icons:  plines including design, philosophy of law, psychology, behavioral A Risk-Based Approach”; and von  economics, and neuroscience should be involved in determining Grafenstein et al., “Designing Privacy the function that GDPR icons should have, according to the func-Icons.” tion they intend to serve and goal they intend to achieve. 71 For a discussion on icon evaluation  methods and measures, see Rossi  and Lenzini, “Which Properties has an The Challenge of Icon Evaluation71 Icon?” See also Siné J.P. McDougall  Icons do not necessarily foster comprehension of the concepts they et al., “Measuring Symbol and Icon  represent, although many assume they do. Ease of an icon’s inter-Characteristics: Norms for Concreteness, pretation depends on well-defined characteristics, such as seman-Complexity, Meaningfulness, Familiarity, tic distance (also defined as level of arbitrariness). Concrete icons and Semantic Distance for 239  Symbols,” Behavior Research Methods, are easily recognizable even at users’ first exposures; meanwhile, Instruments, & Computers 31, no. 3 the meaning of arbitrary icons has to be learned rather than (1999): 487–519. inferred.72 In the latter case, immediate comprehension is impossi-72 See Malamed, Visual Language for ble to reach: Rather, as familiarity increases with repeated expo-Designers, 118; and Jon Hicks, The Icon sures, recognition rates do as well. In addition, familiarity has a Handbook (Cardiff: Five Simple Steps, 2011), 22. dual nature73: It involves both previous knowledge of the concept 73 Isherwood, Icon Identification in Context, (e.g., the concept of “geolocalization”) and previous experience 467. with its visual representation (e.g., the omnipresent pin icon). Fur-74 See, e.g., European Telecommunications thermore, because individual characteristics, such as cultural back-Standards Institute, Human Factors  ground, age, and domain expertise, affect how knowledgeable (HF); Framework for the Development, users are in the legal and technical area, they also can influence Evaluation and Selection of Graphical Symbols. EG 201 379 V1.1.1 (1998-12); ease of icon interpretation.and ISO, ISO 9186-1:2014. Graphical  Such factors challenge standard international methods of symbols–Test methods–Part 1: Method icon evaluation, which are appropriate only if the concept repre-for testing comprehensibility, https:// sented in the icon is known to the interpreters.74 The ISO standard www.iso.org/standard/59226.html (accessed February 12, 2020). DesignIssues:  Volume 36, Number 3  Summer 2020 93for testing symbols whose referents are unknown also presents some limitations, as we have maintained elsewhere.75 Such evalua-tion does not measure the learnability of an icon system in context and is exclusively based on quantitative methodologies. Longitu-dinal studies using a mixed methods approach would probably be more informative about the effectiveness of icons and more meth-odologically sound.76 Providing contextual cues that mirror the actual use situa-tion of the icons is crucial to ease the interpretation process during icon assessment by users. Without taking into consideration famil-iarity and without providing the intended context of use, low rec-ognition scores would mistakenly indicate that re-design and further testing are necessary.7 7 Indeed, the few existing studies on the efficacy of data protection icons have overlooked such dimen-sions; as a result, most of the visual elements have been discarded, based on the low recognition rates of icons that represent unfamil-iar concepts or that are displayed without sufficient context.78  Appropriate evaluation techniques should be used to de- termine whether icons are effective in other roles in legal contexts. If icons are to be used as navigation cues in privacy policies, then the need is to evaluate whether users can find specific pieces of information in these documents (i.e., effectiveness); whether they can do so more easily, or more quickly (i.e., efficiency); and whether they give a better user experience (i.e., more satisfaction and less frustration) than in text-only documents. If icons should unam- biguously indicate the presence or absence of a certain data 75 See Rossi, Legal Design for the General practice, then there should be evaluation as to whether users com-Data Protection Regulation, 271–73;  and Rossi and Lenzini, “Which Properties prehend these dualities. If icons should warn users against risky or Has an Icon,” 15. See also ISO, ISO  unfair data processing, the evaluation focuses on their noticeability 9186-3:2014. Graphical symbols - Test and their influence on users’ decision-making process (e.g., the methods Part 3: Method for testing  choice of a certain service over another).symbol referent association, https:// Our team has evaluated the DaPIS icons’ legibility and com- www.iso.org/standard/59882.html (accessed February 12, 2020). prehensibility. Legibility assessment concerns the ease of recogni-76 On the issue of usability evaluation  tion of the single elements that compose the icons and influences methods, see, e.g., Saul Greenberg  the ease of recognition of the icon as a whole. We established two and Bill Buxton, “Usability Evaluation evaluation criteria for this comprehensibility assessment: first, a Considered Harmful (Some of the Time),” subjective estimation of the fit for correspondence between visual CHI ‘08: Proceedings of the SIGCHI  Conference on Human Factors in  representation and underlying concept; and second, whether the Computing Systems (New York: ACM, interpreter was able to speculate about the underlying motivations 2008), 111–120, https://doi. for a certain icon choice, even if its meaning was not immediately org/10.1145/1357054.1357074.  comprehensible at the first exposure. 77 See Jennifer Snow Wolff and Michael S.  The overall results indicate that the icons with higher levels Wogalter, “Comprehension of Pictorial Symbols: Effects of Context and Test of concreteness and familiarity are more easily recognizable, while Method,” Human Factors 40, no. 2 (1998): those that try to represent abstract or unfamiliar notions were dif-173–86. ficult to understand. The results provide a first, elementary indica-78 For a critical examination of user studies tion of which visual elements are more recognizable and which about the comprehensibility of privacy icons, see, e.g., Rossi and Lenzini, “Which Properties Has an Icon,” 4.94 DesignIssues:  Volume 36, Number 3  Summer 2020concepts are more widely known.79 In addition, more rigorous assessments of DaPIS must be carried out, including on dimen-sions such as visibility, ease of learning, culture-independence, and discriminability.80 In particular, DaPIS needs to be evaluated according to its function as information markers in a privacy policy. Investigating whether icons can compose the first layer of a layered approach, providing in an “easily visible, intelligible, and clearly legible manner a meaningful overview of the intended processing” and of consent requests, also is necessary.81  Further research also should be devoted to the design of information and privacy indicators on small screens, such as tablets and smartphones, but also internet of things (IoT) devices without screens and in surveillance environments.The Challenge of Universal InterpretationFor the reasons already explained, expectations that icons can be uniformly and immediately understood by any user must be approached with due precautions.82 Nevertheless, widespread rec-ognition can be facilitated by supporting initiatives toward international visual standardization and toward the education of data subjects. Educational measures could be included in the develop-ment of the fundamental digital skills envisioned by the European Digital Framework for Citizens (DigComp).83 Already included 79 Three research studies were carried out are skills related to privacy, security, and data protection. The on subsequent, revised versions of long-term goal is to raise awareness and develop a shared culture DaPIS, but with a small pool of mostly on such topics. In the specific context of icon research, such a step young and well-educated users. For  a detailed illustration, see Rossi and arguably would be beneficial to augment familiarity and recog-Palmirani, “What’s in an Icon?”: 77–80;  nition rates. However, expecting icons to increase people’s un- and Rossi, Legal Design for the General derstanding of data protection issues and to solve the critical trans-Data Protection Regulation, Chapter 6. parency problems that privacy-related communication classically 80 Rossi and Lenzini, “Which Properties  poses is simply wrong. In this respect, many other design-based Has an Icon,” 11–3.81 GDPR Article 12.7. interventions can be developed and experimented with.84 82 In the WP29 guidelines, for example,  International standardization is also a necessary step and they should be “universally used and  has a twofold objective. First, it seeks to limit the proliferation of recognized across the EU as shorthand concurrent icon sets that, after a constructive initial phase of diver-for information.” WP29, Guidelines on gent creation, becomes an obstacle to widespread recognition and Transparency, 26.implementation.8583 Yves Punie et al., DigComp into   Second, it seeks to increase familiarity with the Action: Get Inspired, Make It Happen.  visual language and the underlying concepts and hence to increase A User Guide to the European Digital  the ease of recognition. Research efforts to create and evaluate a Competence Framework (Brussels:  reliable icon system are increasing internationally86; but deciding Publications Office of the European on one icon set should eventually be the goal, leading to wide-Union, 2018): 7. 10.2760/112945.84 See Rossi et al., “When Design Met spread and uniform use, supported by influential actors, such as Law.” major companies of the digital economies. Moreover, only the 85 Reidenberg et al., “Trustworthy Privacy European Commission’s adoption of delegated acts can establish Indicators,” 15–6. the object of representation, the function of icons, and the elements 86 See the initiatives listed at https:// www.privacyiconsforum.eu/ (accessed November 12, 2019).DesignIssues:  Volume 36, Number 3  Summer 2020 95of the icon set—possibly with the prior involvement of experts, the consideration of the outcomes of empirically based interna-tional studies, and provision of the necessary infrastructure for those international studies. Conclusions and Future WorkCan visual design effectively communicate relevant privacy and data protection aspects to members of the public? Can this com-munication improve data subjects’ decision-making about data privacy and the use of their legal rights under the GDPR? This piece provides an overview of the main research challenges posed by the development and evaluation of a data protection icon set, enshrined by the GDPR as a transparency-enhancing mechanism. However, much research lies ahead. The adoption of delegated acts is urged by EU Member States87; however, the European Commis-sion should not hurriedly choose one code of icons without appro-priate evidence supporting its efficacy for the stated purposes. Instead, the EU Commission should welcome, scrutinize, and even include in its decision-making the outcomes of initiatives that have been supported by a powerful methodology, that present trustwor-thy and generalizable results, and that involve stakeholders repre-senting various sectors of society, including industrial partners whose endorsement, acceptance, and application of a specific icon set across and beyond the EU borders is crucial. Furthermore, more concerted efforts should be dedicated to the design of a holistic methodology that combines several evaluation indexes (e.g., com-prehensibility, learnability, and culture independence).88 Without such endeavors, haphazard adoption of one set of icons presents significant risks, including reversal of the GDPR’s praiseworthy efforts to enhance transparency and to rebalance digital asymme-tries between data subjects and data-gathering organizations.AcknowledgmentsThe research described in this article was supported by the 87 Memo from the General Secretariat of EACEA, financing the Joint International Doctoral Degree in the Council, subj: Preparation of the Law, Science and Technology (LAST-JD) and by the Mining and Council position on the evaluation and Reasoning with Legal Texts (MIREL) project funded under the review of the General Data Protection Regulation (GDPR)-Comments from  Marie Sklodowska-Curie grant agreement No 690974. The authors Member States 12756/1/19REV 1  thank all those who have taken part in this project in various (Brussels: Council of the European  degrees: Margaret Hagan, Legal Design Lab, Stanford Univer- Union, October 9, 2019): 15, https://data. sity; Professor Danilo Danisi and the students of the Accademia di consilium.europa.eu/doc/document/ Belle Arti di Bologna; Chiara Cavazzuti, Accademia di Belle Arti di ST-12756-2019-REV-1/en/pdf (accessed on 12 November 2019). Firenze; and Miroslav Kurdov, Sketchlex. All the participants in the 88 See Rossi and Lenzini, “Which Properties “Law & Design for Privacy” workshops and in the user studies, Has an Icon.” and the anonymous reviewers are gratefully acknowledged.96 DesignIssues:  Volume 36, Number 3  Summer 2020