What's in an Icon? Promises and Pitfalls of Data Protection Iconography

Under the General Data Protection Regulation (GDPR), transparency of information becomes an obligation aimed at creating an ecosystem where data subjects understand and control what happens to their personal data. The definition of transparency stresses its user-centric nature, while design considerations to comply with this obligation assume central importance. This article focuses on the icons established by the GDPR Art. 12.7 to offer “a meaningful overview of the intended processing”. Existing attempts to represent data protection through icons have not met widespread adoption and reasons about the strengths and weaknesses of their creation and evaluation are here discussed. Building on this analysis, we present an empirical research proposing a new icon set that responds to GDPR requirements. The article also discusses the challenges of creating and evaluating such icon set and provides some future directions of research for effective an effective implementation and standardization.