Data & Design: platform, tool, and community for designers

The IP6 report, "Shaping choices in the Digital World", explores the challenges of design in the creation of digital services through the lens of data protection and freedoms. It aims in particular to promote the emergence of more responsible interface design that respects data protection principles. Like legal and technical issues, interface design must now be at the center of the regulator’s concerns, just as it is already at the heart of the relationship between individuals and service providers. This is one of the key issues addressed in the report, which also offers recommendations to enable professionals to share their respective practices and co-create an ethical approach to privacy-focused design. For the CNIL, the objective is therefore to support service design professionals in “building a shared and open regulation through new tools” (p.42).

The CNIL therefore aims to encourage and support the development of a community of designers committed to offering user experiences that are ethical and compliant with personal data regulations. The goal is to enable service designers to harness the solutions offered by design to help users better understand and control how digital services function and how the associated data processing operates.

Why focus on designers? 

When discussing privacy, data protection, interfaces, and user experiences, it is clear that the range of solutions currently offered is too limited. Interactions between individuals and services regarding the use of personal data still too often amount to little more than ticking a box to indicate acceptance of the terms of use.

In the context of data and related services, designers’ work often responds to economic pressures (whose measurement methods may be open to debate) at the expense of individual rights. This influence has gradually led to standardized interfaces built around the paradigm of a seamless experience, where the ease of interaction between the user and the interface becomes the primary marker of quality. Allergic to any form of friction or slowdown, this approach has pushed considerations of rights protection and, by extension, of the individual or citizen, into the background. As described in IP6 report (p.28), certain user interfaces may raise potential compliance issues with GDPR requirements. Examples include privacy policies that are too long to be realistically read, consent requests that steer users, more or less freely, toward less privacy-friendly options, or mechanisms for exercising rights that are difficult to access …

Design as a solution

This situation should not be approached with fatalism. On the contrary, designers are well positioned to propose solutions to improve it and restore individuals’ control over their data. Informing users, obtaining consent, and enabling the exercise of rights are fundamental areas where designers can take action through their expertise. As interviews we conducted with designers have shown, the lack of proposals for more responsible models stems primarily from a limited understanding of the law. With Data & Design, the CNIL aims to equip designers with a foundation of knowledge tailored to their field, enabling them to help create more responsible models that reconcile economic interests, legal requirements, technological realities, and user needs.

What is Data & Design?

Data & Design  is a platform aimed at creating opportunities for collaboration and spaces for exchange among designers in order to co-create privacy-respecting user experiences. 

A range of content explaining and illustrating aspects of the regulations on which designers can, and should, take action is made available. Beyond its educational and practical dimension, the objective is to ensure that these reflections are effectively integrated into designers’ daily work, enabling them to justify their design choices and collaborate more closely on personal data protection with other roles such as product owners, project managers, and legal departments.

Concretely, Data & Design is structured around two complementary approaches : 

• Familiarization with three key GDPR concepts: informing users, consent, and the exercise of rights. For each concept, the main implementation features are illustrated through examples ;
• Dissemination of case studies: developed progressively with the community, these studies provide an opportunity to see how the concepts can be applied creatively in user experiences and in interactions with digital services and products ;

You can access the Data & Design platform at the following address: design.cnil.fr/en