UX implications – EU General Data Protection Regulation
I’m struggling to find any UX-specific guidance on the impact of GDPR – the new EU data protection regulation – coming into force May 2018.
From the reading I have done so far, I’ve identified use-scenarios such as:
-
consent to be expressed by clear affirmative action (“Silence, pre-ticked boxes or inactivity,” however, is presumed inadequate to confer consent). I understand use of cookies, device IDs will be in scope
-
users have the right to withdraw consent at any time and “it shall be as easy to withdraw consent as to give it.”
-
the right of users to opt-out of their data being used for profiling (use of personal data to analyse or predict people’s performance, behaviour, situation, interests, location or movements)
-
right to be erased
-
right to portability
-
right to request data stored on user
Could anyone point to further reading or thoughts on how these changes will be solved for in terms of UI? At a basic level, for example, would the standard pattern for a cookie notification need to change, how might you make consent “as easy to withdraw consent as to give it”
Welcome thoughts from the community