UX implications – EU General Data Protection Regulation
I'm struggling to find any UX-specific guidance on the impact of GDPR - the new EU data protection regulation - coming into force May 2018.
From the reading I have done so far, I've identified use-scenarios such as:
consent to be expressed by clear affirmative action ("Silence, pre-ticked boxes or inactivity," however, is presumed inadequate to confer consent). I understand use of cookies, device IDs will be in scope
users have the right to withdraw consent at any time and “it shall be as easy to withdraw consent as to give it.”
the right of users to opt-out of their data being used for profiling (use of personal data to analyse or predict people’s performance, behaviour, situation, interests, location or movements)
right to be erased
right to portability
right to request data stored on user
Could anyone point to further reading or thoughts on how these changes will be solved for in terms of UI? At a basic level, for example, would the standard pattern for a cookie notification need to change, how might you make consent "as easy to withdraw consent as to give it"
Welcome thoughts from the community