Iconified representations of privacy policies: A GDPR perspective

Abstract

Privacy policies inform on personal data collection and processing practices, allowing people to make informed decisions about a given service. However, they are difficult to understand due to their length and use of legal terminology. To address this issue, regulatory bodies propose the use of graphical representations for privacy policies. This paper reviews the development of current graphical and iconified representations for privacy policies. We conduct a literature study on existing iconified libraries, we categorise them and compare these libraries with regard to the specifications from the European General Data Protection Regulation (GDPR). The results of this paper show that currently no iconified library fully satisfies the criteria specified in the GDPR. Our major contribution lays in the actionable insights offered to researchers, policymakers, and regulatory bodies in an effort to develop standardised graphic and iconified representations of privacy policies.