On Creating a Prototype Transparency Notice

A few days ago, I wrote an article here on Transparency as the new Privacy. The article put forward the idea that the traditional website privacy policy is failing to protect the interests of online consumers. The argument was based on the idea that the privacy policy’s main goal was to protect the owners of the site, and that it had been mis-sold as a vehicle for better consumer information.

Instead, we put forward the idea of a transparency statement, as a device solely dedicated to informing visitors, principally about how their information is treated. When writing the article, we had no idea really what the transparency statement would look like, but of course the immediate challenge coming back was to produce one.

Taking that challenge up, below you can see the first images of the concept mocked up on a website. [Update: June 2, 2014: The website with Transparency Notice is now live.]

Image of possible transparency notice.

Essentially what we wanted to do was communicate data practices as clearly and succinctly as possible. This is not always easy, as clarity and brevity are not necessarily the same

First off, we changed the name to Transparency Notice—it is both shorter and a notice feels slightly softer than a statement.

The icon is an adaptation of an image we have used elsewhere—a magnifying glass with an asterisk inside. Although the magnifying glass is also connected with search in many places, it conveys the idea of looking closer at something—which seemed appropriate.

We initially thought about having the icon on its own, but decided that as a new concept it needs explanation, which is why we put the text next to the image. We expect that this could be dropped if the idea became more widely recognised and linked to this or another particular image.

A closer look.

Hovering over the icon brings up the notice itself. We wanted to make the text succinct in a bullet point style that conveys the message in as few words as possible, whilst trying to avoid potential for misinterpretation.

With the mini bullet icons we borrowed from the ideas of the traffic light labelling system being used in some supermarkets for food health messaging. We realise however that no-one would likely want to use red, as it was too danger oriented. The green tick is meant to denote privacy protection practices, and the orange ‘i’ is for data collection practices you might want to learn more about.

Further development would include adding links to both opt-out controls and the detailed privacy policy.

Of course this is very much a prototype and we would welcome all feedback, but I hope it demonstrates the core idea. We hope to release this live onto a website within a few days, when we can begin measuring interaction, as well as testing a few alternative tweaks. And if anyone would like to introduce something similar to their own site, we will be happy to help. We are already considering releasing a WordPress plugin and if there is enough interest we could develop a simple service to enable customisation and integration into any site.

Written By

Richard Beaumont, CIPM


If you want to comment on this post, you need to login.

  • Helen Allen May 29, 2014

    Hi Richard, good effort and thank you for kicking off this subject. I do in deed hate the notices that make you loose the will to live.In saying that however, this might be a bit too short and it appears more of a commitment statement than a privacy or cookies notice. I suppose that is why you are using the transparency title. I am a bit worried about the reference to the privacy statement though. Would people consider this as an attempt to hide the "real" notice?
  • Radim Kolar May 29, 2014

    Hi Richard, I like this "iconic" idea very much. I think it has a big potential, especially if it could cover all the requirements on "providing information prior to collection as required by laws".
    I think it can easily disclose basic information about involved 3rd parties. There could be one line for each major 3rd party involved, accompanied with set of icons (e.g. disclosing if it is/not cloud based, provider is/not certified, data resides in secure location, etc).
    For instance when 3rd party company would be involved (as a Data Processor), there can be a Name of the company with direct link to their Privacy Policy plus set of icons, which would more details on that involved 3rd party (e.g. if cloud based, there would be cloud icon with EU inside (for data residing in EU), US inside for cases where data resides in USA and "?!" inside for cases where data may reside in less secure countries. For the US cloud, it can actually have variance with an picture of an anchor and text "SH" indicating that the cloud company is Safe Harbor certified (similarly for PDI-DSS or other certs.)
    There could also be a special icon or set of icons for "Access + Correction + Update + Blocking + Opt-out options + ..." accompanied with a link or e-mail address, disclosing where the user may reach his/her rights and ask for questions.
    Set of icons can also indicate which category of data is collected (e.g. cookie icon for cookies, addressbook icon for contact data, red cross icon for medical and health data, IP Address icon for traffic metadata, etc.)
    There could also be line disclosing the legal grounds with icons for law, consent, business need, etc.
    In ideal case, there could be a repository of such icons e.g. maintained by W3C wo that the look and feel would be the same, ensuring, that anywhere in the world, people would see the same symbols, so it would not be so easy to present "misleading" icons.
    Theoretically such a Transparency Notice could be invoked when user's activity would result in collection of Personal data (e.g. when pressing submitt button). There could be a checkbox allowing the user to "consent" for all subsequent collectins of PD (Transparency Notice displayed only once per user), or to consent just with the particular collection (Transparency Notice invoked again with next submitt).
    Maybe it can even find it's way into some future HTML stadard, who knows :-)
  • Richard Beaumont May 29, 2014

    Thanks for the comment.  Thie idea is indeed designed to be a first line of information - with the direct links into the privacy and cookie policies (including opt-out controls where applicable) for those that seek more detail.
    I agree that getting the balance is difficult - short enough to be read, long enough to carry real meaning.  We don't want this to be seen as a way to discourage reading the privacy policy, but a vehicle to make privacy practices on a site more accessible.
  • Richard Beaumont May 29, 2014

    Lots of great suggestions here Radim.  It is a difficult balancing act between level of detail, and something that will actually be read and understood - but I like many of your ideas. Will think about these in the next stage of development
  • Agnes Kupai Jun 1, 2014

    On Creating a Prototype Transparency Notice – I am happy to help Richard Beaumont with his transparency notice.  The following should help consumers:
    We will let you delete past data that you have provided.
    We will delete past data that we have generated about you on your request.
    We will not use your data to produce or add to personal profiles or engage in predictive profiling.
    We will let you opt-out from us using other organization's profiles about you to personalize and target business or information towards you.
    We will not engage in personalized and variable pricing practice. 
    We will let you opt-out of any data sharing regarding your data.
    We will give you choice over who has access to your data.
    We will pay you for data that you submit to us, when we share, rent, swoop or sell that data.
    We will not put any of your data into storage that is protected by exemptions to data protection law.
    We will let you opt-out of your data travelling outside your national boundaries. 
    We will provide a non digital channel for you to use when accessing our services.
    We will provide information about our goods and services to you, prior to taking your data. Your data only needs to be entered when you are sure that you want to transact business with us.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum returns to Washington, DC April 21, delivering renowned keynote speakers and a distinguished panel of legal and privacy experts.

Asia Privacy Forum 2017

The Forum returns to Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region. Call for Speakers open!

Privacy. Security. Risk. 2017

This year, we're bringing P.S.R. to San Diego. The Call for Speakers is now open. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

European policy debate, multi-level strategic thinking and thought-provoking discussion. The Call for Speakers is open until March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»