Webcon Ad_300x250_Radar_FINAL
On Creating a Prototype Transparency Notice

A few days ago, I wrote an article here on Transparency as the new Privacy. The article put forward the idea that the traditional website privacy policy is failing to protect the interests of online consumers. The argument was based on the idea that the privacy policy’s main goal was to protect the owners of the site, and that it had been mis-sold as a vehicle for better consumer information.

Instead, we put forward the idea of a transparency statement, as a device solely dedicated to informing visitors, principally about how their information is treated. When writing the article, we had no idea really what the transparency statement would look like, but of course the immediate challenge coming back was to produce one.

Taking that challenge up, below you can see the first images of the concept mocked up on a website. [Update: June 2, 2014: The website with Transparency Notice is now live.]

Image of possible transparency notice.

Essentially what we wanted to do was communicate data practices as clearly and succinctly as possible. This is not always easy, as clarity and brevity are not necessarily the same

First off, we changed the name to Transparency Notice—it is both shorter and a notice feels slightly softer than a statement.

The icon is an adaptation of an image we have used elsewhere—a magnifying glass with an asterisk inside. Although the magnifying glass is also connected with search in many places, it conveys the idea of looking closer at something—which seemed appropriate.

We initially thought about having the icon on its own, but decided that as a new concept it needs explanation, which is why we put the text next to the image. We expect that this could be dropped if the idea became more widely recognised and linked to this or another particular image.

A closer look.

Hovering over the icon brings up the notice itself. We wanted to make the text succinct in a bullet point style that conveys the message in as few words as possible, whilst trying to avoid potential for misinterpretation.

With the mini bullet icons we borrowed from the ideas of the traffic light labelling system being used in some supermarkets for food health messaging. We realise however that no-one would likely want to use red, as it was too danger oriented. The green tick is meant to denote privacy protection practices, and the orange ‘i’ is for data collection practices you might want to learn more about.

Further development would include adding links to both opt-out controls and the detailed privacy policy.

Of course this is very much a prototype and we would welcome all feedback, but I hope it demonstrates the core idea. We hope to release this live onto a website within a few days, when we can begin measuring interaction, as well as testing a few alternative tweaks. And if anyone would like to introduce something similar to their own site, we will be happy to help. We are already considering releasing a WordPress plugin and if there is enough interest we could develop a simple service to enable customisation and integration into any site.

Written By

Richard Beaumont, CIPM


If you want to comment on this post, you need to login.

  • Helen Allen May 29, 2014

    Hi Richard, good effort and thank you for kicking off this subject. I do in deed hate the notices that make you loose the will to live.In saying that however, this might be a bit too short and it appears more of a commitment statement than a privacy or cookies notice. I suppose that is why you are using the transparency title. I am a bit worried about the reference to the privacy statement though. Would people consider this as an attempt to hide the "real" notice?
  • Radim Kolar May 29, 2014

    Hi Richard, I like this "iconic" idea very much. I think it has a big potential, especially if it could cover all the requirements on "providing information prior to collection as required by laws".
    I think it can easily disclose basic information about involved 3rd parties. There could be one line for each major 3rd party involved, accompanied with set of icons (e.g. disclosing if it is/not cloud based, provider is/not certified, data resides in secure location, etc).
    For instance when 3rd party company would be involved (as a Data Processor), there can be a Name of the company with direct link to their Privacy Policy plus set of icons, which would more details on that involved 3rd party (e.g. if cloud based, there would be cloud icon with EU inside (for data residing in EU), US inside for cases where data resides in USA and "?!" inside for cases where data may reside in less secure countries. For the US cloud, it can actually have variance with an picture of an anchor and text "SH" indicating that the cloud company is Safe Harbor certified (similarly for PDI-DSS or other certs.)
    There could also be a special icon or set of icons for "Access + Correction + Update + Blocking + Opt-out options + ..." accompanied with a link or e-mail address, disclosing where the user may reach his/her rights and ask for questions.
    Set of icons can also indicate which category of data is collected (e.g. cookie icon for cookies, addressbook icon for contact data, red cross icon for medical and health data, IP Address icon for traffic metadata, etc.)
    There could also be line disclosing the legal grounds with icons for law, consent, business need, etc.
    In ideal case, there could be a repository of such icons e.g. maintained by W3C wo that the look and feel would be the same, ensuring, that anywhere in the world, people would see the same symbols, so it would not be so easy to present "misleading" icons.
    Theoretically such a Transparency Notice could be invoked when user's activity would result in collection of Personal data (e.g. when pressing submitt button). There could be a checkbox allowing the user to "consent" for all subsequent collectins of PD (Transparency Notice displayed only once per user), or to consent just with the particular collection (Transparency Notice invoked again with next submitt).
    Maybe it can even find it's way into some future HTML stadard, who knows :-)
  • Richard Beaumont May 29, 2014

    Thanks for the comment.  Thie idea is indeed designed to be a first line of information - with the direct links into the privacy and cookie policies (including opt-out controls where applicable) for those that seek more detail.
    I agree that getting the balance is difficult - short enough to be read, long enough to carry real meaning.  We don't want this to be seen as a way to discourage reading the privacy policy, but a vehicle to make privacy practices on a site more accessible.
  • Richard Beaumont May 29, 2014

    Lots of great suggestions here Radim.  It is a difficult balancing act between level of detail, and something that will actually be read and understood - but I like many of your ideas. Will think about these in the next stage of development
  • Agnes Kupai Jun 1, 2014

    On Creating a Prototype Transparency Notice – I am happy to help Richard Beaumont with his transparency notice.  The following should help consumers:
    We will let you delete past data that you have provided.
    We will delete past data that we have generated about you on your request.
    We will not use your data to produce or add to personal profiles or engage in predictive profiling.
    We will let you opt-out from us using other organization's profiles about you to personalize and target business or information towards you.
    We will not engage in personalized and variable pricing practice. 
    We will let you opt-out of any data sharing regarding your data.
    We will give you choice over who has access to your data.
    We will pay you for data that you submit to us, when we share, rent, swoop or sell that data.
    We will not put any of your data into storage that is protected by exemptions to data protection law.
    We will let you opt-out of your data travelling outside your national boundaries. 
    We will provide a non digital channel for you to use when accessing our services.
    We will provide information about our goods and services to you, prior to taking your data. Your data only needs to be entered when you are sure that you want to transact business with us.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with other privacy pros, dive deep into a specialized topic or simply share a common interest, IAPP Communities are for you.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

NEW! Raise Staff Awareness

Equip all your data-handling staff to reduce privacy risk, with Privacy Core™ e-learning essentials.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

NEW! FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Schooled in Privacy

Looking to get some higher-ed in privacy? Check out these schools that include data privacy courses in their curricula.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

NEW! Raise Staff Awareness

Equip all your data-handling staff to reduce privacy risk, with Privacy Core™ e-learning essentials.

The Industry of Privacy

Take stock, compare your practices to those of other organizations, and get budget with these studies on the industry of privacy.

More Resources »

Time to Get to Work at the Congress

Thought leadership, a thriving community and unrivaled education...the Congress prepares you for the challenges ahead. Register today.

GDPR Comprehensive London

Our third and final GDPR Comprehensive 2016 was a great success. London delegates spent two full days with world-recognized experts taking a guided tour of the GDPR.

Call for Speakers at Summit 2017

Are you an engaging speaker with privacy expertise to share? We want you! Submit a proposal today! The Call for Speakers closes Oct. 2, 2016.

GDPR's Top Impacts - Webcon Delivered in French

Rejoignez des experts pour en savoir plus : Les 10 conséquences pratiques les plus importantes du RGPD. S’inscrire maintenant.

Intensive Education at the Practical Privacy Series

The Series is returning to DC, this year spotlighting Data Breach, FTC and Consumer Privacy, GDPR and Government privacy issues. It’s the education you need now!

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»