Designing for Privacy

Posted by Emily Craxton on 12 October 2016

When faced with issues of data protection, privacy and regulation, we tend to focus on what legal professionals, policy makers and enforcement organisations can do to strengthen regulation.

For this week’s recommended reading however, we’ve chosen Ewa Luger et al’s article, “Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process” which looks more closely at the role the developers play in regulation.

The article asserts that teaching designers, system architects and programmers about the core European Union General Data Protection principles in the initial stages of the design process in the development of new technologies, could give better effect to EU regulation, and suggests ideation cards as a method for doing so.

The use of ideation cards, as a technique, was originally intended to promote lateral thinking during studio-centric activities.  They can be used as casual reflection throughout the design process, as material aids for the impromptu critical evaluation of works-in-progress, or as flash cards to help teams focus on specific issues. This research extends the work of coauthor Michael Golembewski, whose practice seeks to stimulate design thinking within non-traditional contexts. You can read more about his project here.

We asked Ewa to summarise their research for us, and explain how using creative tools, such as ideation cards, can play an important role in communication legal documents, legislation and regulation.

What does your research explore? 

"The notion of privacy by design has risen in prominence.  It is increasingly clear that, if user privacy is to be protected through the design of systems, then it needs to be user-centric, proactive, embedded, and a genuine end-to-end design concern.  However, such concerns are currently backgrounded in the design process – often dealt with after the fact.  Our research sought to explore one method of framing out data protection as a design concern at the very early, conceptual stages of the process. The research was intended to test the use of cards as an ideation technique, as a means of sensitising designers, and systems architects, to core European Union General Data Protection (GDPR) principles. 

To this end our team, led by the University of Nottingham, created a deck of cards with suits that reflected key aspects considered by designers when developing a system; an outline of system requirements, the user, and any potential constraints. To this we added a suit of cards that specifically articulated principles from the forthcoming EU GDPR, presenting them towards the end of the exercise as a means of critique. This technique has proven successful and has been developed further with partners in the US (NYU, Cisco, Microsoft, UC Irvine) to reflect American privacy regulation. The cards have been used as training materials, flashcards and as traditional ideation instruments and have been funded by both the Engineering and Physical Sciences Research Council (UK) and the National Science Foundation (USA)."

What role can ideation cards play in the communication of legal documents, legislation and regulation?

"Privacy by design presents clear challenges to the ways in which systems are currently conceived of and developed.  Designers, systems architects and programmers tend to work to very tight timescales, with relatively little push towards privacy, beyond mandatory or ad hoc needs-driven training.

The nature of regulation is such that it is specific, complex in ways that require prior-knowledge, and open to interpretation.  The time investment required to interpret and apply legal knowledge is considerable and the language is unfamiliar to those not conversant in the field.  What is required here is not only an instrument of translation, but also one that is delivered in a way that is accessible and familiar.

Ideation is a recognized technique within design and we have been careful to ensure the language used on the cards reflects not only the legal principles (by inviting legal experts to shape the words) but also is sufficiently clear and open so as to allow for creative thinking. 

By running the activity at the earliest stage of the process we also ensure that data protection is at least considered right from the start."

 Screen Shot 2016-10-22 at 18.05.11.png

Read the full article here
You can download a deck of privacy ideation cards for your own use here.


Researcher Biography 

Ewa Luger is a Chancellor’s Fellow at the University of Edinburgh, within the Design Informatics Group. Previously a Fellow at Corpus Christi College, Cambridge, and a postdoctoral researcher at Microsoft Research (2014-16), Luger investigates how we might materialise new forms of consent and ethics within pervasive systems.  Her current research agenda explores the ethics of intelligent machines, in particular how complex data-driven systems might be made intelligible to the user, through design.

Michael Golembweski is a postdoctoral research designer at Microsoft Research, Cambridge UK.

Emily Craxton

Written by Emily Craxton

Subscribe to Email Updates