User-Centric Privacy Policy: A GDPR-Compliant Policy Which Users Understand
Description
The purpose of this project is to create a user-centric privacy policy (UCPP), applicable in a variety of settings (e.g., websites, hospitals, or banks), which is compliant with the General Data Protection Regulation (GDPR). Most importantly, the majority of users should be able to understand it and act accordingly. In this way, UCPP gives users control of corporate, personal-data-processing activities. Today, organizations increasingly collect personal data although many users do not know or understand how their data is used. Users rarely read the latest privacy policies and consequently cannot make an informed choice about whether to accept a service or to reject it. The anticipated outcome of this project is a layered and modular privacy policy that addresses significant concerns in simple language on a lower layer and keeps the small print on a second layer for users who need or wish to know more. The design of the UCPP is based on collated user requirements & concerns, and consolidated GDPR requirements. The UCPP prototype is evaluated with users in a randomized controlled trial for its effectiveness.
Key Data
Projectlead
Project team
Dr. Kurt Alexander Ackermann, Mirjam Blumenstein, Dr. Roger Seiler, Dr. Michael Widmer
Project status
completed, 05/2019 - 01/2020
Funding partner
Hasler Stiftung
Project budget
49'750 CHF