Learning From Winners – A qualitative evaluation of the icon sets that won the contest held by the Italian DPA
written by Lukas Seiling
This blog post provides a close inspection of the icons awarded by the Italian Data Protection Authority, taking into account underlying concepts while also offering suggestions for future competitions. Please see this blog post for an overview of the contest’s requirements and winning icon sets
When it comes to Privacy Icons, many open questions remain: What function should privacy icons serve? What aspects should be visualised? And how can different, often rather abstract, notions related to data privacy be adequately depicted?
At least the second question was answered to some extent by the Italien Data Protection Authority (Garante per la protezione dei dati personali) when they announced the first design contest for privacy icons held by a European DPA. The task was to “send a set of symbols or icons that can represent all the items that must be contained in an information notice under Articles 13 and 14 of the GDPR“. Out of the 59 entries received, the Garante chose for winning icon sets and published them on their website. Below you can find an overview of concepts mentioned in Articles 13 and 14 and their associated icons for each winning icon set.
| Category | Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC |
|---|---|---|---|---|
| identity and the contact details of the controller |  |
 |
 |
|
| identity and the contact details of the controller‘s representative |  |
 |
||
| identity and the contact details of the data protection officer |  |
 |
 |
 |
| processing purposes |  |
 |
 |
 |
| legal basis |  |
 |
 |
|
| personal data |  |
 |
||
| categories of personal data |  |
 |
||
| source of data |  |
 |
 |
 |
| legitimate interests |  |
 |
 |
|
| (categories of) recipients of the personal data |  |
|||
| transfer of personal data to a third country or international |  |
 |
 |
 |
| storage period |  |
 |
 |
 |
| rights |  |
 |
 |
|
| to request access |  |
 |
 |
|
| to rectification |  |
|||
| to erasure of personal data |  |
 |
||
| to restriction of processing |  |
|||
| to withdraw consent at any time |  |
 |
 |
 |
| to lodge a complaint with a supervisory authority |  |
 |
 |
 |
| to object to processing |  |
|||
| to portability of personal data |  |
|||
| provision of personal data is statutory/contractual requirement or necessary to enter into a contract |  |
 |
 |
 |
| automated decision-making, |  |
 |
 |
 |
| including profiling |  |
Completeness
As we can see, no icon set pictures every aspect named in Articles 13 and 14 of the GDPR.
However, the two winning icon sets come closest with 19 (Athlantic Srl) and 18 (Sara Vagni) out of 24 concepts, followed by Osservatorio 679 and the ECPC (with 15 each). Interestingly, relative to the total amount of icons submitted by each contestant, the ECPC actually handed in the highest percentage of visualisations that directly reference concepts from Article 13 and 14.
It should also be stated that none of the published icon sets is machine-readable as required in Art 12(7).
Originality
The icon set with the most distinct visual language was proposed by Osservatorio 679: it finds a novel way of depicting data as two entangled characters (two Ds or a D and a P?) with one character representing a key. While not familiar, the depiction is distinct and easily recognisable, highlighting the importance of encryption and access control when handling data. However, not all data is collected or stored securely which might induce false assumptions about data security for the data subjects confronted with these items.
The remaining icon sets keep a consistent if less original visual language.
Visual Aspects
All icons are reduced and transparent in their design, making them generally legible concerning completeness (recognition of all depicted symbols) when implemented with a width of 80px. The following section will discuss whether they serve as adequate representations of the referent.
Regarding visibility and style, most icons provide strong contrasts between the depicted symbols, positively affecting salience compared to other visual stimuli such as text. On the other hand, the icons submitted by Osservatorio 679 offset the least against the background due to the limited use of non-white areas. Still, these and the ones designed by Sara Vagni are the only icons that include colours, with only Osservatorio 679 also using colours to highlight specific visual information. However, it is unclear if the geometric highlights (circle, triangle, square) serve any informational purpose in particular, which negatively affects the icon’s interpretability. It is nonetheless remarkable that the icons proposed by Osservatorio 679 provide a comparably high level of detail and clear visual communication at the same time.
Some icons might include too many symbols in all icon sets, thus increasing visual complexity and hampering cognitive effectiveness. An excellent example of this is the icons for automated decision making with various symbols in different sizes.
Concepts
Considering the varying depictions of the diverse aspects named in Articles 13 and 14, the visualisations can be roughly grouped into two groups. First, congruent visualisations (similar symbols are used to represent the same referent) and second, incongruent visualisations (the symbols used to represent the same referent differ).
Congruent Visualisations
Except for the icons proposed by Osservatorio 679, all icons sets use a symbol of a person as the representation of any entity involved in processing personal data. The role of that entity is determined by additional symbols differentiating the individual icons. These differentiating icons are consistent across icon sets for the data controller and the data protection officer: the controller is depicted with a tie, while the data protection officer is displayed with a shield.
The icons designed by Athlantic Srl and Sara Vagni also depict personal data in similar ways: both show a personalised information container (Athlantic Srl’s symbol resembles an ID card, Sara Vagni’s a file). Personalisation is indicated through the symbol of a person/entity described above. Both also use additional symbols to specify the rights of the data subjects or specific processing associated with the personal data.
Incongruent Visualisations
For most aspects, the published icons show incongruent visualisations. However, instead of describing every aspect in detail, I want to focus on eight aspects where the incongruity is most apparent and informative: processing purposes, legal basis, legitimate interests, storage period, withdrawal of consent, the right to complain with the supervisory authority, the provision of personal data as a requirement, security, and automated decision-making, including profiling.
Processing Purposes
| Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
|
|
|
|
The four different icon sets find three distinct visualisations for processing purposes, which is not surprising considering the abstractness of the concept and the intensive academic debate about its interpretation and relevance for personal data protection. This lack of consensus is somehow reflected in the icon proposed by Observatory 679, which depicts personal data within a frame labelled by a question mark. Athlantic Srl chose a flag while the remaining winners handed in an arrow in the bulls-eye of a target. Interestingly, these sets also provide icons for “further purposes”, which depict multiple arrows in the bulls-eye. While the choice of a flag might stress the importance of the information, it is unclear how marksmanship relates to purposes, especially if the purposes are the basis for consent to the processing of personal data. Who is shooting the arrows – one might wonder – the data subject or the data controller?
Legal Basis
|
Athlantic |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
|
|
|
The legal basis is represented either through weighing scales or through the icon of a classical building. Interestingly, all these icons reappear for different referents in different icon sets: the scale is also used as an icon for “legitimate interests” and a part of one icon referring to “rights” in general, while a (slightly altered) classical building is used in another icon set to symbolise “the right to complain with a supervisory authority”. Thus, the selection of the symbols is used to refer to similar if not equal concepts. In this case, a convention determining how to depict the “legal basis” could achieve consistency. While weighing scales seem most commonly associated with legal concepts, the icon might not be culture-independent.
Legitimate Interests
| Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
|
|
|
As mentioned above, Athlantic Srl uses an icon showing scales to depict legitimate interests. Sara Vagni uses the icon referring to the controller combined with a target, and the ECPC chose an icon of a shied with a checkmark on it. The fact that there is no shared symbol in all these icons shows the difficulty of finding a usable, agreed-upon definition for a concept as complex as “legitimate interests” and coming up with visual representations for the different aspects of such a definition. In addition, the icons indicate that understanding the meaning and relevance of legitimate interests are not shared between the winners. Further specifying the concept might alleviate these issues, even though it is unclear whether under Article 13(1)(d) GDPR it is the data controller’s duty to specify the legitimate interests or it is sufficient to inform that processing is based on Article 6(1)(f) GDPR. Either way, similar to “processing purposes”, the concept of “legitimate interests” suffers from the fact that it is a vague legal concept including a potentially infinite number of sub-concepts. Even if specific legitimate interests were visible, they would need to be standardised and limited in number to make any icon development feasible.
Storage Period
| Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
|
|
|
|
Comparing the icons chosen to represent the storage period, we see representations of a clock, a floppy disk and personal data combined with an hourglass. While some argue that the floppy disk represents the storage medium most popular in the 1980s and 1990s and might thus be unfamiliar to younger generations of internet users, it still is a standard representation for data storage or “saving data” and is well recognised among different age groups. Nonetheless, the icon refers to “data storage” in general and not to “storage period” in particular. A representation of a clock might thus be more suited to represent a specific period, however out of the two clock icons, only the icon proposed by Osservatorio 679 relates this to the concept of data (by having the representation of personal data also function as watch hands). Sara Vagni also uses the icon for personal data with an additional icon of an hourglass indicating the concept of passing the time. To me, the hourglass seems like an excellent way of representing “storage period” since an hourglass always represents a finite amount of time (as long as it is not turned) – which, if data is erased after the storage period has passed, most precisely captures the underlying referent.
Withdrawal Of Consent
| Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
|
|
|
|
The four icons proposed to represent the right to withdraw consent while visually different also share some defining characteristics. Two out of four icon sets (Sara Vagni and Osservatorio 679) use a combined icon: the symbol for personal data is combined with an “X” symbol that hints at the restriction of the processing. Osservatorio 679’s icon also includes a hand pointing towards the option, emphasising the aspect of choice. The other two icons share the use of the octagonal symbol: Athlantic Srl directly identifies it as a STOP sign based on the writing, while the ECPC uses a spread-out hand, which confers a similar meaning while being language-independent. Both icons reference a restriction of sorts, but what is restricted is unclear. While Athlantic Srl’s icon combines the stop sign with the icon for consent to indicate the object of restriction, this may confuse some people as both a check mark and a stop sign are present in the icon.
The Right To Lodge A Complaint With The Supervisory Authority
| Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
|
|
|
|
For this referent, all proposed icons differ. We can see another symbol associated with the legal domain (a gavel), a classical building mentioned in the “legal basis” subsection, including a white circle reminiscent of an eye, a person with a speech bubble containing an exclamation mark seemingly talking to another entity with a policeman’s hat, and a letter addressed to “GPDP” (which is also written below a symbol of a classical building). Out of these four, the latter two seem to most precisely represent the meaning of the concept “complaint with a supervisory authority”. Depicting an actual complaint (as shown in Sara Vagni’s icon) seems to be the best solution to me, as the letter icon fails to capture the central theme of “complaint”. Additionally, the abbreviation on the letter only refers to the Italian DPA limiting icon comprehensibility outside Italy. Finally, it becomes hard to read when the icon size is reduced, potentially reducing item legibility.
The Provision Of Personal Data As A Requirement
| Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
|
|
|
|
To symbolise required personal data, both Athlantic Srl and Sara Vagni use their icon for personal data combined with a “*”, the symbol usually denoting input fields for obligatory data. Using an asterisk seems like a good idea as almost any internet user is likely familiar with this symbol and its implication. The other two icons show a gavel (again) and a sheet of paper combined with a check mark. These visualisations are more strongly associated with the legal aspects of the personal data provision but lose their concrete relation to personal data in return, likely limiting comprehensibility.
Automated Decision-Making, including Profiling
| Athlantic Srl |
Sara Vagni |
Observatory 679 |
ECPC | |
|---|---|---|---|---|
| ADM | |
|
|
|
| profiling | |
When considering the items proposed for automated decision-making (ADM), the item by the ECPC stands out: it shows a crossed-out symbol of a person. As no specific rationale for the choice of icons was provided, the meaning of this choice is unclear. Considering that data subjects have a right not to be subjected to processing, such as ADM or profiling, the icon may indicate this negative right symbolised through the crossed-out person(al profile?). Still, the icon is rather unspecific to ADM and only interpretable after the referent is known.
The remaining three icons improve on this by including symbols representing the specific processing: Osservatorio 679 and Athlantic Srl use gear wheels. In contrast, Sara Vagni uses a symbol of an anthropomorphic robot. Both choices represent automation but with a different emphasis. While a robot implies many aspects (such as embodiment, anthropomorphism, etc.) which are mostly not met by ADM systems, its relation in size concerning the personal data it is holding gives a good indication of the power imbalance between the data subject and the ADM system as well as the removal of human decision-makers from the process. Interestingly, Athlantics Srl’s icons do not focus on personal data but depict the data controller. These icons highlight that ADM and profiling are deliberate processing choices made by the data controller. Thus, they are more suited to describing the data controller themselves instead of the data subject or their personal data. It’s also worth pointing out that both icons for ADM and profiling provided by Athlantic Srl include a triangular sign with an exclamation mark, usually referred to as a warning sign.
Security
None of the icon sets contains icons relating to data security. Admittedly, this is not a specific requirement stated in Articles 13 and 14. Furthermore, there is no requirement to inform the data subject about steps taken to ensure information security according to Art. 32, only to inform them about a security breach as described in Art. 34 GDPR. Still, especially concerning risk, icons symbolising aspects relevant to security, such as pseudonymisation, encryption or certificates relating to technical and organisational security measures, might be relevant for the data subject to assess the trustworthiness of the data controller.
Icon Functions
There is an ongoing debate in the scientific literature about the possible functions of privacy icons. One option is to use “companion icons” within a privacy notice to keep the reader’s attention by guiding them to specific text segments or information highlighted by corresponding icons. Another option is to use icons as “risk indicators” or “warning signs”, directing users’ attention to specific data aspects of processing that might lead to unwanted consequences in the future.
While the icons were chosen by the Garante mostly fall into the first category, some icons stand out by incorporating warning or stop signs. This middle ground between “companion icons” and “risk indicators” might prove to be stimulating for both the academic discussion as well as the development of new icons as icons seemingly can fall into both functional categories.
We’re moving forward – but not yet significantly
Having examined all winning icons with regards to their visual design, function, completeness, and originality, and having considered both congruent and incongruent visualisations, we can draw some conclusions that extend the specific icon sets and concern the development of privacy icons in general.
The public release of icon sets selected by the Italian Data Protection Authority is a good step towards increased visibility and public discussion of privacy icons. It also provides a framework for selecting concepts and the comparison of associated icons.
Still, the questions stated at the start of this blog post remain unanswered:
What function should privacy icons serve?
The debate about the function of privacy icons is far from over and has – if anything – been reignited by Athlantic Srl’s icons combing companion icons and risk indicators.
What aspects should be visualised?
There is still no definitive list of informational aspects that need to be visualised by icon designers, leading to limited comparability. A comprehensive catalogue of relevant concepts would unburden the designers from extracting relevant concepts from the legal text and streamlining the ideation process.
And how can different, often rather abstract, notions related to data privacy be adequately depicted?
While the close examination of the released icon sets has shown some consensus on the depiction of essential categories, it is still challenging to find comprehensible representations for abstract referents. Also, to one day arrive at a satisfying set of privacy icons, thorough empirical testing is necessary. In this regard, a definitive list of aspects to be visualised would again allow faster icon generation and evaluation to find the best representation for any given referent. However, it should also be kept in mind that some super-concepts (containing more specific concepts) – such as legitimate interests or purposes – might not have an adequate graphical representation at all. In such cases, it might be more beneficial to find visualisations of the individual sub-concepts. However, the issue with the super-concepts named above is that they can potentially hold an infinite set of sub-categories, which makes coming up with a graphical representation for each sub-category unfeasible.
These points can be distilled into five short recommendations for any design contest as well as for scientific or private icon design in the future:
1. Decide on the function you want the icons to serve.
2. Provide a definitive list of all concepts you want to visualise. Break down general and abstract concepts into more specific ones if you have to.
3. Empirically test the visualisations to be able to judge their effectiveness.
4. Publish your methods and results to ensure transparency and draw more attention to the issue of privacy icons in general.
5. Provide machine-readable versions of the released visualisations.