Emerging technologies are hard to regulate because law changes slowly but technologies develop quickly. Information privacy concerns are a particular challenge for data driven systems, and the problem space is becoming increasingly complex with technologies like the Internet of Things. Governments and policymakers recognise the need to include technology designers in regulation, and are now advocating privacy by design (PbD).
PbD requires technology designers to think about privacy risks as early as possible in the design process, to address challenges ideally before anything is built and hits the market.
However, doing this in practice is complex. A key challenge is bringing the legal and design communities closer together. As Professor Tom Rodden explains: “designers struggle with many abstract legal concepts involved in regulation. The challenge is how to make these abstract legal concepts real and relevant for the designers”.
We want to support designers dealing with privacy in their work by sensitising them to information privacy laws in a constructive way. As a direct response to the new European Data Protection Law (GDPR) which legally mandates information privacy by design, we’ve developed a set of privacy ideation cards. These translate the law into a design tool that designers can engage with on their own terms. We are testing these within a range of organisations like higher education, multinational companies, SMEs, public sector to better understand use of the tool in practice.
Our idea has been gaining traction at the international level. Last year we presented the paper “Playing the Legal Card”[1] at ACM SIGCHI 2015 in Seoul, South Korea. We’ve also had media coverage on technology news service ‘the Register’,[2] and with the UK technology law community in ‘Computers and Law’.[3] Recently, we presented the concept to the UK Information Commissioner Office at their ‘KnowAbout’ sessions. ‘Privacy by Design in Action’
We also have a US partner project funded by the National Science Foundation for $175,000[4] at Tandon School of Engineering at New York University with partners at Intel, Microsoft and University of California, Irvine.
For more information, take a look at the Lachlan’s research blog and visit the Mixed Reality Lab Information Privacy by Designing Cards page
Update: March 2021: The Moral-It Deck: a tool for ethics by design, Journal of Responsible Innovation
[1] http://research.microsoft.com/apps/pubs/default.aspx?id=244898
[2] http://www.theregister.co.uk/2015/05/06/devs_confused_by_eu_privacy_law_pull_out_the_flash_cards/