User Experience
The first CIS meeting to discuss user experience is scheduled for 2018-10-18
Here are a list of proposed topics:
- End User perspective, use cases that result in the issuance of a CR (eg the user enters some data with suitable privacy labels, at the end of the session a CR is issued.)
- How will the end user interpret a CR (eg this CR will relate to the named data categories and data sinks for a stated period of time, or until revoked)
- Here is an example of Consent Certificates. (this is an interesting, but overloaded term. Has anyone else used a different term - i called it a user stipulation in another doc. tcj) ( as an extreme example if you've downloaded any of the third party apps you'll encounter a much-streamlined consent process. Remembering we are in the phase of attracting developers to show what can be done when consent is granted.jjp)
- Here are some apps creating a CR once an individual has agreed to https://digi.me/share
- Here are some images of a CR created
- The context and relevance of this seem unclear (at least to me). So an app is installed on the user's phone. it looks at the user data, perhaps stores it on the phone. Right? (yes)
- How is this covered by the GDPR or by any consent receipt? GDPR by the requests an app can make, basically on them) I can't see that any information transfer has occurred. (you should download the app and give it a test drive, as I didn't post the complete user journey only the artifacts as a CR created after consent is given. With a built-in capability for the individual to actually view all the data they might share before they consent) (I had thought a CR stood on it's own. or is this just the user view of the CR? tcj) (tcj it's just the view and might very well be the first example of what Andrew calls a privacy dashboard. As you'll note an individual can actually control the consent once the permission or granting of sharing the data has been executed on jjp)
- Here is an example of Consent Certificates. (this is an interesting, but overloaded term. Has anyone else used a different term - i called it a user stipulation in another doc. tcj) ( as an extreme example if you've downloaded any of the third party apps you'll encounter a much-streamlined consent process. Remembering we are in the phase of attracting developers to show what can be done when consent is granted.jjp)
- How does the end user find sources of data about him that he does not generate (eg medical lab results) and are they subject to the issuance of a CR
- List of issues that impact the user experience or understanding
- What is the scope of a CR (eg the CR relates to a user, a data source and a (perhaps potential) data sink?
- How does a website policy get represented to the user and tracked (eg the privacy policy is indicated by a DOI and hash of the document)
- How does the user's acceptance of the website policy (or other stipulation) get recorded and is it considered non-reputable (eg good legal evidence)
- How does the user understand the data categories (ie what actual data is included in each category)
- Accessibility: possible areas for adjustment to make CR more accessible – create examples page with developer directions for each of these methods
- Style Guides with specific requirements for accessibility and assistive technology
Additional content for assistive technology users, specifically using "aria-describedby" in web pages, "hints" in iOS applications or a "content description" in Android applications.
- Text resizing
- Touch and gestures
- Keyboard shortcuts
- Tooltips
- Color Contrast
Pattern Libraries
