[Updated as of 02 April 2018.]

In discussions online and offline, talk of Data Privacy Act compliance invariably leads to observations on the delicate balancing act between privacy and usability. I agree that privacy may prove to be one of the biggest UX design challenges right now. But this is not an insurmountable one.

Consider how OneTrust.com approaches the problem of privacy, consent, and the different privacy preferences that it’s website users may have. The privacy notice informs you of what information the website collects from users, what the collected information will be used for, and what these mean for users. The notice goes on to explain how the user can tweak the settings according to what information s/he is comfortable sharing.

The first item on the menu is “Strictly Necessary Cookies.” You will note that you cannot change any of the settings under this catergory. It must be because these are, according to One Trust, strictly necessary. Note though that all of the cookies are enumerated and you are informed that these cookies do not store your personal information.

Next up is the category “Performance Cookies.” Again, the website explains what the performance cookies do. The cookies used are identified and you are given the option to block the cookies from your device. The same features apply to the next categories, “Functional Cookies” and “Targetting Cookies.”

The last item on the menu is “More Information,” which brings up a page where an extensive discussion of what cookies are, the website’s cookie policy, and the different cookie settings. Remarkably, the website goes on to list not only the companies but also the specific cookies being saved on your device. This level of specificity is NOT a requirement of the Data Privacy Act (DPA) but more transparency certainly isn’t a bad thing.

Want to learn more about cookies? Check out the Cookiepedia here.

Update: I found a tool that can be used as a mechanism for allowing users to control cookies. The website touts the following features that make it compliant with the General Data Protection Regulation that comes into force in the EU on May 25.

Considering that the DPA hews pretty closely to the requirements of the GDPR, local web developers can use this tool (or follow its format) to comply with the DPA as well.

Another example of an approach to user-defined cookie settings is the website of CNIL, the Data Protection Authority of France. When you go to the website, there's a notice telling you about their use of third party cookies. You are presented with the choice of allowing all cookies or personalizing the settings. When you click personalize, the following choices appear (there are actually more choices but these are the only ones I could screencap).

This exercise in looking for sample approaches to the use of cookies proves that the internet is replete with sources to learn from. As in other things, it is only a question of knowing where to look.

#privacypolicy #cookies #PracticalPrivacy #CookieControl