Encouraging learners to seek and explain communicability issues about Consent Request
Resumo
The General Data Protection Law imposes that obtaining consent is an essential requirement for processing personal data. In the online environment, consent banners use cookies to collect personal data. However, research indicates that these consent requests often do not provide enough information for the user to grant or deny consent. Interaction designers play a crucial role in this context, as they must consider users’ rights while creating interaction technologies. This article presents an experience report on the use of a guide based on the Semiotic Inspection Method to help learners to investigate and reflect about consent terms communicability on websites. We carried out a study with undergraduate students of a Human-Computer Interaction discipline, where each student used the guide to inspect two news portals to identify communication breakdowns and suggest solutions for identified data privacy problems based on an inspection scenario. The results indicate that the guide supported participants identify and explain communicability issues related to non-compliance with the LGPD.
Palavras-chave:
Semiotic Inspection Method, Semiotics Engineering, Data Privacy, LGPD, Online Consent Request
Referências
Michal Armoni, Noa Lewenstein, and Mordechai Ben-Ari. 2008. Teaching Students to Think Nondeterministically. In Proceedings of the 39th SIGCSE Technical Symposium on Computer Science Education (Portland, OR, USA) (SIGCSE ’08). Association for Computing Machinery, New York, NY, USA, 4–8. DOI: 10.1145/1352135.1352141
Simone Diniz Junqueira Barbosa, Gabriel Diniz Junqueira Barbosa, Clarisse Sieckenius de Souza, and Carla Faria Leitão. 2021. A Semiotics-Based Epistemic Tool to Reason about Ethical Issues in Digital Technology Design and Development. In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency (Virtual Event, Canada) (FAccT ’21). Association for Computing Machinery, New York, NY, USA, 363–374. DOI: 10.1145/3442188.3445900
Manuel Batista, Adriana Fernandes, Lilian Ponzo Ribeiro, Bráulio Alturas, and Carla Pacheco Costa. 2020. Tensions between privacy and targeted advertising: Is the general data protection regulation being violated?. In 2020 15th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 1–5.
Jan M Bauer, Regitze Bergstrøm, and Rune Foss-Madsen. 2021. Are you sure, you want a cookie?–The effects of choice architecture on users’ decisions about sharing private online data. Computers in Human Behavior 120 (2021), 106729.
Carlos Bermejo Fernandez, Dimitris Chatzopoulos, Dimitrios Papadopoulos, and Pan Hui. 2021. This Website Uses Nudging: MTurk Workers’ Behaviour on Cookie Consent Notices. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (2021), 1–22.
SA Bim. 2009. Obstáculos ao ensino dos métodos de avaliação da Engenharia Semiótica. 2009. 181f. Ph. D. Dissertation. Tese (Doutorado)–Pontifícia Universidade Católica RJ, Rio de Janeiro.
Silvia Amélia Bim, Luciana Cardoso de Castro Salgado, and Carla Faria Leitão. 2016. Evaluation by inspection: Comparing methods of practical, cognitive and semiotic basis. In Proceedings of the 15th Brazilian Symposium on Human Factors in Computing Systems. 1–10.
BRASIL. 2018. Lei n° 13.709, de 14 de agosto de 2018 - Lei Geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da União (2018). Disponível em [link]. Acessado em: 24/09/2022.
Edna Dias Canedo, Vanessa Coelho Ribeiro, Ana Paula de Aguiar Alarcão, Lucas Alexandre Carvalho Chaves, Johann Nicholas Reed, Fábio Lúcio Lopes Mendonça, and Rafael T de Sousa Jr. 2021. Challenges Regarding the Compliance with the General Data Protection Law by Brazilian Organizations: A Survey. In International Conference on Computational Science and Its Applications. Springer, 438–453.
Dimítria Coutinho and Roberto Pereira. 2021. “Ok, entendi”: avisos sobre cookies te induzem a ceder seus dados. Disponível em [link]. Acessado em 24/09/2022.
Maria Clara G de Almeida and Luciana C de Castro Salgado. 2019. Investigating Google dashboard’s explainability to support individual privacy decision making. In Proceedings of the 18th Brazilian Symposium on Human Factors in Computing Systems. 1–11.
Sergio Marcos Carvalho de Ávila Negri, Maria Regina Detoni Cavalcanti Rigolon Korkmaz, and Elora Raad Fernandes. 2021. Portabilidade e proteção de dados pessoais: tensões entre pessoa e mercado. civilistica. com 10, 1 (2021), 1–39.
Evandro Thalles Vale de Castro, Geovana RS Silva, and Edna Dias Canedo. 2022. Ensuring privacy in the application of the Brazilian general data protection law (LGPD). In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. 1228–1235.
Clarisse Sieckenius De Souza, Carla Faria Leitão, Raquel Oliveira Prates, and Elton José Da Silva. 2006. The semiotic inspection method. In Proceedings of VII Brazilian symposium on Human factors in computing systems. 148–157.
Sâmmara Éllen Renner Ferrão, Artur Potiguara Carvalho, Edna Dias Canedo, Alana Paula Barbosa Mota, Pedro Henrique Teixeira Costa, and Anderson Jefferson Cerqueira. 2021. Diagnostic of data processing by Brazilian organizations—a low compliance issue. Information 12, 4 (2021), 168.
Georgios Kampanos and Siamak F Shahandashti. 2021. Accept all: The landscape of cookie banners in Greece and the UK. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings. Springer, 213–227.
Patrícia Lima and Luciana Salgado. 2022. Estratégias de comunicação do Consentimento Informado e rastros de Padrões Obscuros no Instagram. In Anais do III Workshop sobre as Implicações da Computação na Sociedade (Niterói). SBC, Porto Alegre, RS, Brasil, 40–54. DOI: 10.5753/wics.2022.223169
Nick logler, Daisy Yoo, and Batya Friedman. 2018. Metaphor Cards: A How-to-Guide for Making and Using a Generative Metaphorical Design Toolkit. In Proceedings of the 2018 Designing Interactive Systems Conference (Hong Kong, China) (DIS ’18). Association for Computing Machinery, New York, NY, USA, 1373–1386. DOI: 10.1145/3196709.3196811
Marília Malta Wanderley. 2022. A RESPONSABILIDADE DA VIOLAÇÃO DA PRIVACIDADE COMO EFEITO DO COMPARTILHAMENTO DE DADOS PESSOAIS. Revista Conversas Civilísticas 2, 2 (dez. 2022). [link]
Célestin Matte, Nataliia Bielova, and Cristiana Santos. 2020. Do cookie banners respect my choice?: Measuring legal compliance of banners from iab europe’s transparency and consent framework. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 791–809.
Maryam Mehrnezhad. 2020. A cross-platform evaluation of privacy notices and tracking practices. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 97–106.
João Mendes, Davi Viana, and Luis Rivero. 2021. Developing an Inspection Checklist for the Adequacy Assessment of Software Systems to Quality Attributes of the Brazilian General Data Protection Law: An Initial Proposal(SBES ’21). Association for Computing Machinery, New York, NY, USA, 263–268. DOI: 10.1145/3474624.3477069
Emmanouil Papadogiannakis, Panagiotis Papadopoulos, Nicolas Kourtellis, and Evangelos P. Markatos. 2021. User Tracking in the Post-Cookie Era: How Websites Bypass GDPR Consent to Track Users. In Proceedings of the Web Conference 2021 (Ljubljana, Slovenia) (WWW ’21). Association for Computing Machinery, New York, NY, USA, 2130–2141. DOI: 10.1145/3442381.3450056
Patricia Peck. 2021. Proteção de dados pessoais: comentários à Lei n. 13.709/2018 (LGPD). Saraiva Educação.
Raquel Oliveira Prates and Simone Diniz Junqueira Barbosa. 2007. Introdução à teoria e prática da interação humano computador fundamentada na engenharia semiótica. Atualizações em informática (2007), 263–326.
Than Htut Soe, Oda Elise Nordberg, Frode Guribye, and Marija Slavkovik. 2020. Circumvention by Design - Dark Patterns in Cookie Consent for Online News Outlets. In Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society (Tallinn, Estonia) (NordiCHI ’20). Association for Computing Machinery, New York, NY, USA, Article 19, 12 pages. DOI: 10.1145/3419249.3420132
Leonardo vasconcelos, Daniela Trevisan, and José Viterbo. 2022. Engagement by Design: A Card-based approach to design crowdsourcing initiatives. In 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). 353–358. DOI: 10.1109/CSCWD54268.2022.9776308
Simone Diniz Junqueira Barbosa, Gabriel Diniz Junqueira Barbosa, Clarisse Sieckenius de Souza, and Carla Faria Leitão. 2021. A Semiotics-Based Epistemic Tool to Reason about Ethical Issues in Digital Technology Design and Development. In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency (Virtual Event, Canada) (FAccT ’21). Association for Computing Machinery, New York, NY, USA, 363–374. DOI: 10.1145/3442188.3445900
Manuel Batista, Adriana Fernandes, Lilian Ponzo Ribeiro, Bráulio Alturas, and Carla Pacheco Costa. 2020. Tensions between privacy and targeted advertising: Is the general data protection regulation being violated?. In 2020 15th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 1–5.
Jan M Bauer, Regitze Bergstrøm, and Rune Foss-Madsen. 2021. Are you sure, you want a cookie?–The effects of choice architecture on users’ decisions about sharing private online data. Computers in Human Behavior 120 (2021), 106729.
Carlos Bermejo Fernandez, Dimitris Chatzopoulos, Dimitrios Papadopoulos, and Pan Hui. 2021. This Website Uses Nudging: MTurk Workers’ Behaviour on Cookie Consent Notices. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (2021), 1–22.
SA Bim. 2009. Obstáculos ao ensino dos métodos de avaliação da Engenharia Semiótica. 2009. 181f. Ph. D. Dissertation. Tese (Doutorado)–Pontifícia Universidade Católica RJ, Rio de Janeiro.
Silvia Amélia Bim, Luciana Cardoso de Castro Salgado, and Carla Faria Leitão. 2016. Evaluation by inspection: Comparing methods of practical, cognitive and semiotic basis. In Proceedings of the 15th Brazilian Symposium on Human Factors in Computing Systems. 1–10.
BRASIL. 2018. Lei n° 13.709, de 14 de agosto de 2018 - Lei Geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da União (2018). Disponível em [link]. Acessado em: 24/09/2022.
Edna Dias Canedo, Vanessa Coelho Ribeiro, Ana Paula de Aguiar Alarcão, Lucas Alexandre Carvalho Chaves, Johann Nicholas Reed, Fábio Lúcio Lopes Mendonça, and Rafael T de Sousa Jr. 2021. Challenges Regarding the Compliance with the General Data Protection Law by Brazilian Organizations: A Survey. In International Conference on Computational Science and Its Applications. Springer, 438–453.
Dimítria Coutinho and Roberto Pereira. 2021. “Ok, entendi”: avisos sobre cookies te induzem a ceder seus dados. Disponível em [link]. Acessado em 24/09/2022.
Maria Clara G de Almeida and Luciana C de Castro Salgado. 2019. Investigating Google dashboard’s explainability to support individual privacy decision making. In Proceedings of the 18th Brazilian Symposium on Human Factors in Computing Systems. 1–11.
Sergio Marcos Carvalho de Ávila Negri, Maria Regina Detoni Cavalcanti Rigolon Korkmaz, and Elora Raad Fernandes. 2021. Portabilidade e proteção de dados pessoais: tensões entre pessoa e mercado. civilistica. com 10, 1 (2021), 1–39.
Evandro Thalles Vale de Castro, Geovana RS Silva, and Edna Dias Canedo. 2022. Ensuring privacy in the application of the Brazilian general data protection law (LGPD). In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. 1228–1235.
Clarisse Sieckenius De Souza, Carla Faria Leitão, Raquel Oliveira Prates, and Elton José Da Silva. 2006. The semiotic inspection method. In Proceedings of VII Brazilian symposium on Human factors in computing systems. 148–157.
Sâmmara Éllen Renner Ferrão, Artur Potiguara Carvalho, Edna Dias Canedo, Alana Paula Barbosa Mota, Pedro Henrique Teixeira Costa, and Anderson Jefferson Cerqueira. 2021. Diagnostic of data processing by Brazilian organizations—a low compliance issue. Information 12, 4 (2021), 168.
Georgios Kampanos and Siamak F Shahandashti. 2021. Accept all: The landscape of cookie banners in Greece and the UK. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings. Springer, 213–227.
Patrícia Lima and Luciana Salgado. 2022. Estratégias de comunicação do Consentimento Informado e rastros de Padrões Obscuros no Instagram. In Anais do III Workshop sobre as Implicações da Computação na Sociedade (Niterói). SBC, Porto Alegre, RS, Brasil, 40–54. DOI: 10.5753/wics.2022.223169
Nick logler, Daisy Yoo, and Batya Friedman. 2018. Metaphor Cards: A How-to-Guide for Making and Using a Generative Metaphorical Design Toolkit. In Proceedings of the 2018 Designing Interactive Systems Conference (Hong Kong, China) (DIS ’18). Association for Computing Machinery, New York, NY, USA, 1373–1386. DOI: 10.1145/3196709.3196811
Marília Malta Wanderley. 2022. A RESPONSABILIDADE DA VIOLAÇÃO DA PRIVACIDADE COMO EFEITO DO COMPARTILHAMENTO DE DADOS PESSOAIS. Revista Conversas Civilísticas 2, 2 (dez. 2022). [link]
Célestin Matte, Nataliia Bielova, and Cristiana Santos. 2020. Do cookie banners respect my choice?: Measuring legal compliance of banners from iab europe’s transparency and consent framework. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 791–809.
Maryam Mehrnezhad. 2020. A cross-platform evaluation of privacy notices and tracking practices. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 97–106.
João Mendes, Davi Viana, and Luis Rivero. 2021. Developing an Inspection Checklist for the Adequacy Assessment of Software Systems to Quality Attributes of the Brazilian General Data Protection Law: An Initial Proposal(SBES ’21). Association for Computing Machinery, New York, NY, USA, 263–268. DOI: 10.1145/3474624.3477069
Emmanouil Papadogiannakis, Panagiotis Papadopoulos, Nicolas Kourtellis, and Evangelos P. Markatos. 2021. User Tracking in the Post-Cookie Era: How Websites Bypass GDPR Consent to Track Users. In Proceedings of the Web Conference 2021 (Ljubljana, Slovenia) (WWW ’21). Association for Computing Machinery, New York, NY, USA, 2130–2141. DOI: 10.1145/3442381.3450056
Patricia Peck. 2021. Proteção de dados pessoais: comentários à Lei n. 13.709/2018 (LGPD). Saraiva Educação.
Raquel Oliveira Prates and Simone Diniz Junqueira Barbosa. 2007. Introdução à teoria e prática da interação humano computador fundamentada na engenharia semiótica. Atualizações em informática (2007), 263–326.
Than Htut Soe, Oda Elise Nordberg, Frode Guribye, and Marija Slavkovik. 2020. Circumvention by Design - Dark Patterns in Cookie Consent for Online News Outlets. In Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society (Tallinn, Estonia) (NordiCHI ’20). Association for Computing Machinery, New York, NY, USA, Article 19, 12 pages. DOI: 10.1145/3419249.3420132
Leonardo vasconcelos, Daniela Trevisan, and José Viterbo. 2022. Engagement by Design: A Card-based approach to design crowdsourcing initiatives. In 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). 353–358. DOI: 10.1109/CSCWD54268.2022.9776308
Publicado
16/10/2023
Como Citar
DA SILVA, Wesley Nunes; SILVA, Mônica; SALGADO, Luciana C. De Castro.
Encouraging learners to seek and explain communicability issues about Consent Request. In: SIMPÓSIO BRASILEIRO SOBRE FATORES HUMANOS EM SISTEMAS COMPUTACIONAIS (IHC), 22. , 2023, Maceió/AL.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
