ABSTRACT
The General Data Protection Law imposes that obtaining consent is an essential requirement for processing personal data. In the online environment, consent banners use cookies to collect personal data. However, research indicates that these consent requests often do not provide enough information for the user to grant or deny consent. Interaction designers play a crucial role in this context, as they must consider users’ rights while creating interaction technologies. This article presents an experience report on the use of a guide based on the Semiotic Inspection Method to help learners to investigate and reflect about consent terms communicability on websites. We carried out a study with undergraduate students of a Human-Computer Interaction discipline, where each student used the guide to inspect two news portals to identify communication breakdowns and suggest solutions for identified data privacy problems based on an inspection scenario. The results indicate that the guide supported participants identify and explain communicability issues related to non-compliance with the LGPD.
- Michal Armoni, Noa Lewenstein, and Mordechai Ben-Ari. 2008. Teaching Students to Think Nondeterministically. In Proceedings of the 39th SIGCSE Technical Symposium on Computer Science Education (Portland, OR, USA) (SIGCSE ’08). Association for Computing Machinery, New York, NY, USA, 4–8. https://doi.org/10.1145/1352135.1352141Google ScholarDigital Library
- Simone Diniz Junqueira Barbosa, Gabriel Diniz Junqueira Barbosa, Clarisse Sieckenius de Souza, and Carla Faria Leitão. 2021. A Semiotics-Based Epistemic Tool to Reason about Ethical Issues in Digital Technology Design and Development. In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency (Virtual Event, Canada) (FAccT ’21). Association for Computing Machinery, New York, NY, USA, 363–374. https://doi.org/10.1145/3442188.3445900Google ScholarDigital Library
- Manuel Batista, Adriana Fernandes, Lilian Ponzo Ribeiro, Bráulio Alturas, and Carla Pacheco Costa. 2020. Tensions between privacy and targeted advertising: Is the general data protection regulation being violated?. In 2020 15th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 1–5.Google ScholarCross Ref
- Jan M Bauer, Regitze Bergstrøm, and Rune Foss-Madsen. 2021. Are you sure, you want a cookie?–The effects of choice architecture on users’ decisions about sharing private online data. Computers in Human Behavior 120 (2021), 106729.Google ScholarDigital Library
- Carlos Bermejo Fernandez, Dimitris Chatzopoulos, Dimitrios Papadopoulos, and Pan Hui. 2021. This Website Uses Nudging: MTurk Workers’ Behaviour on Cookie Consent Notices. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (2021), 1–22.Google ScholarDigital Library
- SA Bim. 2009. Obstáculos ao ensino dos métodos de avaliação da Engenharia Semiótica. 2009. 181f. Ph. D. Dissertation. Tese (Doutorado)–Pontifícia Universidade Católica RJ, Rio de Janeiro.Google Scholar
- Silvia Amélia Bim, Luciana Cardoso de Castro Salgado, and Carla Faria Leitão. 2016. Evaluation by inspection: Comparing methods of practical, cognitive and semiotic basis. In Proceedings of the 15th Brazilian Symposium on Human Factors in Computing Systems. 1–10.Google ScholarDigital Library
- BRASIL. 2018. Lei n° 13.709, de 14 de agosto de 2018 - Lei Geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da União (2018). Disponível em <http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm>. Acessado em: 24/09/2022.Google Scholar
- Edna Dias Canedo, Vanessa Coelho Ribeiro, Ana Paula de Aguiar Alarcão, Lucas Alexandre Carvalho Chaves, Johann Nicholas Reed, Fábio Lúcio Lopes Mendonça, and Rafael T de Sousa Jr. 2021. Challenges Regarding the Compliance with the General Data Protection Law by Brazilian Organizations: A Survey. In International Conference on Computational Science and Its Applications. Springer, 438–453.Google ScholarDigital Library
- Dimítria Coutinho and Roberto Pereira. 2021. “Ok, entendi”: avisos sobre cookies te induzem a ceder seus dados. Disponível em http://horizontes.sbc.org.br/index.php/2021/12/ok-entendi-avisos-sobre-cookies-te-induzem-a-ceder-seus-dados/. Acessado em 24/09/2022.Google Scholar
- Maria Clara G de Almeida and Luciana C de Castro Salgado. 2019. Investigating Google dashboard’s explainability to support individual privacy decision making. In Proceedings of the 18th Brazilian Symposium on Human Factors in Computing Systems. 1–11.Google ScholarDigital Library
- Sergio Marcos Carvalho de Ávila Negri, Maria Regina Detoni Cavalcanti Rigolon Korkmaz, and Elora Raad Fernandes. 2021. Portabilidade e proteção de dados pessoais: tensões entre pessoa e mercado. civilistica. com 10, 1 (2021), 1–39.Google Scholar
- Evandro Thalles Vale de Castro, Geovana RS Silva, and Edna Dias Canedo. 2022. Ensuring privacy in the application of the Brazilian general data protection law (LGPD). In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. 1228–1235.Google ScholarDigital Library
- Clarisse Sieckenius De Souza, Carla Faria Leitão, Raquel Oliveira Prates, and Elton José Da Silva. 2006. The semiotic inspection method. In Proceedings of VII Brazilian symposium on Human factors in computing systems. 148–157.Google ScholarDigital Library
- Sâmmara Éllen Renner Ferrão, Artur Potiguara Carvalho, Edna Dias Canedo, Alana Paula Barbosa Mota, Pedro Henrique Teixeira Costa, and Anderson Jefferson Cerqueira. 2021. Diagnostic of data processing by Brazilian organizations—a low compliance issue. Information 12, 4 (2021), 168.Google ScholarCross Ref
- Georgios Kampanos and Siamak F Shahandashti. 2021. Accept all: The landscape of cookie banners in Greece and the UK. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings. Springer, 213–227.Google ScholarCross Ref
- Patrícia Lima and Luciana Salgado. 2022. Estratégias de comunicação do Consentimento Informado e rastros de Padrões Obscuros no Instagram. In Anais do III Workshop sobre as Implicações da Computação na Sociedade (Niterói). SBC, Porto Alegre, RS, Brasil, 40–54. https://doi.org/10.5753/wics.2022.223169Google ScholarCross Ref
- Nick logler, Daisy Yoo, and Batya Friedman. 2018. Metaphor Cards: A How-to-Guide for Making and Using a Generative Metaphorical Design Toolkit. In Proceedings of the 2018 Designing Interactive Systems Conference (Hong Kong, China) (DIS ’18). Association for Computing Machinery, New York, NY, USA, 1373–1386. https://doi.org/10.1145/3196709.3196811Google ScholarDigital Library
- Marília Malta Wanderley. 2022. A RESPONSABILIDADE DA VIOLAÇÃO DA PRIVACIDADE COMO EFEITO DO COMPARTILHAMENTO DE DADOS PESSOAIS. Revista Conversas Civilísticas 2, 2 (dez. 2022). https://periodicos.ufba.br/index.php/conversascivilisticas/article/view/50286Google Scholar
- Célestin Matte, Nataliia Bielova, and Cristiana Santos. 2020. Do cookie banners respect my choice?: Measuring legal compliance of banners from iab europe’s transparency and consent framework. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 791–809.Google ScholarCross Ref
- Maryam Mehrnezhad. 2020. A cross-platform evaluation of privacy notices and tracking practices. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 97–106.Google ScholarCross Ref
- João Mendes, Davi Viana, and Luis Rivero. 2021. Developing an Inspection Checklist for the Adequacy Assessment of Software Systems to Quality Attributes of the Brazilian General Data Protection Law: An Initial Proposal(SBES ’21). Association for Computing Machinery, New York, NY, USA, 263–268. https://doi.org/10.1145/3474624.3477069Google ScholarDigital Library
- Emmanouil Papadogiannakis, Panagiotis Papadopoulos, Nicolas Kourtellis, and Evangelos P. Markatos. 2021. User Tracking in the Post-Cookie Era: How Websites Bypass GDPR Consent to Track Users. In Proceedings of the Web Conference 2021 (Ljubljana, Slovenia) (WWW ’21). Association for Computing Machinery, New York, NY, USA, 2130–2141. https://doi.org/10.1145/3442381.3450056Google ScholarDigital Library
- Patricia Peck. 2021. Proteção de dados pessoais: comentários à Lei n. 13.709/2018 (LGPD). Saraiva Educação.Google Scholar
- Raquel Oliveira Prates and Simone Diniz Junqueira Barbosa. 2007. Introdução à teoria e prática da interação humano computador fundamentada na engenharia semiótica. Atualizações em informática (2007), 263–326.Google Scholar
- Than Htut Soe, Oda Elise Nordberg, Frode Guribye, and Marija Slavkovik. 2020. Circumvention by Design - Dark Patterns in Cookie Consent for Online News Outlets. In Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society (Tallinn, Estonia) (NordiCHI ’20). Association for Computing Machinery, New York, NY, USA, Article 19, 12 pages. https://doi.org/10.1145/3419249.3420132Google ScholarDigital Library
- Leonardo vasconcelos, Daniela Trevisan, and José Viterbo. 2022. Engagement by Design: A Card-based approach to design crowdsourcing initiatives. In 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). 353–358. https://doi.org/10.1109/CSCWD54268.2022.9776308Google ScholarCross Ref
Index Terms
- Encouraging learners to seek and explain communicability issues about Consent Request
Recommendations
The crisis of consent: how stronger legal protection may lead to weaker consent in data protection
In this article we examine the effectiveness of consent in data protection legislation. We argue that the current legal framework for consent, which has its basis in the idea of autonomous authorisation, does not work in practice. In practice the legal ...
Consent as Mechanism to Preserve Information Privacy: Its Origin, Evolution, and Current Relevance
Security and Trust ManagementAbstractInformed consent and the requirements to obtain ethical-legal sound consent has a long and rich history that originated with the medical treatment of patients and then evolved into its application in the field of biomedical research. The same ...
The unbearable lightness of consent: mapping MOOC providers' response to consent
L@S '18: Proceedings of the Fifth Annual ACM Conference on Learning at ScaleWhile many strategies for protecting personal privacy have relied on regulatory frameworks, consent and anonymizing data, such approaches are not always effective. Frameworks and Terms and Conditions often lag user behaviour and advances in technology ...
Comments