Every organization must be transparent about the processing of personal data. As an organization with a well-organized business model, that is already difficult enough. But for a large municipality, which performs hundreds of tasks for more than 360,000 residents, that is almost impossible. Almost then.
We developed an understandable privacy statement. Which provides the residents of Utrecht with insight into more than 90 processing processes. With the clear layout, users can quickly navigate to the information that is important to them. It is explained in plain language, supported by infographics.
In 5 steps to an understandable privacy statement
Step 1: Analysis
The Municipality performs hundreds of tasks for its residents. From collecting household waste to supporting people with debts and checking for fraud.
We mapped out all these processing processes. And zoomed in on the 90 most important processes. Processes that are important because many residents have to deal with them, for example the Basic Registration of Persons. Or processes that are very invasive, such as the use of body cams.
Every process was thoroughly explored and no question remained unanswered. Like:
- What personal data is being processed? Is that also special personal data?
- As a resident, how do you know that you are dealing with a process? Is that also possible unnoticed?
- Does the municipality have a basis for processing the data?
- Are algorithms used?
- Has a DPIA been carried out?
Step 2: Structure
With more than 90 processing processes, a good structure is essential. A structure that enables the user to quickly navigate to the important information. This should not be guided by the organizational layout of the municipality, but by the user's experience.
This means that terms such as “Public Order and Safety” and “Safety, Supervision & Enforcement” no longer have a place in the privacy statement. But “I've had contact with the police or an enforcer”. In doing so, we focus on the concrete situation of the user.
Step 3: Testing
There is only one way to find out whether a structure is actually user-friendly: by testing. To do this, we selected a representative user group who were presented with different situations.The lesson? No matter how hard you try, as a designer, you always have blind spots. These can only be clarified by involving users directly in the development.
Step 4: plain language
“Fiscal parking enforcement”, “Administrative law instruments for maintaining public order”, “Data Protection Impact Assessment”, “Multiproblem case consultation”.
Are you still following it? No, neither do we. And that probably also applies to residents of Utrecht.
The privacy statement has therefore been drawn up in plain language. At B1 level. This is the language level that 95% of the population can understand.
Step 5: infographics
A picture sometimes says more than 1000 words. And it is often also easier to understand. That is why we explain the most important information with the help of infographics. In the case of a privacy statement, this is:
- How data is collected
- Whether data is being shared
- How long the data is kept.
For each of the processes, we created an infographic that provides insight into these important points.
The result