Data Centre — Working with the ICO to improve's privacy awareness and data autonomy

Interaction and Experience Design

Data Centre is a proposed iOS intervention designed for the Information Commissioner's Office that was prototyped to show how technology companies might comply with the UK's new Age Appropriate Design Code. The solution is a built-in educational tool for operating systems that helps children to understand and manage their data, subsequently promoting autonomy and online safety.

Both parents and children can lack awareness of the data collection practices used by third-party services and their impact on privacy. The lack of transparent data management on websites can exacerbate this situation, highlighting the need for a user-friendly system that affords user autonomy within online spaces. The ICO's new Age Appropriate Design Code aims to regulate online services for children more effectively. However, as a new piece of legislation, the ICO lacked examples of how technology companies could implement the code.
Therefore, we worked with the ICO to prototype a low fidelity solution that involves a built-in educational tool for operating systems. The intervention focuses on children aged 7-11 within the iOS platform. However, the intervention can equally apply to alternative operating systems and other demographic groups with slight adjustments. We chose the 7-11 age to target Piaget's concrete operational stage of developmental psychology and complement the Key Stage 2 ICT curriculum.
The main features include a personalised interface to capture user attention and increase engagement; distinct animations to indicate when personal, locational or behavioural data is requested; and an optional guided overlay to indicate how to delete all personal data and disable data sharing to third parties. Since research indicates that autonomy-supportive parental action is advantageous over control-based action in the context of data awareness, the tool was designed as an instructive intervention, educating and highlighting the importance of data awareness without restricting online activity. Through this tool, children can be afforded greater dignity within online spaces and learn how to manage risky situations more effectively.
Information Commissioners Office
Lauren Dowling
Sana Pirmohamed
Priyen Morjaria
Frederic Macher
Interaction and Experience Design
User Resarch

Psychologically-driven design

The design of this intervention is specifically targeted to the developmental psychology of children aged 7-11 under Piaget's theory of cognitive development. At this stage of development, we can expect children to understand concepts that Piaget describes as schemas, assimilation, and accommodation. Therefore we employed the use of emojis and animojis as a visual device to represent the new and abstract concept of data collection. This usage minimises the semantic distance between the real-life concept and its emoji representation, enabling children to develop a basic understanding of controlling their privacy, which is subsequently accommodated into an updated schema.
We also developed tools to assist children in the deletion of their data. A swipe-up gesture reveals a task-bar, containing two graphical icons, depicting the concepts of privacy and data deletion. Each icon triggers an overlay on the current site, revealing a click-by-click guide through the site. The first icon signposts the site’s privacy toggle, allowing the child to become aware of the often-complicated path to achieve this simple yet crucial task. The second icon signposts the site’s button for the deletion of data from the company database. These overlays provide a simple and visual method of safe transit through websites, whilst minimising the change in the company’s site design. The long-term goal is to allow the child to learn and practise the navigation of such routes, such that without guidance, they are better able and more intuitively adept at identifying the routes needed to toggle the relevant safety settings. The overlay also notes the minimum number of clicks or taps required to carryout data deletion and privacy setting adjustments. This provides a clear metric for how complicated the process is and gives grounds for the ICO to intervene where a system is too complex.