Enable Exploration of Data Exports
Problem Summary
Users often lack the tools and understanding necessary to manage and comprehend their disclosed personal data effectively. Despite regulations like the GDPR that grant users rights to access and control their data, many users face significant challenges in understanding the scope and implications of their data disclosures, particularly when exercising their right to receive data that services have about them through data exports. This lack of comprehension leads to feelings of powerlessness, disinterest, and potential misuse of their personal information.
Rationale
The aim is to empower users by enabling them to explore and comprehend their disclosed personal data through effective visualisations. This enhances users' situational awareness, transparency in data transactions, and understanding of how their data is stored, managed, and exported or imported.
Solution
A tool to support the visual and interactive exploration of data exports, enabling users to understand, manage, and control their disclosed personal data effectively.
TransparencyVis aims to enhance situational awareness by supporting perception (exploring one's data distribution based on type, time, and storage service), comprehension (identifying potentially sensitive information), and projection (raising awareness about current and future online behaviours) [1]. It does not utilise a server-based method; instead, it conducts all analysis on the client side, utilising TypeScript and JavaScript libraries. Such client-side processing ensure user privacy, avoiding unnecessary server (and data sharing) interactions. The service, accessible at https://transparency-vis.vx.igd.fraunhofer.de/, offers data export analysis for various platforms including Google, Facebook, Instagram, Netflix, Twitter, LinkedIn, TikTok, and Discord.
While the version presented in this guideline is primarily designed as an independent interface for individuals, there exists an additional potential application for these visualisations within online services, fostering transparency and control by assisting users in visualising their disclosed data within the service [3].
The Data Disclosure Log [2] serves as a service provider-independent and user-side component (a Firefox browser extension) that records personal data disclosures, feeding information into the visualisation tool.
Similar to TransparencyVis, the Data Disclosure Log incorporates several views, including a chronological view that allows for a temporal analysis of past personal data disclosures, which allows exploration of patterns and trends.
The research in [2] predates GDPR and while user-side logging has its benefits, the GDPR's right to access concerns the data held by the online service, including inferred data. Hence, a visualisation tool aligned with GDPR's right to access should primarily emphasise analysing and presenting server-side data, such as data exports or information stored within the online service.
The Data Track's primary focus, a standalone data track tool, as outlined in Karegar, Pulls e Fischer-Hübner [3], revolves around the data portability right, although the tool is tailored for visualising data exports. This specific version addresses data exported from Google, mainly location-related data, providing a map view for visualising the traced information.
The project was part of European PRIME and PrimeLife projects (archived at http://primelife.ercim.eu/) and is no longer maintained (archived at https://github.com/pylls/datatrack).
Platforms: personal computers, mobile devices
Related guidelines: Support the Visualisation and Comprehension of Disclosed Data
Example
![The four views of TransparencyVis <a href="#section3">[3]</a>](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/TransparencyVis.jpg)
The four views of TransparencyVis [1]. (See enlarged)
![The chronological view of the Data Disclosure Log <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/data-disclosure-log.jpg)
The chronological view of the Data Disclosure Log [2] (See enlarged)
![The chronological view of the Data Disclosure Log <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/data-disclosure-log.png)
![The four views of TransparencyVis <a href="#section3">[3]</a>](/upcguidelines/media/uploads/guideline_images/TransparencyVis.png)
Use cases
- Visualisation and exploration of personal data exports (exercise of data access rights).
- Possible application by online services to aid users in visualizing their disclosed data in that service.
- Aiding on visualising and filtering data for data portability purposes.
Pros
- The solution received significant approval and interest from the targeted user group, indicating its potential acceptance and relevance among users. The evaluation showed promising results in terms of the tool's impact on privacy attitudes and perceived appropriateness for its intended purposes, indicating initial effectiveness [1].
- Most participants stated that for the purpose of exercising their right to data portability, they would prefer first to export their data, inspect and filter out some information before uploading it to another service provider, and would appreciate using a tool such as the Data Track for helping them to visualise and filter data in this context [3].
- A conducted user test proved the usability and the user acceptance of the solution [2].
Cons
- Only support data exports from Google. Users demonstrated difficulty differentiating between locally and remotely stored and controlled data. Additionally, users were concerned about the security of their data when they thought of downloading the data on their own machines and being responsible for its security [3].
- While the treemap in FileView offers advantages in data representation, it may be less intuitive for common users, necessitating optimisation for non-experts to enhance usability. Some functionalities, such as ListView and FileView, were not well understood by participants, indicating a need for further improvements and user comprehension. Enhancements are needed to better communicate the distinctions between files and data elements, addressing the challenge of providing a comprehensive overview to users. Long-term studies have to be applied to improved versions of the interface to examine the significance of the effects [1].
- Dealing with the vast variance in data export formats between online services and users poses a challenge in developing unified parsing schemes, impacting the provision of a comprehensive overview for the user [1].
Privacy Notices
This guideline is closely related to privacy notices. Privacy notices typically inform users about the collection, use, and sharing of their personal data [4]. Tools that enable individuals to analyse their exported data, especially when exercising their right to data access, align with the principles of transparency and control that privacy notices often aim to provide. Allowing users to examine and analyse their stored data from service providers, these tools help them gain insights into the specific data held, its utilisation, and potential sharing. This can complement the information provided in privacy notices, offering users a more hands-on approach to comprehending the data and verifying whether it matches the details presented in the privacy policy.
If integrated into the service handling personal data, such a tool could facilitate privacy choices by offering controls like data exclusion and consent management.
- On demand
The proposed guideline can be used to present a privacy notice to users when they actively seek privacy information, for example, in privacy dashboards or privacy settings interfaces.
- Decoupled
This guideline can be applied to privacy notices decoupled from privacy choices.
- Non-blocking
This guideline can be coupled with non-blocking controls (privacy choices), providing control options without forcing user interaction.
- Visual
This guideline is for a visual notice, using visual resources such as colours, text and icons.
- Primary
This guideline can be applied to the same platform or device the user is interacting with.
- Secondary
This guideline can be extended to secondary channels if the primary channel lacks or offers a limited interface. Utilising tools aligned with this guideline helps process GDPR-given data access rights across multiple channels, ensuring thorough data analysis and compliance. This guideline is expected to be frequently applied to secondary channels due to wider availability and accessibility, not solely due to interface limitations.
Transparency
The guideline aims to provide tools that allow users to visually and interactively explore their data exports, enhancing their understanding and awareness of how their personal data are being used, stored, and managed. This aligns with transparency [5], as it seeks to make data handling practices clear and accessible to users. Other related privacy attributes:
By enabling users to explore their data exports, the guideline supports the idea of users having control over their data, including informed consent and the ability to manage their personal information.
Visualising data exports helps hold service providers accountable by making it easier for users to see how their data is handled.
The guideline implicitly supports correctness by allowing users to see what data is held about them, which can help them identify and correct inaccuracies.
The guideline supports this attribute by helping users visualise the data collected about them, whether directly or indirectly. This visualisation enhances users' understanding of what personal information is gathered, supporting data minimisation and informed decision-making.
References
[1] Marija Schufrin, Steven Lamarr Reynolds, Arjan Kuijper and Jorn Kohlhammer (2021). A Visualization Interface to Improve the Transparency of Collected Personal Data on the Internet. IEEE Transactions on Visualization and Computer Graphics, v. 27, n. 2, p. 1840–1849. https://doi.org/10.1109/TVCG.2020.3028946
[2] Jan Kolter, Michael Netter and Günther Pernul (2010). Visualizing Past Personal Data Disclosure. In: IEEE. 2010 International Conference on Availability, Reliability and Security. [S.l.], p. 131–139. https://doi.org/10.1109/ARES.2010.51
[3] Farzaneh Karegar, Tobias Pulls and Simone Fischer-Hübner (2016). Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This? In: SPRINGER. IFIP International Summer School on Privacy and Identity Management. [S.l.], p. 164–181. https://doi.org/10.1007/978-3-319-55783-0_12
[4] Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor (2015). A Design Space for Effective Privacy Notices. In: Symposium on Usable Privacy and Security (SOUPS 2015). [S.l.: s.n.], p. 1–17. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf
[5] Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288