Cookie-varning på steroider : Ramverk på samtyckestjänst för webbsidor enligt GDPR

• Main Authors: Mattsson, Jonas, Öberg, Axel
• Format: Others
• Language: Swedish
• Published: Luleå tekniska universitet, Institutionen för system- och rymdteknik 2018
• Subjects: Computer and Information Sciences; Data- och informationsvetenskap
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-69603

The objective of this study intends to develop a framework containing design principles, that can be used as a guidance to build useful and GDPR-safe consents-solutions. With the forthcoming implementation of GDPR (25th May 2018), new ways and methods are needed to manage consents at web pages that in some way handles personal data. In order to provide a stable foundation for the work, theory has been developed in relation to the subject and the area. The theoretical reference framework consists of GDPR (Law), which also includes Privacy by Design and Privacy by Default as well as Design and Usability principles. Furthermore, the approach and method to develop the framework, has been based on the design process by Arvola (2014). Within the process, a qualitative data collection has been made with a company and also with a targeted audience. The interviewed company is Meramedia, and during our work procedure they have also been developing a consent solution themselves, which makes them relevant for us to intervene, in order to find interesting information. The data collection with the targeted audience of potential users has contributed with an increased understanding of how users feel and think about this type of solution, which may involve questions and concerns regarding personal data management and design aspects. The empirics is then analyzed using the theory, which allowed the framework to be updated with new content and new principles that arose during the data collection, to answer the purpose of the study. The conclusions found, are that the use of a framework comprising 11 principles would facilitate the work of developing a consent-solution. The principles are as follows: Suitable reduction Response Logic & Unity Adaptation Generality & Reuse Divergence Invitation Simplicity & Efficiency Legal, Correct & Open Data Limitations Predefined choices The meaning of the principles is presented in the conclusion. The conclusion also shows a design proposal based on the intended framework, which shows the importance and matter of all principles. The work is lastly rounded off by reflecting upon the intended work, and it also incorporates future findings related to the area and the subject. GDPR is being implemented on 25th of May 2018, and new challenges in consents-management can certainly emerge as soon as the law has been implemented, which probably opens up for new perspectives.