Have you heard of Legal Design? Legal Design puts people back at the centre of legal thinking.
This technique is now essential for communicating your legal obligations to your customers, employees or website visitors, for example in relation to your compliance with the General Data Protection Regulation (GDPR).
Legal Design enables you to draft legal documents in which the information is more easily accessible, intelligible, formulated in clear terms and above all adapted to your target audience, as required by the GDPR.
These days, the legal documents you see online are often too long, complex or even impossible to understand for someone with no legal knowledge.
In this article, we share with you the fundamental steps for applying Legal Design to your GDPR legal documents.
What is Legal Design?
This technique is an application to the legal world of Design Thinking, an innovative creative method.
It involves putting the human/”user” (your customer, visitor, worker, etc.) at the centre of your problem-solving approach, by following these steps:
1. Understand who your user is, using empathy: their context, their circumstances, their profile, etc.
2. Define their problem (sometimes the user doesn’t even know it themselves), to determine the objective of the solution to be created
3. Generate several ideas for solutions, prototypes, by being open to innovative solutions
4. Test these ideas with the user (what works, what doesn’t)…
5….until we come up with a solution that is best adapted to their needs.
This innovative approach to the law, applied to the problem of communicating your legal obligations, will improve the clarity of your documents for your target audience, while respecting the list of information that must be included.
In parallel with this methodology for creating solutions, Legal Design advocates the use of clear language and visual elements for a much more digestible and dynamic layout.
How to apply Legal Design to your GDPR and Eprivacy legal documents
The legal problem: Understanding the issues and complying with the fundamental principles of the GDPR
Reminder: What is the GDPR?
Before you start drafting your documents, it is absolutely essential to understand the principles of the GDPR and map out all of your organisation’s data processing. This involves setting up a register of the personal data processed by your organisation for each type of data subject (e.g. prospects, customers, visitors to your website etc….). To do this, you need to:
- Know all the personal data you collect and generate and why you do so (purpose);
- Identify the legal basis used for each personal data processing purpose;
- Identify the length of time or the criteria for storing personal data for each purpose;
- Identify all data recipients (e.g. suppliers, subcontractors, etc.) and check that your organisation has data processing agreements in place with all your subcontractors;
- Identify data transfers outside the European Economic Area and the custom measures taken;
- Put in place internal procedures and policies to guarantee the proper exercise of individuals’ rights and data security;
If you are unfamiliar with the GDPR, don’t hesitate to call on the services of a DPO or a lawyer. A good understanding of the principles of the GDPR will lay the foundations for a solid policy that is adapted to your business. If you are a web agency in charge of drafting legal documents for your clients’ websites, it is compulsory to tailor documents to the specific features of your clients’ data processing activities that are unique to their organisation and not to use templates.
Your specific challenge with regard to the GDPR and your website: drafting a privacy policy that will be read by your visitors
The GDPR requires you to inform visitors to your website about how you are going to collect and use their personal data collected (among other things) via your website.
To do this, you will need to put in place a privacy policy, an information notice for anyone whose personal data you use.
The aim will be to ensure that readers of the document find the information they need easily, can understand it at their level of expertise and know how to apply it. The privacy policies you can find online are often veritable walls of words, incomprehensible and visually oppressive, certainly not meeting the objective of informing the visitor to your website.
The problem for visitors to your website: understanding your privacy policy so that they can decide whether they trust you.
Why is it important for them to understand what you do with their data? It enables them to anticipate whether or not they are in line with your stated use of their personal data and to make a transparent choice about whether or not to entrust it to you.
This is a problem that visitors may not be aware of at first. The fact that they can easily access information when they need it also helps to build trust over the long term.
Understanding your users and their needs
To apply Legal Design, it is therefore important to understand your target audience and their needs: identify your personas, their demographic characteristics, their potential legal knowledge, and also their preferences in terms of communication. An empathetic approach to your users will enable you to draft privacy policies that are adapted to their expectations and written in clear language, which will make it easier for them to understand.
For example, if you have an e-commerce site and sell baby products, your customers will mainly be young parents, with varying levels of familiarity with the legal aspects.
Don’t hesitate to test the document with representatives of your target audience (or with people who share the same characteristics as this audience).
If the same document is aimed at several audiences, remember to align yourself with the one who has the least knowledge of data protection.
Simplifying technical and legal language
One of the tools of Legal Design is the use of clear, simple, accessible and understandable language. Imagine you are explaining how you process personal data to a friend: avoid all unnecessary technical and legal terms and provide concrete examples to illustrate the key elements of your point. This will make your GDPR legal documents more pleasant to read and less open to interpretation.
For example, state “We collect and use your personal data to register and process your order” instead of “The processing of your personal data is necessary for the performance of the contract to which you are a party”. To sort out the information to be included in the document, ask yourself some questions: what does your audience need to know in order to do what you want them to do?
In the case of your privacy policy, the content that must be included in the document is listed by the GDPR.
Structuring your legal documents with Legal Design
The organisation of your legal documents is crucial. Use Legal Design to clearly structure your different sections by adding headings and sub-headings.
For example, you can divide your privacy policy by theme:
– Who are we and how can you contact us?
– What data do we collect and why?
– Why do we need your data?
– What do we do with your data?
– What are your rights?
Also, opt for lists with bullet points rather than long sentences or paragraphs.
Finally, choose a font size that is easy to read and avoid footnotes, which make legal documents harder to understand.
Make your legal documents more attractive with Legal Design
Opt for a tiered presentation to facilitate access to information.
Layering your online legal documents is a good practice because it makes it much easier to read the mandatory privacy and cookie policies of your websites.
It is very important that readers can easily find the information they are looking for in 1 or 2 clicks maximum, without having to scroll through a long document on their screen.
Presentation by level with Admeet
Legal Design also encourages the use of relevant illustrations to make your legal documents more visual and attractive. Illustrations and diagrams make complex legal information easier to understand. Icons or emojis are also very effective for quickly identifying important points.
For example, use an icon like the “Scales of Justice” to symbolise the section on people’s rights:
“⚖️ What are your rights? “.
At Admeet, we apply these Legal Design principles to the privacy and cookie policies generated by our application.
Feel free to consult the Admeet privacy policy and the Admeet cookie policy for an example of a layered presentation and icon illustration based on the Legal Design principle.
Admeet Privacy Policy
Legal Design for your GDPR documents with Admeet
As you will have realised, Legal Design today offers an innovative and essential approach. This approach allows you to make your GDPR legal documents attractive and understandable for your users, but also to set yourself apart from the competition.
At Admeet, we believe that transparency and simplicity are the keys to building a lasting relationship of trust with your users.
You don’t need Legal Design training to simplify your GDPR compliance and show your users that protecting their data and privacy is a priority for you. By applying the principles of Legal Design, the Admeet tool enables you to generate customised privacy and cookie policies that are intelligible, accessible and compliant with GDPR requirements.