Privacy

"A Privacy Policy putting consumers in control”

The Brief

Our client, a renowned player in smart homes, reached out to Amurabi to entirely redesign their group Privacy Policy, for a dozen of brands. Their goal ?  Reflect the Group’s commitment to fully safeguard consumers personal data, as a key competitive advantage. Because connected homes collect a large amount of information, it was key for our client that this commitment would be embodied in its privacy policy to generate consumers’ trust.

The Process

First, we ran an initial workshop with consumers to define their user journeys and analyze their level of understanding of the data collection process. The biggest pain point that came out was the lack of choice (consent or leave the site) and control over the data collected online and how they are used. Overall, consumers agree to give out some data if they are really necessary to perform the related services – but they want transparency. For example, they might agree to their email being used to be informed of their delivery, but not to receive newsletter.

Thus, we developed an ambitious and pioneering concept: put the users in control of their own data! Empowering consumers to make choices (real, specific consent), in an informed manner (How do I decide? What is the consequence of my choice?) and giving them the tools to easily exercise their rights.

Then, we tested this new version with consumers, to measure accessibility, engagement, understanding, graphic design…

And we iterated. We also worked closely with the marketing and digital production team to ensure technical feasibility of the new version, in particular as regards CRM management

The Results

A redesigned Privacy Policy for the entire Group, to be rolled out for all the brands.

Our biggest takeaway ? Give consumers control.

The new version is not only impactful and engaging, it contains action buttons directly in the Privacy Policy, to empower users to make effective choices as to which personal data they agree to share for which service. We also created dedicated action tools to ensure consumers easily exercise their rights… and do not reach out to the DPO for after sales issues!

The KPIs

11 action buttons for consumers to get control

Reading time divided by two, from 10 min to 5 min

1 project delivery during confinement

"Privacy Design Sprint for Ubisoft- 2 days to learn, practice and redesign a Privacy Policy"

The Brief

At the forefront of an innovative industry, the Ubisoft Legal Division aims to only create legally designed documents in the near-future. To help them reach this goal, and at the initiative of their legal innovation manager, Amurabi crafted a tailor-made training program : further to an initial training, experience the methodology of legal design over a two-day immersive workshop while creating a first prototype of their new privacy policy.

The Process

With data privacy lawyers, designers, and a representative group of privacy stakeholders at Ubisoft, we cocreated the new privacy policy tailored for gamers. The first day was dedicated to defining 4 personae and their user journeys, with a specific focus on personae’s pain points. We also jointly defined Ubisoft’s core values and the key (non-legal) messages that should be conveyed by the privacy policy to reflect Ubisoft’s identity.

During the week between Day 1 and Day 2, we analyzed all the insights and created a first concept of the new privacy policy, leveraging Ubisoft’s (awesome!) internal assets.

On Day 2, we restructured the policy to solve a maximum of pain points for a maximum of personae, in one single version. We first worked in small groups, then put the results in common. The afternoon was dedicated to redrafting the policy in plain language, keeping exactly the same legal scope. We ended the day with a wrap-up of all the learnings, and a project plan to make the new version a reality. Intense!

The Results

After only 2 days with 15 participants (and a “bit” of work from us in between):

  • an impactful concept to resonate with gamers, trigger reading and improving understanding
  • an entirely new structure of the privacy policy to ease access and action
  • about half of the policy redrafted in plain language
  • a project plan to finalise within… 3 weeks!! (so we learnt at the end of Day 2)
  • an energized legal team ready to follow up with plain language drafting swiftly (with a tiny bit of help from us)
  • awesome collaboration between the various stakeholders

What then? Their internal legal designer tested the new version and is working on the new graphic design.

The KPIs

Reading time divided by two ! From 20 min to under 10 min.

Seamless collaboration between legal and digital production teams

Inside joke “Lawyers were not so scary after all !

"Designing privacy on a global scale"

The Brief

Moët Hennessy had carefully developed its internal global data privacy policy based on GDPR, to ensure high data privacy standards in each of its “maisons” around the world. But how to ensure ownership by all the stakeholders, tackle information overload and handle the attention challenge? 

The Process

We entirely restructured the policy, by users instead of legal issues. We leveraged design techniques based on neuro-sciences to trigger awareness and engagement, by putting reading time tags on top of each section for example.

The Results

A group policy dealing with complex and wide ranging privacy issues, to be rolled out throughout 30 subsidiaries. Based on the insights Amurabi’s team collected from users, we determined each role and designed the entire policy based on their respective journey. Delivering the right information, at the right time.

Design is now a key factor in data privacy compliance.

"How to convey key messages on a GDPR survey to have an impact?"

The Brief

Dalloz, Editions Legislatives and AFJE, in partnership with Data Legal Drive trusted Amurabi to create an impactful content to convey the results of a study on the implementation of the GDPR, one year after its entry into force.

The Process

Data visualisation always starts with deeply analyzing the data: what is the most striking, strategic, unusual… Then, visually brainstorming the form it could take to best reflect the meaning. Here, GDPR seemed like a series of mountains to climb, which gave us our starting point for the visualization.

The Results

An eye-catching one-pager, which immediately conveys the key message: companies are working hard to comply, but are hardly half-way through. We also created a dynamic online version, on which you can select the information that is most relevant for you, and which is constantly being updated. Check it out here: http://webcam-rgpd.datalegaldrive.com

"From Privacy-by-design to designing Privacy"

The Brief

« I agree ». We’ve all ticked the box without even reading.

The problem is that GDPR (General Data Protection Regulation) clearly states that all information relating to personal data now needs to be communicated to consumers in a “concise, transparent, intelligible and easily accessible form, using clear and plain language” (Art. 12).

The Estée Lauder Companies Europe trusted Amurabi to empower the user by providing such clear and accessible information, creating a fully GDPR-compliant privacy policy.

The Results

A user-friendly, transparent privacy policy that people want to read and can actually understand. The client decided that this EU-compliant version would become the new global standard for the group.

The Insight

Privacy policies are about the users and their life. Transparency is key both to comply with GDPR and to build customer engagement.” – Jonathan Perez EMEA Data Privacy Director, Estée Lauder Companies Europe

"How to ensure informed consent to the processing of sensitive data?"

The Brief

Servier came to us as part of a strategic initiative: patient centricity.
How might we design partnership agreements with patient associations, and individual patients, to ensure empathy without condescendence, full clarity and accessibility while acknowledging patients’ expertise? Incidentally, designing fully informed consent to the processing of sensitive personal data

The Process

We relied on co-creation with several users and experts within Servier. We produced a first prototype which…was simply rejected!
Fail fast, then get it right. We entirely redesigned our first prototype to better reflect the « seriousness » and professional look & feel expected from contracts. We produced 3 different new options in terms of design, structuring, pictures and icons. Much better. We then iterated again to further simplify the language and ease the reading. There it was.

The Results

A human-centric, yet professional document, easy to understand and engaging.
This project is still ongoing and the agreement is currently being tested.

"Ensuring accessibility of data privacy issues on the French StopCovid App"

The Brief

The French Government trusted Amurabi to work on plain language in the StopCovid app, implementing the CNIL’s recommendations, to ensure  “information that is understable by the public at large, in clear and simple terms”, and the CNnum’s recommendation to guarantee “inclusion, accessibility and loyalty of the information”.

The Process

We were asked to review existing mockups of the app and review the language, under very tight deadlines! No time for workshops, user profiles or journeys, but we leveraged our expertise in previous personal data projects to identify users’ pain points, as well as extensive research we had performed on StopCovid over the previous weeks 

The Results

A major recognition by the French Government of the importance & value of plain language, which we hope to see more even on the more legal complexes issues such as this one.

At a time where we hear a lot about « the post-Covid world », we wonder …what if Plain Legal Language became the new normal?

Key Facts

  • A great partnership with government entities to ensure the accessibility of the law on a highly sensitive topic
  • Several fields of intervention in the app based on our Plain Language expertise.