This pattern can be applied to any system which collects end user data. It can be presented in an interactive web page but also as part of a physical product which can collect data (e.g. fitness tracker)
Many organizations provide privacy policies which are too lengthy and hard to understand by the general audience. These policies are oriented as legal disclaimers for legal issues, rather than to inform end users so they can consent to the organization practices after being clearly informed of the collected data, its purpose, and the processing and potential sharing with third parties.
Alice buys a fitness tracker and she is aware that the device collects her location, and sends it to a central web service in order to provide her with her fitness statistics (her fitness routes, the time spent...). The device provider aggregates this data and provides a business analytics service to third parties.
Alice is totally unaware of this secondary use of her data and may not agree to it. But accessing this policy involves accessing a website and going through a lengthy and legally oriented document.
- The current version of the forthcoming EU Data Protection Regulation includes a set of privacy icons that should be used within European services and organizations
- The Use of Privacy Icons and Standard Contract Terms for Generating Consumer Trust and Confidence in Digital Services CREATe Working Paper 2014/15 (October 2014)
Currently, most of these are only applied by client-side solutions.
See also the Privacy Icons entry at Ideas for a Better Internet (kind of a pattern repository by the Berkman Center for Internet and Society in Harvard).