I provvedimenti spiegati alle aziende
con guide, checklist, modelli; AI assisted
Osservatorio a cura del dott. V. Spataro 

   dizionario 2023-04-20 ·  NEW:   Appunta · Stampa · Cita: 'Doc 96698' · pdf

Best Patterns


Opposti ai dark patterns, sono tecniche per migliorare la comunicazione.

Sono proposte nella: Guidelines 03/2022 on Deceptive design patterns in social media platform interfaces: how to recognise and avoid them Version 2.0 Adopted on 14 February 2023

Prende spunto dalla attività di catalogazione dei dark patterns proposta su cookiekit.it

Fonte: EDPB
Link: https://www.cookiekit.it/dark-patterns


L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni

L'analisi è riservata agli iscritti. Segui la .......... ....'............ ...... .. ....... .......... ........ .. ......




  • Shortcuts:
  • Bulk options:
  • Contact information:
  • Reaching the supervisory authority:
  • Privacy Policy Overview:
  • Change spotting and comparison
  • Coherent wordings:
  • Providing definitions:
  • Contrasting Data protection elements:
  • Data Protection Onboarding:
  • Use of examples:
  • Sticky navigation
  • Back to top:
  • Notifications
  • Explaining consequences:
  • Cross-device consistency
  • Data protection directory:
  • Contextual information:
  • Self-explanatory URL



Opposti ai dark patterns, prendono origine da un desiderio di semplificazione


The following list provides an overview of best practices described in the Guidelines at the end of each  use case. These can be used to design user interfaces which facilitate the effective implementation of  the GDPR. Such best practices can offer a first step toward a standardised way for users to effectively  control their data and exercise their rights.

Shortcuts: Links to information, actions or settings that can be of practical help to users to manage  their data and their data protection settings should be available wherever they are confronted to  related information or experience (e.g. links redirecting to the relevant parts of the privacy policy; e.g.  in the privacy policy, provide for each data protection information links that directly redirects to the  related data protection pages on the social media platform; provide users with a link to reset their  password; when users are informed about an aspect of the processing, they are invited to set their  related data preferences on the corresponding setting/dashboard page; provide a link to account  deletion in the user account).

Bulk options: Putting options that have the same processing purpose together, so that users can
change them more easily, while still leaving users the possibility to make more granular changes. If
social media platforms present bulk options, these should not contain unexpected or unrelated
elements (for example elements with different purposes). If the processing require consent, the bulk
options must be in line with the EDPB Guidelines on consent, especially para. 42-44.

Contact information: The company contact address for addressing data protection requests should be
clearly stated in the privacy policy. It should be present in a section where users can expect to find it,
such as a section on the identity of the data controller, a rights related section or a contact section.

Reaching the supervisory authority: Stating the specific identity of the supervisory authority and
including a link to its website or the specific website page related to lodging a complaint. This
information should be present in a section where users can expect to find it, such as a rights related

Privacy Policy Overview: At the start / top of the privacy policy, include a (collapsible) table of contents
with headings and sub-headings that shows the different passages the privacy notice contains. The
names of the single passages clearly lead users regarding the exact content and allow them to quickly
identify and jump to the section they are looking for.

Change spotting and comparison: When changes are made to the privacy notice, make previous
versions accessible with date of release and highlight changes.

Coherent wordings: Across the website, the same wording and definition is used for the same data
protection. The wording used in the privacy policy should match the one used on the rest of the

Providing definitions: When using unfamiliar or technical words or jargon, providing a definition in
plain language will help users understand the information provided to them. The definition can be
given directly into the text, when users hover over the word, as well as be made available in a glossary.

Contrasting Data protection elements: Making data protection related elements or actions visually
striking in an interface that is not directly dedicated to the matter. For example, when posting a public
message on the platform, controls over association of the geolocation should be directly available and
clearly visible.

Data Protection Onboarding: Just after the creation of an account, include data protection points
within the onboarding experience of the social media provider for users to smoothly discover and set
their preferences. For example, this can be done by inviting them to set their data protection
preferences after adding their first friend or sharing their first post.

Use of examples: In addition to mandatory information clearly and precisely stating the purpose of
processing, examples can be used to illustrate a specific data processing to make it more tangible for

Sticky navigation: While consulting a page related to data protection, the table of contents can be
constantly displayed on the screen allowing users to always situate themselves on the page and to
quickly navigate in the content thanks to anchor links.

Back to top: Include a return to top button at the bottom of the page or as a sticky element at the
bottom of the window to facilitate users’ navigation on a page.

Notifications: Notifications can be used to raise awareness of users on aspects, change or risks related
to personal data processing (e.g. when a data breach occurred). These notifications can be
implemented in several ways, such as through inbox messages, pop-in windows, fixed banners at the
top of the webpage, etc.

Explaining consequences: When users want to activate or deactivate a data protection control, or give
or withdraw their consent, inform them in a neutral way on the consequences of such action.

Cross-device consistency: When the social media platform is available through different devices (e.g.
computer, smartphones, etc.), settings and information related to data protection should be located
in the same spaces across the different versions and should be accessible through the same journey
and interface elements (menu, icons, etc.).

Data protection directory: For easy orientation through the different section of the menu, provide
users with an easily accessible page from where all data protection related actions and information
are accessible. This page could be found in the social media provider main navigation menu, the user
account, through the privacy policy, etc.

Contextual information: in addition to an exhaustive privacy policy, bring short bits of information at
the most appropriate time for the user to have a specific and continuous information on how their
data are processed.

Self-explanatory URL: pages related to data protection settings or information should use a web
address that clearly reflects their content. For example, a page centralising data protection control
could have a URL such as [social-network.com]/data-settings.  

Exercise of the rights form: to facilitate users in exercising their GDPR rights, provide a dedicated form
that helps users understand their rights and that guides them carry out these kind of requests.


Download Pdf

Link: https://www.cookiekit.it/dark-patterns

Testo del 2023-04-20 Fonte: EDPB


i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.

Ricevi gli aggiornamenti su Best Patterns e gli altri post del sito:

Email: (gratis Info privacy)

Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza