WtD Prague: The language of data privacy
This week I’m attending Write the Docs Prague. It’s super exciting to attend a European Write the Docs conference, and to be visiting the lovely city of Prague. This post contains my notes from a talk at the conference. All credit goes to the presenter, any mistakes are my own.
Karen Sawrey presented a session titled, ‘Disagree with “I Agree”. Enforcing better data privacy through the language of documentation’.
Karen started with an overview of GDPR (General Data Protection Regulation) and its intention to protect the privacy of all people in the European Union. She talked enthusiastically about how GDPR helps ensure better security.
GDPR targets obscurity in language. GDPR defines two types of data: Personal data, and personal sensitive data. Lack of security in personal sensitive data can lead to severe consequences for the person involved. Karen talked about insecure password policies, and how you can find out if your credit card has been hacked.
Tailoring documentation and playgrounds to better GDPR compliance
Karen divided docs into two types: docs that tell the user something, and docs that interact with the user, often asking them for information.
GDPR says that documentation must be concise and informative. Keep the language simple.
Users must give explicit consent for the specific usage of each piece of information that they supply. As a result, you end up with a series of check boxes asking for the user’s agreement on specific items. At the same time, you must take care not to overdo it with too many checkboxes, says Karen.
If you offer sandboxes (sites offering the ability to experiment with your software), keep the user data in the sandboxes clean. All user data must be encrypted, according to GDPR. Keep the sandboxes isolated, so that it’s harder for hackers to steal data.
Collect only the information that you need.
Thank you Karen for a lively glimpse into privacy regulations and their impact on the docs.