WtD Prague: The language of data privacy

This week I’m attending Write the Docs Prague. It’s super exciting to attend a European Write the Docs conference, and to be visiting the lovely city of Prague. This post contains my notes from a talk at the conference. All credit goes to the presenter, any mistakes are my own.

Karen Sawrey presented a session titled, ‘Disagree with “I Agree”. Enforcing better data privacy through the language of documentation’.

Karen started with an overview of GDPR  (General Data Protection Regulation) and its intention to protect the privacy of all people in the European Union. She talked enthusiastically about how GDPR helps ensure better security.

GDPR targets obscurity in language. GDPR defines two types of data: Personal data, and personal sensitive data. Lack of security in personal sensitive data can lead to severe consequences for the person involved. Karen talked about insecure password policies, and how you can find out if your credit card has been hacked.

Tailoring documentation and playgrounds to better GDPR compliance

Karen divided docs into two types: docs that tell the user something, and docs that interact with the user, often asking them for information.

For the first type, informational docs, you need at least a privacy policy and a cookie policy. When you add interactivity, you include registration forms and agreements. You need to make sure the language is clear and simple, so that people understand what they’re agreeing to.

GDPR says that documentation must be concise and informative. Keep the language simple.

Users must give explicit consent for the specific usage of each piece of information that they supply. As a result, you end up with a series of check boxes asking for the user’s agreement on specific items. At the same time, you must take care not to overdo it with too many checkboxes, says Karen.

If you offer sandboxes (sites offering the ability to experiment with your software), keep the user data in the sandboxes clean. All user data must be encrypted, according to GDPR. Keep the sandboxes isolated, so that it’s harder for hackers to steal data.

Make sure your documentation clearly shows the location of your privacy policy and other privacy resources.

Collect only the information that you need.

Thank you Karen for a lively glimpse into privacy regulations and their impact on the docs.

About Sarah Maddox

Technical writer, author and blogger in Sydney

Posted on 17 September 2019, in technical writing, Write the Docs and tagged . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: