top of page

Legal Design: How thinking like a designer can enhance privacy online

By Alexandra Varla.

In the digital era of AI, ChatGPT, the Metaverse and countless online platforms, would it be an exaggeration to consider that privacy is ‘under attack’?

In the online environment, the entry points where users are required to provide personal information are numerous and the speed of navigation is blistering, leading users to - slowly but steadily - losing control over their own data. This is not just the result of the data-driven economy we live in and the (often aggressive) marketing techniques deployed by digital businesses, but it is largely due to the lack of transparency and clarity in the information provided to users, combined with the disproportionate effort required to understand such information. On the occasion of a privacy project assigned by a client, we interviewed a number of senior-level executives (covering a wide range of industry sectors from media & communications to the automotive sector and food & beverages), to define their level of understanding of privacy notices. The majority of the participants responded that they almost never read a privacy policy because it is lengthy and full of ‘legalese’ and that although they don’t feel comfortable giving away too much data, they don’t think it is worth the effort reading an entire privacy policy to discover their privacy rights.

We attribute such lack of transparency and understanding to two (2) main factors (although not exclusively): i. the complexity of legal information & the limited capacity of the human memory and ii. the dark patterns and obscure design used by online platforms.

i. Complexity of legal information & cognitive loads

What is (or should be) the primary objective of a legal document? To convey information in a clear and comprehensible way that enables the readers to understand their rights, obligations and the actions expected of them.

Would that be the case with privacy notices online? Apparently, the answer is ‘no’.

Traditionally, legal information - including privacy notices - is conveyed in a manner that, instead of considering the characteristics of the people to whom such information is addressed (the ‘users’), it rather focuses on the exact wording of the law and the use of technical terminology, very often ‘sacrificing’ the document’s structure, logical flow and conciseness. The length and complexity of the legal documents has further increased over the years, impairing their readability, comprehension and usability. Interestingly, such complexity creates barriers in the understanding not just for users outside the legal profession, but also lawyers themselves.

The uncontrollable flow of data and information in the digital environment intensifies such lack of understanding, particularly in relation to privacy policies and terms of use that consumers accept when purchasing a product or service. Research has indicated that due to information overload, the length, technical terminology and complicated language of the legal documents, the average online user does not read and/or does not understand privacy policies. This is also associated with the fact that online users appear to have very low expectations when it comes to transparency and free choice. According to a survey conducted by Deloitte back in 2017, “the language of the vast majority of terms and conditions is understandably too complex for many. Given the absence of a choice, consumers don’t consider these as a barrier to purchasing and accepting many forms of new technology”. [1]

The above complexity and lack of understandability is enhanced by the fact that, as presented by John Sweller in his Cognitive Load Theory [2], the capacity of the human working memory is limited and highly dependent on the manner in which the information is provided.

In simpler words, presenting information in a lengthy, complex manner would require additional, unnecessary effort on behalf of the user when reading a document, at the cost of understandability.

Developmental molecular biologist John Medina further explains that the human brain can only hold about seven pieces of information for less than 30 seconds. In a practical interpretation, Medina suggests that the brain can only handle a 7-digit phone number [3]. Similarly, psychologist George A. Miller reports [4] that we can store between 5 and 9 similar items in short-term memory at the most [5].

ii. Dark patterns & manipulative design

A screening conducted by the European Commission earlier this year indicated a staggering number of 148 (out of 399) retail websites making use of at least one ‘dark pattern’ - i.e., manipulative practices that are often known to push consumers into making choices that may not be in their best interest [6].

According to Amurabi, the legal innovation by design agency [7], ‘dark patterns are manipulative design: misleading interfaces that manipulate users into choices they do not intend to make or materially impair their ability to make free and informed decisions’. In the context of privacy, Amurabi’s extensive research [8] has indicated that dark patterns may include (indicatively) overloading users with a large amount of information and options, blocking users from obtaining the information or managing their data, inconsistent or unclear design, making it hard for the user to navigate and hiding information.

As the exact opposite of transparency, dark patterns undermine the protection of privacy and free choice.

Transparency: the foundation of privacy

The data protection legal framework sets forth the requirements for the fair and lawful processing of personal data, introducing specific obligations for controllers (the person which determines the purposes and means of the processing of personal data) and processors (the person which processes personal data on behalf of the controller), ranging from the lawful grounds of processing and compliance with data subjects’ rights, to technical and organizational security measures and processes for the handling of data breaches.

One of the core obligations for controllers – and the foundation of the data protection framework – is transparency.

The transparency principle requires that any communication addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and - where appropriate - visualisation be used [9], to enable users to clearly understand the full spectrum of the processing operations, as well as their rights as data subjects. The concept of transparency is, therefore, user-centric rather than legalistic.

And this is where legal design comes into play.

Legal design: an indispensable ally to transparency

Legal design is defined by Margaret Hagan as ‘the application of human-centered design to the world of law, to make legal systems and services more human-centered, usable, and satisfying [10]’.

The legal design methodology is based on design thinking, ‘a human-centered approach to innovation that draws from the designer’s toolkit to integrate the needs of people, the possibilities of technology, and the requirements for business success [11]’.

As proposed by the Hasso Plattner Institute of Design at Stanford (Stanford d. school) [12], design thinking is a process based on the following five stages [13]:

1. Empathize: Understand the users to whom the product or service is addressed, their characteristics, their needs and pain points.

2. Define: Define the problem that needs to be solved.

3. Ideate: Focus on the defined problem and ideate innovative solutions to address that problem.

4. Prototype: Create a number of versions of the product or service, to identify the best possible solution for the problem.

5. Test: Test the solution and iterate to make the necessary changes and improvements to the product/service. This may also require going back to previous steps of the process, to re-assess the data, the problems and ideas generated.

As a human-centric methodology that focuses on the user, legal design is an essential tool to enhance transparency and clarity in the context of privacy online. The goal of legal design is to ensure that the user actually reads-understands-acts and the process will not stop, unless there is tangible proof (through user testing) that such objective is fulfilled.

To draft a privacy policy (and any type of communication addressed to data subjects) according to the principles of legal design, one would start by building a solid understanding of the target audience, the users who would be ‘tasked’ with reading the policy. The next step would be defining the problem, the reason(s) why users don’t read and/or don’t understand the privacy notice. Next, during the ideation and prototyping stages, the team would work on a prototype solution, a first draft of the privacy policy, following the principles of plain language, information architecture and visualization – considering the average user’s characteristics at all times (for example their level of education, average time spent online, professional background etc.). Finally, the prototype would be tested with actual users and improved to reach the necessary level of clarity and understandability.

Concluding remarks

Legal documents are rarely (if at all) attractive to readers outside the legal profession. The complicated language, unnecessary length of the document and the lack of visual stimulus, in combination with the working memory’s limited capacity and the emergence of dark patterns in the online environment, drive users away from important information that is necessary for them to maintain control of their privacy rights. Legal design is fundamental to overcome the challenges and create a human-centric privacy policy that gives the users a real choice in relation to their personal data and empowers them to exercise their rights.

Unusual as it may seem for a lawyer at a first glance, thinking like a designer could be the ‘secret weapon’ to defend privacy effectively in the ever-changing digital landscape.



[1] Deloitte Development LLC (n.d.). 2017 Global Mobile Consumer Survey: US edition | The dawn of the next era in mobile. Retrieved August 23, 2023, from

[2] Sweller, J. (1988), Cognitive Load During Problem Solving: Effects on Learning. Cognitive Science, 12: 257-285.

[3] Medina, J. (n.d.). Rule #5: Repeat to remember. Brain Rules. Retrieved August 23, 2023, from

[4] Miller, G. A. (1956). The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information. Psychological Review.

[5] See also (n.d.). The Properties of Human Memory and Their Importance for Information Visualization. Interaction Design Foundation. Retrieved August 23, 2023, from

[6] (n.d.). Consumer protection: Manipulative online practices found on 148 out of 399 online shops screened. European Commission. Retrieved August 23, 2023, from

[7] (n.d.). Amurabi Legal Innovation by Design. Retrieved August 23, 2023, from

[8] (n.d.). Fairpatterns by Amurabi. Retrieved August 23, 2023, from

[9] GDPR Recital (58)

[10] Hagan, M. (n.d.). Law By Design. Retrieved August 23, 2023, from

[11] Brown, T. (2019). Change by Design, Revised and Updated: How Design Thinking Transforms Organizations and Inspires Innovation. HarperCollins Publishers Inc.

[12] (n.d.). Stanford d.School. Retrieved August 23, 2023, from

[13] Friis Dam , R. (n.d.). The 5 Stages in the Design Thinking Process. Interaction Design Foundation. Retrieved March 8, 2023, from


About the Author

Alexandra Varla is a Business Lawyer and Legal Designer, holding an LL.M in International Business Law from Queen Mary University of London. She is the founder of Mindre, a Legal Design Consultancy based in Athens-Greece that empowers legal professionals to work more effectively, improve user experience & increase client engagement, through the legal design methodology. As Mindre’s head legal designer, Alexandra designs legal documents, services and processes that are functional, effective, and human-centric, with bottom-line impact for the businesses.

Alexandra also specializes in the fields of Legal Design, Legal Innovation, Digital Transformation, Data Protection, and Intellectual Property and works with clients in the creative industries (Fashion, Luxury, Wine etc.) as well as innovation and technology companies, providing them with custom-made solutions to protect their critical business interests. She is the founder of ‘Tailored: Law & Business in the Fashion & Luxury Industry’, a non-profit educational hub that promotes a productive dialogue between the creative industries and the legal world. #AlexandraVarla #legaldesign #privacy #digitaltransformation

6 comentarios

Pediatricians serve as educators, guiding parents and caregivers on proper nutrition, immunizations, and Paediatrician In New Gurugram essential parenting practices. They offer invaluable advice on managing childhood conditions, empowering families to make informed decisions for their children's health.

Me gusta

The region boasts state-of-the-art hospitals and specialized Orthopedic Surgeon In New Gurugram clinics that house experienced orthopedic surgeons. These medical professionals are proficient in various orthopedic subspecialties, including joint replacement, sports medicine, trauma surgery, spine surgery, and pediatric orthopedics.

Me gusta

Replay Value: With multiple characters, branching paths, and a range of difficulty levels, "Cadillacs and Dinosaurs" offers high replay value. Players can explore different character combinations and paths, cadillacs and dinosaurs game for pc ensuring a fresh experience with each playthrough.

Me gusta

Gynaecologists are pivotal in promoting preventive care for women. Regular check-ups, screenings for cervical cancer, breast health assessments, and Gynaecologist In New Gurugram guidance on contraception are fundamental services offered. Through these screenings, potential issues can be identified early, paving the way for timely intervention and improved outcomes.

Me gusta

hannah hannah
hannah hannah
15 dic 2023

Discover expert guidance and compassionate support with SRIS Lawyers, your trusted divorce attorneys in new jersey. Navigate complexities with confidence. Your future begins with us.

Me gusta
bottom of page