Richard Mabey

Legal Design Geek | Reimagining legal #1: privacy notices

Legal design
July 1, 2019

It would take 76 days to read the average Ts and Cs we accept online. This series explores how we could take a different approach and make legal documents readable again.

We’re sponsoring the Legal Design Geek conference in London this October. Legal design is all about putting users first: as Margaret Hagan says, “focusing on the humans within the legal system.” We asked design gurus to take a look at some user-unfriendly legal processes - and how a design approach might improve them. This is the first in a series - stay tuned for more.

Hi! Who are you?

Richard Mabey, founder and CEO of Juro. A genuine legal design geek.

What is an example of a legal document or process that isn’t user-friendly?

The privacy notice.

What’s wrong with it?

GDPR mandates that privacy notices must be clear, transparent, and written in plain-English: words which don't spring to mind when you think about the typical privacy policy. They’re often long, convoluted and stuffed with legal jargon that even those of us with legal training struggle to get through. They are generally designed by lawyers for lawyers and not with the end user in mind.

And what does that mean for the user?

They almost never read it. In fact, a study from Carnegie Mellon suggested that if a person was actually to read all of the privacy notices they have been shown in their life, it would take on average 76 days. Forget the jargon, forget the length - people just don't engage and they are forgiven for that.

That doesn’t sound good. How would we want them to feel?

People care more and more about privacy, in a world where serious data breaches are unfortunately common. When a person reads a privacy policy, they should quickly gain a good understanding of which of their data is being collected, what is being done with it, and what they can do about it. If they can’t learn this information quickly, there's little point in the exercise even taking place.

The privacy policy shouldn’t feel like it often comes across - a lawyerly exercise in ass-covering

More than this, privacy notices should be positive, engaging documents that make people feel comforted, and that their data is protected, and that the business in question is processing it in accordance with the law and with reassuring safeguards in place. It shouldn’t feel like it often comes across - a lawyerly exercise in ass-covering.

So in an ideal world, how would we start if we built it from scratch?

At Juro we ran a design sprint on our privacy policy ahead of the GDPR implementation day, with the simple aim of making this document something that people would actually want to read. We started by understanding who the privacy policy is aimed at, and what they want from it; we then put together a multidisciplinary team of designers, lawyers and developers to make it happen. Our marketing team were also closely involved as this is, first-and-foremost, a customer communication. We rapidly prototyped the document and then put together some user testing sessions with people from all kinds of background, and with various levels of legal ability. Then we iterated. And we continue to iterate on it today.

How might it look different?

Check out our viral privacy policy.

And how would the experience be different for the user?

We used a layered approach for our privacy policy, which involved a one-page summary and then a click-through to the wider policy. The full policy was itself layered, which allowed the user to get as little or as much information as they needed. This means that we can cater to all audiences. Everyone can get a high-level understanding by looking at the summary and those with a keen interest can have their questions answered. More than this, though, we have turned our privacy notice from a simple risk mitigation to an engaging and transparent way to build trust with our users. It has now been viewed over 9,000 times - not bad for a document no one ever reads.

What would we need to make it a reality?

You need some legal help for sure, but that's not all. You need to have an attitude to try things and iterate, to listen to the target audience of the document and to ensure that while it’s legally watertight, it’s also readable and engaging. This is a tall order and it takes hard work and dedication but the impact it can make on your customers, employees and suppliers (incidentally the most important people in your business) is significant.

Check out our free confidentiality and data processing agreement templates:

Richard Mabey is the CEO and co-founder of Juro

Instantly book a personalized demo

  • Schedule a live, interactive demo with a Juro specialist

  • See in-depth analysis of your contract process - and tailored solutions

  • Find out what all-in-one contract automation can do for your business


Schedule a demo

To learn more about the use of your personal data, please consult our readable Privacy Policy.

Your privacy at a glance

Hello. We are Juro Online Limited (known by humans as Juro). Here's a summary of how we protect your data and respect your privacy.

Read the full policy
(no legalese, we promise)