Both the products of interaction design and elements of its practice are affected by legislation. The professional practitioner must be aware of the details of relevant laws and act in compliance with them. The main legal issues are addressed below under the headings of:
- Data Protection
- Health and Safety
Other legislation that may be relevant to particular task domains are mentioned in the final section. This is not an exhaustive listing of the relevant legislation and it may go out of date as new laws and regulation are introduced. It is the professional practitioners responsibility to keep current on legislation regulating their work.
In the following discussion the legalese in the text of the acts has been summarised and paraphrased for comprehension by me and is not directly quoted. Only elements of the acts most relevant to interaction design are covered.
The information here relates specifically to the United Kingdom. Other jurisdictions have similar legislation that it is important to acquaint yourself with if designing products or websites that are used internationally.
N.B. I am not legally qualified and any information or opinion presented here should not be relied on. It is only intended to draw attention to the significance of the legislation discussed.
N.B. In the EU (and currently UK) the introduction of the General Data Protection Regulation in May 2018 will affect the information in this section. [Note added 2nd June 2018]
The Data Protection Act
Data containing information on individual living people is given special status by virtue of the Data Protection Act 1998. It regulates how personal information can be obtained, held, used and disclosed. It also mandates the office of the Information Commissioner to oversee operation of the Act.
The Act sets out eight “data protection principles” for personal data that must be adhered to. These are succinctly summarised below. (Hyperlinks are to relevant explanatory pages on the Information Commissioner’s Office website.)
- Processing fair and lawful
- Purpose declared
- Quantity not excessive
- Accuracy maintained
- Retention no longer than necessary
- Rights of subjects respected
- Security maintained
- International export with same protections
Whilst software professionals operating in whatever capacity must be aware of the Data Protection Act and ensure that systems they are working on comply with its requirements, there are specific issues that affect interaction design and evaluation; in particular during analysis and evaluation activities.
Data Protection Act: Analysis
When working on a pre-existing system that handles personal data, the collection of examples of input and output data (e.g. forms and printouts) may breach principles 2, 5 and 7. Whilst real examples of data artefacts in use are important sources of information and should be used, any personal identifying information must first be removed or concealed (e.g. names, dates of birth, address, phone number, etc.).
Observation of users doing the task to be worked on should also be carried out where possible. However, where personal information is being processed, and particularly where the task is recorded in fine detail (e.g. video or screen capture) there is danger of breaching principles 2, 5 and 7. Protocols for avoiding this should be negotiated. Also the video and accompanying notes may contain identifying information about the individuals who appear in it, so this material must be handled in compliance with the Act.
Interviews and surveys of existing or potential users may also generate personal data. It may be appropriate that identifying information is not recorded. Even then where the respondents are drawn from a small population, if it is still possible to identify an individual from the answers given (e.g. details of their particular job role) then the requirements of the Act apply. Detailed discussion of these issues is available on the website of the UK Data Archive at the University of Essex.
Data Protection Act: Evaluation
Issues around personal data in interviews and surveys are as discussed in the section on analysis above.
Observational evaluation of surrogate or eventual users of the system being designed, either in prototype or working form when recorded electronically and containing an identifiable video of the user is personal data under the Act. The user must be informed of the purpose of the recording and what subsequent use will be made of it. Explicit consent to the recording should be obtained.
Where cameras are installed in a usability laboratory, cameras should only be operational and recording should only be made when testing sessions are under-way and all participants are aware of and have consented to being recorded. Otherwise, it becomes a ‘surveillance system’ as regulated by the Surveillance Camera Commissioner and is likely to be considered illegal.
Privacy and Electronic Communications Regulations (The EU cookie law)
The Privacy and Electronic Communications (EC Directive) Regulations 2003 http://www.legislation.gov.uk/uksi/2003/2426/regulation/22/made
[To be written.]
Health and Safety
Make a Risk Assessment
Common sense and health and safety legislation require that before an activity is undertaken an assessment of risks involved is made and actions are taken to mitigate any identified. Carrying out usability testing of software intended for office or domestic environments is not an inherently risky activity, however for different contexts or when novel or prototype equipment is involved safety issues may arise.
The Health and Safety Executive (HSE) recommend a five-step process for routine risk assessment.
Step 1: Identify the hazards
Step 2: Decide who might be harmed and how
Step 3: Evaluate the risks and decide on precautions
Step 4: Record your findings and implement them
Step 5: Review your assessment and update if necessary
A template entry refers to the University’s Display Screen Equipment Assessment Form presented in appendix D. This is a very comprehensive document used to assess the computer working environment of permanent staff. It is not expected that it will be completed for each test user, but its contents should be reviewed for relevance to the test set-up during the planning phase.
The Equality Act 2010 combined pre-existing legislation to unify how unfair discrimination against a list of protected characteristics is regulated. The characteristics are:
- gender reassignment;
- marriage and civil partnership;
- pregnancy and maternity;
- religion or belief;
- sexual orientation.
Of particular concern for interaction design is the characteristic of disability. Under the act a person is regarded as having a disability if:
- they have a physical or mental impairment, and
- the impairment has a substantial and long-term adverse effect on their ability to carry out normal day-to-day activities.
Unlawful discrimination against a disabled person is committed if:
- they are treated unfavourably because of something arising in consequence of their disability, and
- the treatment is not a proportionate means of achieving a legitimate aim.
Areas where particular concern is focused are predominantly to do with employment, education and the provision of goods and services.
There is useful information on the implications of the Act for web design at: http://www.seqlegal.com/blog/website-accessibility-and-equality-act-2010
[To be written.]
[To be written.]
Provision of Services
With regard to the provision of services to the public (which may be via a website or other digital means):
A service-provider must not discriminate against a disabled person (or with another protected characteristic) by not providing the service.
- This applies whether for payment or not
- The terms on which the service are supplied must not discriminate
- The service provider has a duty to make reasonable adjustments
- Where the practice of the service provider, a physical feature or lack of an axillary aid puts the disable person at a substantial disadvantage, take reasonable steps to avoid the disadvantage (or provide the aid).
- Where the service involves the provision of information, it should be provided in an accessible format.
Clearly the demand for information to be provided in an accessible format is a significant requirement in the design of websites (and information kiosks, mobile museum guides, apps etc.). With regard to the web, ensuring that a website conforms with the current Web Content Accessibility Guidelines (WCAG) produced by the World Wide Web Consortium (W3C), will support compliance with the law. Additionally there is a British Standard, BS 8878:2010: Web accessibility. Code of practice that outlines a framework for web accessibility when designing or commissioning web products, including process, that can be adopted.
Other Relevant Legislation
Safeguarding Vulnerable Groups Act 2006, amended by Protection of Freedoms Act 2012
If working on products that are to be used by children and young persons (under 18 years of age) or other vulnerable groups, and especially if they are to be involved in evaluation sessions, the provisions of the Safeguarding Vulnerable Groups Act 2006 and the amending Protection of Freedoms Act 2012 must be respected. The legislation is complex and authoritative advice should be sought before undertaking this work. More information is available from The National Society for the Prevention of Cruelty to Children (NSPCC).