UX and legal considerations
When letting users create WebIDs from within your app, there are two factors to take into account:
- WebIDs are new and revolutionary. This also means they can be a bit confusing at first.
- The law has several requirements regarding data processing. These requirements should be taken into account in order to be compliant.
Avoiding confusion and ensuring compliance at My Move
In what follows, we discuss how My Move ensured that users wouldn't be confused and ensured that the app was compliant with European data protection regulations (i.e. the GDPR) using the register screen. In this case, My Move also decided to store data about users. This means that here, from the perspective of European data protection law, both My Move and use.id are data controllers (you can read more about use.id and the GDPR on the legal part of this docs).
Terminology: WebIDs, data vaults and data ownership
Preliminary research results show that it is advised to use the term "WebID". This term can be accompagnied with the term "data vault" (or not). In addition, we have preliminary evidence that the term "pod" can lead to confusion.
Often, one asks how WebIDs relate to data vaults (or pods). In our experience, it is easiest to first explain a WebID and next explain that a WebID provides a combined overview of the data vaults or pods that are connected to your WebID.
Regarding data ownership, we have noticed this term could lead to confusion: a WebID is not only able to be used with data you own (e.g. data in your Dropbox or on your Facebook account), but also to compile data about you (e.g. data about your bank account). It is key to take this into account when designing the copy of your app.
Link to FAQ and/or explanation
My Move decided to include a link to the FAQ of use.id.
The use.id logo
It is important that the use.id logo is shown close to the input field in which the desired use.id username is. This is because, from a legal point of view, it should be clear that use.id is a data controller.
Privacy and terms
Because, both My Move and use.id are data controllers, My Move needed to include checkboxes to make sure the user agrees with the terms of both use.id and My Move.
Because My Move bypasses the authorisation agent to reduce user friction, it needs to include a checkbox to make sure the user allows this app to read and write to a section of his or her storage.
Updated 9 months ago