Transparency by design in data-informed research: A collection of information design patterns

Oftentimes information disclosures describing personal data-gathering research activities are so poorly designed that participants fail to be informed and blindly agree to the terms, without grasping the rights they can exercise and the risks derived from their cooperation. To respond to the challenge, this article presents a series of operational strategies for transparent communication in line with legal-ethical requirements. These “transparency-enhancing design patterns” can be implemented by data controllers/researchers to maximize the clarity, navigability, and noticeability of the information provided and ultimately empower data subjects/research subjects to appreciate and determine the permissible use of their data.


Introduction
Since the advent of the General Data Protection Regulation, 1 in the scientific community there has been an appreciable rise of ambivalent perceptions, and even actual misconceptions, concerning the constraints and burdens that the Regulation imposes on scientific researchers and their activities ( Vayena et al., 2019 ). The GDPR is often considered for its stifling effects on innovation and development: some novel legal requirements impact how scientific research shall be carried out. Moreover, there are some gray areas where legal clarification would be needed. However, many of the widespread beliefs about the GDPR as a research-inhibiter legislation are misplaced: on the we explore the legal obligations that impose to concretely embed transparency measures into the researchers' processing practices. Under the GDPR transparency becomes a by-design requirement that must be devised and built into the conception and development of the data-gathering process.
We focus on information disclosures, which entail information of dual nature, namely legal notions of data privacy and data protection, and scientific notions of the research process. Therefore, disclosures consist in complex legal-technical documents that are, however, critical for reasons of compliance and fairness towards research participants. Instead of adopting a pessimistic view, we emphasize how the new rules on transparency can support the proper design of information disclosures and thereby rebalance information asymmetries between data controllers / researchers and data subjects / research subjects, by empowering the latter to appreciate, and ultimately determine, the permissible use of their data.
In Section 3 , we illustrate the well-known obstacles to effective disclosures both in the domains of data privacy and research, and we motivate why individuals are rarely informed about the fate of their information and about their rights. In Section 4 , we argue that, in order to respond to these challenges, it is necessary to move beyond approaches that fixate on plain language and hence embrace a designerly visual turn. In Section 5 , we therefore describe the tools and methods that have matured in the research areas of information design, Legal Design and Transparency-Enhancing Technologies (hereafter: TETs) to conceive usable and effective solutions for challenging communicative situations.
We focus on transparency-promoting operational strategies that can be employed to maximize the clarity, navigability, and memorability of the information provided to data subjects, as both the law and good scientific practice require. We propose definitions and provide examples of transparency design patterns, defined as reusable solutions to common informational failures. We also argue that it is time to develop a systematic approach -i.e. a design space ( Schaub et al., 2015 ) -to define and implement transparency as a socio-technical concept, namely as a legal principle whose modality of implementation depends on multiple factors, like the subject matter, the characteristics and informational needs of the intended audience, the context of application, the timing, and of channel of communication. Lastly, in Section 6 , we reason on the current gaps that need to be filled to ensure the successful application of the GDPR to the research world and promote a culture of transparency among other good research practices.
To conclude this introduction, we believe it is necessary to dedicate a few words about the audience of this article and its subject matter. The majority of the existing literature about the interplay between GDPR and scientific investigations shows skewed results, since it focuses on the biomedical domain, as noticed by Vayena et al. (2019) . Although this article strives to be valuable cross-domain, it also shows the same bias since we mainly provide examples extracted from genetic applications. 3 However, we believe that this case can be paradigmatic because of the centrality of this area for current and future scientific advancements, the involvement of human subjects, and the sensitivity of the data at hand. The transparency-enhancing strategies proposed in Section 5 , though, aspire to be applicable to any research area: this article is addressed to all those scientists that aspire to inform study participants efficiently, compliantly, and fairly when they carry out data-informed investigations intended in a broad sense. We include in this set, for instance, not only biomedicine and healthcare, but also data modelling and simulations in robotics, computer vision, human mobility, individuals' decision-making, and education. We also include any kind of data-gathering experience that makes use of an online platform for the registration and undertaking of a study.
We deliberately abstain from referring to transparencyenhancing strategies for informed consent forms, whilst, rather, we focus on information disclosures for three main reasons. Firstly, albeit there is an extensive body of research investigating the failures of informed consent forms, resources studying the transparency and quality of information disclosures in the research domain are scarce. Secondly, the information design strategies aimed at ameliorating the transparency of mandated disclosures are part of the broader information provision process that is meant to enable informed consent. Thirdly, informed consent is not always the most appropriate legal ground for the processing of data in scientific investigations, especially for sensitive data gathering and for the reuse of data beyond the purposes specified at the moment of collection ( Vayena et al., 2019 ). Nevertheless, controllers are subject to information duties, unless the provision of such information would prove impossible or represent a disproportionate effort. Yet, even in such cases, appropriate measures should be adopted to oppose informational opacity, including making the information publicly available (Art. 14.5(b) GDPR), e.g. on websites.

User-centric transparency
In EU law, the value of transparency has been concretized in legal principles with the desired goal of "engendering trust in the processes which affect the citizens by enabling them to understand, and if necessary, challenge those practices" ( Article 29 Data Protection Working Party, 2018 , p.4). Under the GDPR, transparency is intrinsically related to the fairness of processing of personal information and assumes a fundamental role in accomplishing compliance with the principle of accountability. In this sense, transparency can empower "data subjects to hold data controllers and processors accountable and to exercise control over their personal data by, for example, providing or withdrawing informed consent and actioning their data subject rights" ( Article 29 Data Protection Working Party, 2018 , p.5). This description resonates transparency in research applications on human subjects, which refers to being open about the process, outcomes, and entailed risks of the study.
The new data protection regime reforms the concept of transparency, by supporting a "user-centric rather than legalistic" interpretation, clarifying that "the quality, accessibility, and comprehensibility of the information is as important as the actual content of the transparency information" ( Article 29 Data Protection Working Party, 2018 , p.5). In other words, merely providing (frequently illegible and unintelligible) information about data practices is now considered unlawful: rather, it is essential to design the communication following the informational needs of the intended audience that should be enabled to understand and use that information within a specified context. Transparency must therefore be read as a socio-technical concept that integrates human, functional, and contextual aspects to the legal and technical features: transparency-enhancing solutions should be designed for the goals of specific users in given environments. Moreover, the implementation of such solutions should be motivated, whilst their efficacy should be empirically proved. The prominence given to user-centricity marks a paradigmatic shift in long-established malfunctioning, even detrimental, communication practices and thus has the potential to prompt innovation and encourage empirical investigations to establish best practices and standards.
Concretely, user-centric communication in the context of scientific research should consider the characteristics of the intended audience (e.g., what is their level of literacy and their age?); the type of information that it intends to transmit (e.g., does it deliver temporal information?); and its objectives (e.g., does it intend to warn about specific aspects? Does it want to explain complex processes?). User-centric disclosures should allow individuals to form expectations about the development of the research and to reason about the modality of retention and analysis of their personal data. Disclosures should thereby enable data subjects to decide in a free and autonomous manner whether they wish to participate in a study and accept the risks involved, especially if the processing is likely to result in high risks for the data subject. Individuals should also be empowered to understand how they can exercise their rights concretely, like the right to access the information held about them and the right to withdraw consent.

Transparency by design
To properly implement transparency in its multidimensionality, we argue that data controller should adopt a transparency by design approach. Namely, they should embody transparency measures into the design of the data processing operations, instead of appending them as an afterthought. This proposal is in line with the data protection by design and by default approach enshrined by Article 25 GDPR, that aims to minimize risks by focusing on effective ex ante protection embedded early on in the design of the process, as opposed to exclusively devise ex post remedies ( Hartzog, 2018 ). According to this view, data processing operations and protections should become the "outcome of a design project" ( European Data Protection Supervisor, 2018 , p. 6) oriented to fulfill the principles laid down in Article 5: lawfulness, fairness, and transparency. Such a stance resonates with the proactive approach that is necessary for those research applications that do not only benefit individuals and humanity at large, but can also potentially impact their rights and their well-being: data controllers should provide legal protection by design, pro-mote the safety and welfare of the data subjects, and prevent problems from arising to the maximal possible extent ( Rossi and Haapio, 2019 ). This also means that information notices should mirror the transparency of the processing that they describe in the transparency of their language and their presentation. Indeed, the design of information and technologies is not a technical, value-neutral translation of functional requirements, as it is commonly believed ( Van den Hoven et al., 2015 ). On the contrary, by determining affordances and constraints to which users will be subject, design also defines their possibilities and their limits.
If such forward-looking approach can be ascribed to the practice of Proactive Law ( Siedel and Haapio, 2010 ), it can also be framed within the practice of Legal Design, which is an interdisciplinary approach to apply human-centered design to prevent or solve legal problems ( Ducato et al., 2018 ). Following the bedrock of human-centered design practices, one of the main pillars of Legal Design resides in the consideration that users of the legal system and legal information are not only lawyers, judges and regulators, but a wider circle of stakeholders. In the case currently under analysis, users are primarily researchers in charge of designing informational material and consent experiences, and research participants that need to be able to navigate and decode that information to decide whether and how to disclose personal, and even sensitive, data about them. This indicates the need for easy-to-implement solutions that on the one hand help data controllers to observe their compliance duties in a built-in manner (i.e., by design), and on the other hand, that inform data subjects adequately. Section 5 will illustrate how information design patterns can provide operational ways to promote transparency and informed consent, by translating abstract legal principles into applicable solutions.

Information duties
In the context of personal data-driven research, individuals and institutions acting as data controllers have specific information duties towards data subjects following Articles 12 to 14 GDPR. Furthermore, if research involves human subjects for medical purposes, the Clinical Trial Regulation 4 imposes additional obligations on the investigators aimed at avoiding data misuse and research misconduct. When informed consent is employed as the lawful ground for data processing, legal requirements concerning how that consent is signified also apply (Article 4, 7 and 9 GDPR and Article 12.21, 29 and 30 CTR). If data are collected through a digital platform, a mobile application or a wearable device, the obligatory povision of precontractual information may also apply -see e.g., Albrecht (2013) -following the Consumer Rights Directive 5 and the Unfair Contract Terms Directive. 6 The information duties described similarly in the EU legislation mentioned above have been classically implemented through the regulatory tool of mandated disclosures: it is believed that establishing full transparency would reduce information asymmetries, create a level playing field for all the actors involved in a transaction, and pinpoint the decision-making of the weakest party ( Rossi et al., 2019 ). The legal and ethical requirements about disclosure and consent are most typically realized through documents like privacy policies, information sheets, consent forms, and terms and conditions. It follows that individuals can be confronted with a highly intricate informational texture. In the next paragraphs, we describe in greater detail what the information duties exactly entail. 7

Information duties for data controllers
Article 13 GDPR dictates to provide the identity of the data controller, the co-controllers, and the processors if applicable (e.g., all the research institutions involved in data handling); the contact information of the organization's Data Protection Officer 8 ; the specific research purposes; an explanation that processing is allowed by virtue of consent and that consent can be withdrawn; the rights of the data subjects and the exceptions for research 9 ; the data retention period, considering the peculiar researchers' obligations to guard data for a given period of time and to publish data indefinitely ( Vrije Universiteit Amsterdam, n.d.); and the right to lodge a complaint to the relevant supervisory authority. If data are transferred outside the European Union, then a clarification about the legal safeguards for the transfer is needed. If automated decisionmaking is applied, than meaningful information about the logic and the consequences of such processing should also be provided. If the information is not obtained directly from the data subjects, Article 14 GDPR prescribes to mention the categories and the sources of personal data concerned.
In addition, Article 12 provides indication on how the information addressed to data subjects should be designed, namely in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. Such requirements also apply to any communication about the rights of the data subject and about data breaches. The article also affirms the role of icons to provide an easily visible, intelligible, and clearly legible overview of the data processing.

Information duties for research investigators
In a research context, the following items must also be explicitly mentioned ( Summers, 2018a ): the purpose and type of research; the voluntary nature of the cooperation; the advantages and risks involved; the conditions to withdraw from the study; the usage of the data during research, dissemination and storage, including how the information will be shared with participants; any applicable benefits-sharing; the future publishing, archiving and reuse of the data, explaining to participants the benefits of data sharing and indicating whether research data will be deposited in a data repository; the contact details of the researcher, with institution, funding source, and instructions on how to file a complaint. Depending on the type of data, additional requirements may apply, e.g., those for informed consent described by the Helsinki declaration on medical research ( World Medical Association, 2013 ) and those of the Nagoya protocol obligations for genetic data ( Secretary-General of the United Nations, 2010 ).

Information duties pinpointing lawful informed consent
When consent is identified as the legitimate legal ground for the data processing, researchers should inform participants about the study, ensure participants' comprehension, and emphasize the voluntariness of their participation ( Dankar et al., 2019 ). The accompanying information should uncover the research purposes, clarify the data retention and sharing policy, specify the measures taken to safeguard anonymity and confidentiality, and outline the right to withdraw from the research ( Summers, 2018b ). Since both the content and the quality underpin the validity of disclosures, consent requests should be presented in an intelligible and easily accessible form, using clear and plain language under the GDPR. Similarly, it should be drafted in a way that is comprehensive, concise, clear, relevant, and understandable to a layperson under the CRD.

Documented issues to effective disclosures
Following regulatory requirements, the information that shall be provided to research participants is not only abundant, but also legally and technically complex in nature. Considering that attention to the quality of communication is almost never prioritized, this provokes an informational Babel of lengthy, cumbersome, and jargon-ridden documents that not onl do not comply with applicable laws and, furthermore, do not serve the informational needs of the human subjects.

Do lengthy and unstructured disclosures fulfill transparency goals?
Both in the domains of data protection ( Calo, 2012 ) and research ( Manson and O'Neill, 2007 ), "the more information, the better" has traditionally been the underlying assumption to aid individuals' decision-making. Legal requirements have placed a primary focus on the completeness of the information provided, with the aim of preventing data controllers from omitting relevant details, thereby undermining people's ability to make informed choices. Yet, exhaustiveness of information is oftentimes at odds with understandability and other considerations concerning usability, since it generates information fatigue and cognitive overload that drive individuals to "skim, freeze, or pick out information arbitrarily" ( Calo, 2012( Calo, , p. 1054, instead of bolstering their abilities of comprehension and decision-making. Lengthiness is exacerbated by the lack of any logical information architecture, which causes important details to be lost in a sea of impenetrable text and discourages people from reading. There exists an extensive body of literature that points to the complete lack of functionality of privacy notices and other legal documents 10 . Generally speaking, one of the limitations of legal communication consists in the emphasis placed on "the essence and precision of the rules, but not at all on the needs and abilities of the individuals tasked with understanding and acting upon such rules" Passera (2015 , p. 342).
In addition, an impressive number of people are functionally illiterate: for instance, the Organisation for Economic Co-operation and Development found out that in almost all countries surveyed in 2016, a sizable proportion of adults has poor reading skills and is not able to extract information from long and complex texts ( Kankaraš et al., 2016 ). Unless they receive specific education, individuals fail to grasp legal and scientific (e.g., medical) knowledge due to their lack of expertise in the domain. For instance, participants generally show low comprehension of information sheets and consent forms ( Falagas et al., 2009;Montalvo and Larson, 2014 ), e.g., for what concerns risks and benefits of health-related research, mainly due to limited literacy and to language barriers ( Davis et al., 1998;Sudore et al., 2006 ).
The majority of existing insights about the incomprehensibility of informational material and informed consent forms 11 highlights their low readibility level. Hence, they result unintelligible to a great part of the population ( Paasche-Orlow et al., 2003;Sugarman et al., 1999 ), provoking blind agreement to the terms. Considering the use of complex research methods involving artificial intelligence and big data analyses in many domains, and the necessity of explaining their functioning according to the GDPR, the necessity of finding accessible and comprehensible communication means becomes even more pressing.

Communicating in a blended environment
Besides, nowadays data-driven research happens in a blended environment, where data are growingly gathered through mobile devices, sensors, wearables, and other technologies. It follows that the task of informing participants also shifts to an online environment where communication takes place asynchronously. Therefore, risks of non-comprehension might be even higher in such a remote setting, since participants cannot receive immediate feedback about their comprehension, nor clear their doubts. Nevertheless, the digital environment also offers unrivaled opportunities to maximize the efficacy of communication, for instance in terms of variety of information presentation methods (i.e., e-mail, messages, webpages, videos, chatbots, etc.), of interaction, of scalability ( Governance Team, 2019 ) and of timing. Indeed, the moment at which information is provided sensibly impacts the capacity of the audience to understand and act upon such information ( Schaub et al., 2015 ). One of the main limitations of existing approaches resides in the belief that information provision for consent is a "single-point transaction that must be completed in order to enroll participants" ( Wilbanks, 2018 , p.110). As a consequence, information duties are normally implemented through a document shown before the data collection takes place. Yet, people taking part in a research study live a whole complex experience that is 11 Mostly focusing on informed consent forms used in the biomedical domain.
composed of multiple phases: discovering the study; understanding what it entails in terms of procedures, risks and benefits; taking part in it, sometimes over a long period; making sense of the results; and eventually finishing the study or withdrawing from it. Each phase triggers different informational needs that should be tackled separately and appropriately to serve the right to self-determination and informed decision-making. For instance, a dynamic consent model provides for the micro-management of data processing permissions at different points in time. This should translate into information opportunely provided to allow informed choices, while concurrently avoiding to overburden users with an excessive number of choices, which would cause decision fatigue.

Specific obstacles to transparency-friendly information disclosures
Previous work ( Rossi et al., 2019 ) (pp.92-97) has identified classical hurdles to effective communication in the context of data privacy and data protection. Many of these issues tend to affect legal and technical writing in general and may also arise in information notices. In some cases, it seems that these are present out of legal-ethical reasons, but they are not designed for specified users in specific contexts, nor are they conceived to reach specific goals of effectiveness.
We summarize in the following the main problems that preclude effective legal-technical communication: 1. Language complexity: excessive use of legal-technical jargon and complex syntactic choices impact readability and make it cumbersome for most individuals to understand the meaning of a document without expert advice; 2. Vagueness of terms: excessive use of vague terms leave the individuals baffled about their intended meaning; 3. Wall of text: documents are displayed as walls of texts that result impenetrable, while details are lost in a sea of text. Without information hierarchy and meaningful visual organization (e.g., paragraphs, headlines, spacing), readers cannot navigate the text and efficiently find salient information; 4. Excessive length: although completeness of information is key, its translation into overly lengthy texts cause information overload and discourage individuals from reading; 5. Lack of audience-tailoring: language and presentation of information notices are not adjusted for the intended audience, its informational needs in specific contexts, and its cognitive capacities; 6. Bad timing: although by law information must be given before the data processing starts, this might cause individuals to disregard or forget it. Moreover, pre-processing requirements do not prevent controllers from providing information at different times of the data processing relation according to the contextual users' needs; 7. Lack of familiarity: individuals generally lack the necessary expertise to understand, assess, and act upon the information contained in legal-scientific terms, especially when the language is vague or overly complex and when individuals have poor literacy levels; 8. Scattered information: if different aspects of the research participation are scattered around different documents and places (e.g., analogical information sheets, online privacy policies, contracts, etc.), it becomes arduous for an individual to find specific information and to integrate knowledge coming from spatially or temporally separated sources.

Dark strategies
It has been maintained ( Bösch et al., 2016 ) that making it hard for data subjects to learn how their personal data is collected, stored, and processed constitutes a dark strategy that has the aim -or the substantial effect, even if unintentional -to mislead and deceive them. Indeed, by exploiting cognitive load, long and impenetrable privacy notices alienate their audience from reading, or nudge them to disengage from unraveling their intended meaning. If terms are unintelligible, individuals cannot form expectations nor understand their rights. If risks are not explained, individuals unpleasantly discover consequences when it is too late to retain their data. If, in other words, the visible interface of data processing is obscure, too complex, or incomplete, participants might decide to abstain from cooperation or withdraw from the study. In the worst case scenario, the lack of proactive transparency-enhancing strategies can become the object of a legal dispute. Dark strategies are therefore the opposite of the "inform" privacy-enhancing design strategy ( Hoepman, 2014 ) and contradict most of the Privacy by Design foundational principles ( Cavoukian, 2009 ). It is opinion of the authors of this article that dark strategies in scientific research are rarely intended: they are rather the outcome of the investigators' lack of knowledge or capacities needed to handle personal data and practice transparency. Without data culture, it is unrealistic to expect that privacy notices and consent forms will be accurate, exhaustive, and intelligible. Moreover, there is a tendency to exclusively assign data protection matters to the organization's Data Protection Officer -or, at worst, consider them as a hindrance to research advances.
In the following paragraphs, hence, we focus on practical strategies that can serve a double goal: firstly, they can be implemented to clearly communicate with the data subjects and, secondly, they can serve internally to clarify the data flow and retention policy, thus facilitating compliance, as will be argued in Section 6 .

Beyond readibility: the design of legal and scientific information
Although existing research has thoroughly analyzed the hurdles to effective communication both in privacy notices and consent forms, less attention has been devoted to the conception and development of solutions to those problems, if we exclude the reiterated recommendations on the use of plain language. In the following, we go one step further by introducing considerations on the design of information and of choice architecture.

Beyond plain language: information and choice architecture
Albeit language simplification still constitutes the exception rather than the rule, such a goal has been already touted extensively. Guidelines containing criteria for the evaluation of the readability of educational material and consent forms already exist, e.g. see Terranova et al. (2012) . Yet, readability, we argue, is but one of the properties that constitute transparency. What is missing, on the contrary, are strategies that broadly act on information design, namely on the organization, navigation, and explanation of a document's content. Plain language is necessary, but not sufficient: "visually disorganized documents and walls-of-texts look and feel difficult" ( Passera, 2018 , p. 230), causing people to anticipate high mental efforts and therefore abstain from engaging with the reading altogether.
The interpretations of the principle of transparency by the Article 29 Data Protection Working Party (2018) and the CNIL ( Chatellier et al., 2019 ) support this view: data controllers should pay attention and invest resources in the design of a meaningful and non-deceptive choice architecture. In other words, they have the responsibility to organize the context in which people make decisions ( Thaler et al., 2014 ), which can nudge them to either make optimal choices or, conversely, suboptimal ones. We claim that it is time to go beyond readability and consider the whole user experience to design a meaningful and empowering choice architecture that responds to users' needs and capacities in a usable, transparent and fair manner.
Indeed, documents are not mere containers of information. Rather, they should be "structured around users' strategic needs to access different information at different times for particular purposes" ( Waller et al., 2016 , p.9). The notion of document literacy is key in this context, namely "a form of literacy that goes beyond reading the words to include strategic reading -searching documents for answers to questions, assembling information from different documents, and determining the relevance of information" ( Waller et al., 2016 , p.9). Individuals do not only need to access and decode information, but also to make use of it to take decisions (e.g., give or withhold consent for certain processing purposes) or to act accordingly (e.g., follow instructions describing how to delete their personal account). Hence, it is not only important to find appropriate means and formats to make such information readily graspable, but it is also necessary to empower people to find that information, prioritize certain items over others, and learn how to make use of it. Researchers should aim at creating "forms that are shorter, more readily understood, less confusing, that contain all of the key information, and that can serve as an excellent aid to help someone make a good decision about whether to participate in a study" ( Food and Drug Administration, 2011 ).
In order to do so, it is necessary to carefully the intended audience, from which follows an analysis of their cognitive needs in a specific context. Useful tools in this respect are user surveys, focus groups, and interviews to gather and elicit users' needs, expectations, motivations, goals and fears about the research. The outcomes of the analysis can determine, for instance, the language register and a differentiation between reasonably expectable data practices from unexpectable ones. An effective notice should focus on communicating intelligibly, saliently, and concretely the unforeseen consequences of scientific investigations. Especially when the audience is not knowledgeable about the domain, such explanations are indispensable to help people form realistic expectations about what is going to happen next and about the benefits and risks inherited with cooperation.

Evidence supporting a visual turn
A mere intervention on language should not constitute the only means in the controller's toolkit to impact information understandability. Evidence shows that visual communication improves understanding and enhances short-and long-term retention of key information about the research. The label "visual communication" covers for a great variety of graphical design means: experimentation to enhance transparency of scientific (mostly biomedical) information sheets and consent forms has mainly revolved around pictorial charts ( Vallely et al., 2010 ), comics ( Steenberg, 2017 ), pictures ( Peregrin, 2010 ), videos ( O'Lonergan and Forster-Harwood, 2011 ), pictographs ( Tait et al., 2010a ), tables ( Tait et al., 2010b ) and a mix of other methods 12 .
Most strikingly, even the legal domain has recently started to include graphical communication into a realm that has traditionally been verbo-centric ( Brunschwig, 2011 ) and to test it against pure prose. Research shows that good information structure and graphical elements can help human readers in navigating legal texts, clarify their meanings, maximize their understandability, make assumptions visible, and reinforce the intended message ( Barton et al., 2019 ). Moreover, visualizations can lower the chances of misunderstandings by making abstract information easier to grasp ( Passera, 2017 ). Studies on contract visualization, for instance, have shown that legal content is understood more accurately and faster when supported by visual means ( Passera, 2012;. Whereas long documents can be off-putting ( Waller et al., 2016 ), graphical elements can reduce cognitive load derived by lengthy agreements and assist the activity of skimming through the text to find relevant information . They can also support memorization and retention of legal information . Visual narratives through comics can even replace the legal text in toto , thereby, improving the motivation to read the legal terms and easing the adequate comprehension of contractual rights, obligations, and consequences, especially among poorly educated individuals ( Botes, 2017 ).
In the online environment, the inclusion of visualizations increases the attention and the time that people devote to reading online contracts ( Kay and Terry, 2010 ) and improve comprehension accuracy ( Botes, 2017 ). Displaying icons to illustrate key points, rephrasing key terms as frequently asked questions, providing information in short chunks at the right time, and embedding illustrations and comics into online privacy policies and terms and conditions also ostensibly enhance the understanding and engagement of individuals with legal terms ( The Behavioural Insights Team, 2019 ).

5.
Transparency-enhancing design patterns for research

Transparency-enhancing technologies and design patterns
Notwithstanding the merits of the interventions described in the previous paragraphs, it seems very difficult, or even impossible, for people without the relevant expertise to properly materialize those ideas: learning strategies and mindsets to ameliorate information design is not part of the classical educational path of the prospective scientific researcher. Yet, given the centrality of transparency and the relevance of awareness raising and knowledge sharing in legal and ethical conduct, cost-and time-effective solutions must be developed: whereas there are many studies analyzing the merits of certain interventions, what is still missing are concrete and implementable indications for non-experts. Therefore, in the following we present transparency-enhancing design patterns, i.e., reusable solutions to tackle classical problems of legal-scientific documents, accompanied by concrete guidelines offering guidance on how and when to use the patterns.
We maintain that transparency design patterns can be considered TETs, i.e., tools that aim at reducing the information asymmetry between the data controller and the data subject ( Zimmermann, 2015 ), by providing the latter with knowledge about the usage of their personal data ( Spagnuelo et al., 2018 ). TETs complement Privacy-Enhancing Technologies in that they do not offer ways to limit data sharing or conceal one's identity, but they rather provide insight into the intended or actual controller's data practices. Notably, transparency design patterns can be framed as assertion TETs ( Zimmermann, 2015 ), that is to say technologies conveying information about the purported data processing practices of the controller, albeit without the possibility to verify their veracity.

Roots and structure of design patterns
Design patterns can be defined as "useful techniques in terms of the functional problem they aim to solve" ( Waller et al., 2016 , p.20). Given that "designers borrow and evolve ideas from one another[, d]esign patterns provide a means of identifying these common ideas, allowing us to name and describe them and then use them in our own designs" ( Lewis, 2014 ). In other words, design patterns create a common vocabulary to describe, and therefore share, good practices and efficient solutions that become thereby replicable, systematized and extensible ( Haapio and Hagan, 2016;Rossi et al., 2019 ). The original idea of patterns is attributed to architect and designer ( Alexander, 1977 ), but their use has since spread to other areas of practice and research, most notably object-oriented programming ( Gamma, 1995 ), security engineering ( Romanosky et al., 2006 ), but also interface design and legal information design ( Haapio and Hagan, 2016;Haapio and Passera, 2017;Rossi et al., 2019;Waller et al., 2016 ).
Even though pattern languages vary, a prototypical pattern structure describes the solution to one or more problems in a specific context, together with the expected positive and negative consequences of the implementation of such pattern ( Meszaros and Doble, 1997 ). We organize the next sections according to four categories of objectives that the patterns mainly intend to support: explanation in Section 5.3 ; navigation in Section 5.4 ; overview in Section 5.5 ; emphasis in Section 5.6 . Table 1 arranges the patterns according to these categories. Indeed, although increased transparency is commonly associated with increased comprehensibility, it should also aim to enhance the navigability of complex and abundant information, augment the salience of the most relevant facts, and enable people to receive an overview at first glance, while later delve into the details.
The structure of the patterns contains the following attributes: • summary illustrates the functioning, the goal, and the expected outcome of the pattern; • problem(s) refers to the problem or problems (summarized in Section 3.3 ) that the pattern aims to solve ( Fig. 1 provides a summarizing table); • constraints describes restrictions and conditions applying to the pattern implementation; • application proposes information types that can be most properly represented through the pattern; • example reports a good implementation of the pattern.
Examples are either drawn from existing research or constitute our own design prototypes.

Explanation
Explanation patterns enhance the clarity and intelligibility of the research steps and of the personal data processing involved.

Illustrative examples
• Summary: Examples clarify complex technical, legal, or procedural terms that can result unfamiliar to the research participants. They can also make abstract concepts more tangible ( Rossi et al., 2019 ). • Problem(s): Language complexity, vagueness of terms, lack of audience-tailoring, lack of familiarity. • Constraints: To result meaningful, examples should not cover all aspects of the research, but rather relate to the most cumbersome, unexpected, or relevant practices in that context for that audience. They can respond to the most frequently asked questions. However, by giving salience to one aspect, they should not omit other practices (e.g., questionable or privacy-invasive). • Example: "We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. [...] For example, Aggregate Information may include a statement that "30% of our female users share a particular genetic trait," without providing any data or testing results specific to any individual user." 13 . • Application: most complex data processing practices and scientific practices (e.g., automated decision-making on research data); abstract risks entailed in the research participation.

FAQs
• Summary: Simple and straightforward answers to frequently asked questions provide ad hoc , relevant explanations for the intended audience and can be found when needed (i.e., at request). • Problem(s): Language complexity; vagueness of terms; wall of text; excessive length; lack of audience-tailoring; wrong timing; lack of familiarity; scattered information. • Constraints: Before data collection, FAQs can act as anticipatory explanations, dismiss fears and debunk myths, thereby potentially attracting participants. During or after data collection and processing, FAQs can clarify the most common doubts about research practices, thus saving researchers' time. Yet, they should not substitute the contact person, nor the complete legal and educational documents. FAQs should be organized in a logical order and in an easy-to-navigate display to efficiently support information finding. • Example: Fig. 2 .
• Application: answers to common questions about data gathering processes and relative risks (e.g., "How are my data protected?"); instructions about common practices (e.g., "How do I withdraw from the study?", "How do I erase my account?").

Timeline
• Summary: Timelines logically display a sequence of steps or events (for instance, actions, deadlines, processes). They help individuals to concretely envisage how a process will take place. They can also support their understanding of when and in what order they need to initiate certain steps to reach a certain goal. Timelines make temporal and logical relationships more visible than in prose and thereby guide correct interpretations. Moreover, the integration of visual and textual elements facilitates cognitive processes and decreases cognitive load ( Passera, 2018 ). • Problem(s): Vagueness of terms; wall of text; wrong timing; lack of familiarity; scattered information. • Constraints: Timelines should be used when temporal or logical sequences are hard to follow or to give relevance to actions that individuals need to perform.

Fig. 1 -Matrix illustrating the problem(s) that each design pattern can solve. The different shades of colors indicate the category to which the pattern belongs.
• Application: data retention and deletion policy (e.g., data retention for active or completed research projects); entire data processing cycles, including collection, analyses, results communication and destruction. • Example: Fig. 3 .  Fig. 3 -This timeline illustrates the steps the user has to initiate to delete her account. Re-elaboration is our own. We refer to the original provisions in "5.d. Account deletion", available at https:// www.23andme.com/ en-int/ about/ privacy/ (last accessed: 31 October 2019).

Fig. 4 -This prototype of a swimlane illustrates an excerpt of the rights of the data subjects vis-a-vis of the respective
responsabilities of the controller. The example also makes use of a structured layout, meaningful headings, and companion icons to improve navigability. The icons belong to the Data Protection Icon Set ( Rossi and Palmirani, 2020 ) available at: http:// gdprbydesign.cirsfid.unibo.it/ dapis-2/ . We refer to the original provisions under Section "9.e. Privacy rights" of the genetic testing company 23andMe's privacy notice, available at: https:// www.23andme.com/ en-int/ about/ privacy/ (last accessed: 31 October 2019). The plain language version and the interpretation are only ours.

Swimlane
• Summary: Swimlanes are diagrams illustrating rights, obligations and responsibilities of the different parties involved in the research ( Haapio and Passera, 2017 ). Swimlanes offer an easy-to-consult summary that guide the parties through their responsibilities, especially when information is scattered across different documents. They also give prominence to the rights that data subjects have, which are oftentimes tucked away at the end of the notice. • Problem(s): Vagueness of terms; wall of text; lack of audience-tailoring; wrong timing; lack of familiarity; scattered information. • Constraints: Swimlanes can be combined with timelines and other diagrams to elicit the interdependence among different steps. • Application: rights and obligations of the data subjects and of the data controllers, and limitations thereof (e.g., security measures; right to access and to erasure of personal data). • Example: Fig. 4 .

Comics
• Summary: Comics combine textual and graphical means to illustrate concepts and courses of action. They use conversational style and develop a narrative in a specific context, thus they allow readers to identify with the characters. Comics can also attract and retain attention by fighting notice fatigue ( Rossi et al., 2019 ), i.e. the habituation and alienation derived by the longstanding habit of experiencing inscrutable prose. They can thus motivate young people, people with low (scientific) literacy, and non-native speakers to read. Moreover, like examples, they make abstract notions more tangible and they can reinforce learning and retention. • Problem(s): Language complexity; vagueness of terms; wall of text; excessive length; lack of audience-tailoring; lack of familiarity. • Constraints: Comics can capture and illustrate specific research aspects, but do not usually substitute whole documents with due exceptions. Therefore they can also be considered as an implementation of information layering. They can focus on specific aspects of the research procedure, while omitting others: this should not be a strategy to conceal privacy-invasive or risky practices. Attention should be devoted to the conversational tone and the depiction of context and characters, that should be appropriate for the intended audience (e.g., adults vs children) so that the message resonates with them. • Application: the most relevant, complex, or controversial aspects of a research study. • Example: Figs. 5 and 6 . The images display an excerpt of the comic strip sketched by Steenberg (2017) to explain genome processing research and obtain informed consent from the San population in South Africa. San people generally have low income background, low educational levels, and speak a different language than researchers. Moreover, given their unique genetic heritage, they have been repeatedly involved in scientific studies and convinced with questionable methods. Therefore alternative methods to prose had to be devised to ensure clarity and gain their trust. The use of comics produced general higher comprehension rates with respect to the pre-comics condition and helped the San population to identify with the depicted characters.

Navigation
Navigation patterns improve the hierarchical and logical organization of information and its presentation, facilitating thereby the skimmability of the document and the ease of finding the desired information.

Meaningful organization
• Summary: A meaningful organization of the document's content corresponds to a logical information architecture: different topics are orderly explained in separate sections and are labeled with an appropriate informative heading (or subheading), thus giving visual and thematic hierarchy to the document. A well-structured layout that breaks down long documents can attract the readers, decrease the information load, and enable them to efficiently skim read the text to find answers to their questions ( Waller et al., 2016 ). Headings can also be phrased as questions, like FAQs. • Problem(s): Wall of text; scattered information.
• Constraints: Headings must correspond to the content of the section they identify. By orderly organizing the content of the document, the completeness of information can be also verified.

Companion icons
• Summary: Companion icons are pictograms that represent the meaning of the chunk of text they accompany. They attract attention and provide salience to key topics of the document ( The Behavioural Insights Team, 2019 ). This eases the task of finding relevant information and bolsters knowledge retention ( Rossi et al., 2019 ). • Problem(s): wall of text; scattered information.
• Constraints: Icons must be pertinent to the notion they represent and their use must be sparse. They should accompany text rather than substitute it. Icons are more easily recognized if they depict concrete objects and leverage commonly used symbols. If the readers are not familiar with the code of icons, they might be baffled, instead of facilitated, by the pictograms, thus standardised icon codes should be preferred. • Application: Icons can in principle be applied to any kind of information (see above "Meaningful text organization  and skimmable headings"), although concrete and wellknown notions should be preferred. Article 12 (7) GDPR provides for the adoption of a EU-wide standardized code of icons depicting data protection concepts, see e.g., Rossi and Palmirani (2020)

Overview first, details on demand
Overview design patterns make use of layers to allow users to find the most relevant information easily, while explor-ing additional information on demand ( Schaub et al., 2015;Shneiderman, 1996 ). They have the function of avoiding to overwhelm individuals with many aspects at once, while supporting strategic reading ( Passera and Haapio, 2019 , Layering). Layering can be designed for different audiences (e.g., the first layer for study participants, while the detailed layer for auditors and supervisory authorities); for different informational needs (e.g., the first layer for individuals not yet enrolled in the study, while the subsequent layer for those already participating); for different moments of information provision (e.g., the first layer for an introduction to the research, the second layer for decision-making moments); or for different devices (e.g., the first layer for wearable devices, while the detailed information for laptops).

Layered notice
• Summary: A layered notice distributes the information on different layers according to its relevance: the first layer provides by default an essential overview of the research process, while details and explanations are provided in additional layers that can be examined on demand. • Problem(s): Language complexity; wall of text; excessive length; lack of audience-tailoring; wrong timing; lack of familiarity. • Constraints: The sum of layers must offer complete information on in its totality to be compliant. The first tier must not deceive users, for example by concealing research risks in the tiers on demand. In strategic decision-making moments (e.g., before enrolling in the study or before withdrawing from it), readers should be encouraged to delve into the detailed layers. • Application: to be legally compliant, the first layer should at least include information about the purposes of processing, the identity of the controller, and a description of data subjects' rights (see Recital 39 GDPR and Article 29 Data Protection Working Party (2018) ). It should be complemented with all the required information outlined in Section 2.3 . • Example: see Fig. 8 .

Videos
• Summary: Audio-visual materials can illustrate the key points of the research process in a succinct, but engaging manner. Videos can also draw attention to specific (e.g., unexpected) practices. Indeed, videos can be perceived as less effortful and time-consuming information material then written documents, but at the same time more alluring. They can constitute more effective means of communication towards visually impaired people, children and young people, illiterate individuals and non-native speakers ( Rossi et al., 2019 ). • Problem(s): Language complexity; wall of text; excessive length; lack of audience-tailoring; wrong timing; lack of familiarity. • Constraints: introductory videos can be purposedly shown or be available on demand (e.g. on a website or app), but usually they do not replace complete, legally-binding information. Written information to be consulted on demand should always accompany audio-visual content.
Videos should not give exclusive prominence to the most beneficial aspects, but should fairly cover all relevant facts. • Application: in addition to the information reported in "Layered notice" Section 5.5.1 , videos can illustrate the risks of research participation and those key points deserving attention to make an informed choice. • Example: see the AncestryDNA video explaining their privacy and security practices. 15

Emphasis
Emphasis design patterns give visual relevance to certain information items to immediately attract attention towards them . This technique is particularly useful when copious information can make people miss those aspects that are more significant, unexpected, or represent a call for action on a quick read ( Waller et al., 2016 ).

Highlighted text
• Summary: Highlighted text, in term of colored background or bold typeface, stands out from the rest of the document, so that readers will notice it more easily . This choice should be informed, for example by the results of user research with the intended audience. • Problem(s): Wall of text; excessive length; wrong timing; lack of familiarity. • Constraints: Only key information should be emphasized, since too many highlights can confuse readers, instead of guiding them. Hence, this choice should be carefully made and avoid the common mistake of using all capitals(often even combined with underlined, bold, or italics typeface). It is paramount to consider that giving priority to certain information items can come to the detriment of attention on other items. • Application: unexpected practices or consequences; key procedures (e.g., data deletion policy); actions required from the participant (e.g., consent approval); risks. • Example: Fig. 9 .

Alert icons
• Summary: Alert icons, like warning signs, attract readers' attention towards specific pieces of information. They can be useful to easily notice information items at first exposures and can be search targets in following reads ( Waller et al., 2016 , p. 23). • Problem(s): Wall of text; excessive length; wrong timing; lack of familiarity. • Constraints: An excessive number of icons can leave the reader puzzled about the hierarchy of importance of different aspects. This is why alert icons should be used sparingly and thoughtfully. Moreover, attracting attention towards certain information items comes with the cost of potentially disregarding other parts. Alert icons can be used in combination with highlighted text. • Application: Risky practices (e.g., the existence of automated decision-making) and unexpected practices (e.g., the impossibility to withdraw from the study or a long data retention period). A reasoned selection can be based on the DPIA risk analysis (see also Efroni et al., 2019 ) or on FAQs. • Example: Fig. 9 .

Validation of the design
We refer to Haapio and Passera (2017) ; Passera (2017) ; Rossi et al. (2019) ; Waller et al. (2016) and references therein for a more extensive analysis of transparency design patterns that have been hereby suggested and to Passera and Haapio (2019) for additional examples. The patterns can be used in isolation or in combination, depending on the information types and the goal of the communication. Since a design pattern is a high-level solution, it is its actual implementation in a concrete context and for specific informational needs that determines whether it increases transparency -or it does not. Research demonstrates how bad or sloppy implementations can bewilder readers. 16 For instance, the mere fact of designing a timeline does not ensure that important dates about data deletion have been more transparently communicated than through prose. This is why, an evaluation of the proposed design is not only recommended, but even necessary under two different perspectives: one is legal, the other is functional. Ideally, the effectiveness of transparency-enhancing solutions should be empirically tested to prove whether they are "understood by an average member of the intended audience" ( Article 29 Data Protection Working Party, 2018 , p. 9) in order to demonstrate compliance with the principle of accountability enshrined by Article 5.2 of the GDPR.
The means by which effectiveness can be measured depends on the stated intentions of the communication ( Bestley and Noble, 2016 ). Different functional indexes can be thus considered, for instance increased attention, comprehension, recall ( Schaub et al., 2015 ) and ease of finding with respect to a control condition. Furthermore, in a research context, it should also be assessed whether TETs support individuals' informed decision-making (e.g., giving or withdrawing consent to the use of their personal data for certain purposes) and behavioral compliance (e.g., following instructions to send data or exercise rights) ( Argo and Main, 2004 ). Such properties depend on how the actual recipients of a piece of communication make sense of it in a specific context. Article 29 Data Protection Working Party (2018) suggests research tools like "user panels, readability testing, formal and informal interactions and dialogue with industry groups, consumer advocacy groups and regulatory bodies, where appropriate, amongst other things" (p. 7). If time or resources are scarce, the feedback received from expert evaluation and rapid testing with a few representatives of the intended audience can be sufficient to point to the major flaws of the proposed information design.

User journey and the timing of communication
An additional factor that is key to enable effective transparency is timing. Indeed, as recalled in Section 3 , people can forget or ignore the information provided, if it is not given at the relevant moment. Following regulatory requirements, information about data privacy and protection is generally provided prior to the beginning of the data processing, therefore either at the time of set up (e.g., during registration) or just-in-time (e.g., when specific data is collected). But it is useful to expand this temporal spectrum to provide meaningful notices, that can also be context-dependent (e.g., calling for an action from the user); periodic (e.g., reminding the user of an active processing practice, especially if invisible); and persistent (e.g., communicating that a data practice is active). All of these constitute push notices, i.e., they are sent or programmed by the controller. Pull notices like an online privacy policy or a privacy dashboard, instead, can be consulted by the user on demand ( Schaub et al., 2015 ). The timing of notices is decisive to set the appropriate design space to respond to different challenges. These even determine the appropriate channel of communication: if the processing purpose changes, for example, participants should be informed directly e.g., through e-mails; if it would require a disproportionate effort, the communication should be published on the website or be otherwise made publicly available. Timing, moreover, interacts with layering strategies: layering should not only consider the types of information to be presented, but should be tuned to the timing of provision of information.
To integrate timing, channel of communication, and informational needs of the various research participants into a coherent vision, focus should be placed on the journey of the user through the research process. The user journey, or experience map, can be described as a multi-dimensional timeline with multiple goals: they serve to rationally organize the experience of the users, while mapping out their pain points and design opportunities. They help the researchers to put themselves in the participants' shoes, in order to conceive and design a transparency-enhancing system of communication that opportunely responds to their needs and their expectations. It also contributes to the design of a coherent experience, to avoid fragmenting it through different channels ( Lallemand and Gronier, 2015 ). For instance, in those research environments involving technology-mediated dynamic consent, the user journey can be crucial to identify and analyze the informational needs of different types of data subjects in different moments and to devise how to provide a time-relevant notice through the appropriate channel for the sake of both usability and compliance.
In this context, a user journey map can include: a representation of the time and phases of the experience of the research study (i.e., when); touchpoints, namely users' actions and interactions with the researchers and other stakeholders (i.e., what); personas, namely fictional characters that represent the needs, goals, feelings, thoughts, expectations and pain points of the participants (i.e., who); the emotions of the participant at different moments of the experience (e.g., fear, anxiety, satisfaction, etc.) (i.e., how); and channels through which the communications and interactions take place (e.g., website, app, online platform, in personal conversation, on paper at distance, chatbot, etc.), (i.e., where).

6.
Conclusions and future directions

Limitations
This work does not propose technical tools (e.g. software) to support and implement the hereby presented transparency design patterns. Indeed, this contribution explicitly intends to avoid extending the list of existing cut-and-paste templates. 17 Templates can be copied and applied mindlessly with the risk of reproducing incorrect or misleading information. Rather, this article has revolved around transparency-enhancing strategies that researchers and practitioners can implement ad hoc in specified situations, once absorbed their rationale. Besides, it is also recommended to collaborate, when possible, with design researchers and (e.g., information, UX, and instructional) designers, in order to create suitable and engaging communication materials and experiences. Notwithstanding the supposed merits of design patterns, we argue that a trade-off between normative transparency and pragmatic applicability must be struck, for example in a layered information architecture. Eiband et al. (2018) borrow the pragmatic notion of satisficing from Simon (1955) and coin the terms "transparency satisficing", that we adapt here to the research context. Given that human processing capacity is bounded and that users have different informational needs and expectations, one might hypothesize that transparency satisfices users when it allows them to build mental models that are good enough to predict and explain the observed data-gathering process, even when the given explanations are not technically exhaustive. This view has also been officially adopted by the Article 29 Working Party, who endorses a layered approach to realistically cope with the quantity and complexity of information that must be provided to individuals, by nevertheless providing them with the possibility to learn more about specific aspects if needed or desired, and thereby personalize their learning path. Nonetheless, the use of transparency design patterns should not replace educational measures towards individuals, nor absolve the research investigators of their responsibilities concerning clarifications, but should be rather conceived as an aid to both.
This article does not even aim at a systematic and comprehensive overview of the transparency design patterns that can be effectively used in the context of ICT-mediated research. The list of patterns can be lengthened and revisited, adding pertinent techniques to explain, e.g., information systems and automated decision-making. Moreover, beyond assertion TETs, many additional instruments can actually enhance the transparency of data processing. To name a few, following the categorization by Zimmermann (2015) , through audit TETs, data subjects can gather a reliable insight into actual data storage and usage; through intervention TETs, data subjects can exercise control over the access by third parties (e.g., other research institutions) to their personal data; and lastly, through remediation TETs like privacy dashboards ( Zimmermann et al., 2014 ) and consent management solutions, data subjects can modify and delete their data and withdraw consent.
Indeed, transparency under the GDPR should be interpreted more broadly than the restricted focus of this contribution. Transparency concerns processing accountability and auditability, and includes the fairness of the choice architecture pinpointing informed consent and avoidance of dark patterns. It also concerns the possibility to effectively exercise the rights of the data subjects in a usable manner, for instance the right to access and the right to data portability, and should cover the whole user experience. Although providing usable and understandable information is necessary, it is not sufficient: the real actionability of such information is indeed key. This constitutes a future direction of our research.
Some of the strategies presented in these pages assume crucial relevance within the novel impulse to the development of informed consent experiences that move from authorization at single times and consent forms towards dynamic consent (also in electronic form), made possible by digital devices and device-mediated experiences. In such cases, the provision of timely, understandable, and appropriate information is crucial to allow participants to engage or, conversely, disengage with scientific studies. As Wilbanks (2018) points out, however, the choice architecture of a digital consent experience must be thoughtfully struc-tured -even in ways that are counter-intuitive ( Fokkinga and Desmet, 2013 ). To steer users towards a mindful decision, the consent experience should entail moments of friction instead of being a frictionless, one-quick interaction. Friction, though, can yield lower consent or enrollment rates. Hence, the challenge resides in finding a delicate balance between an architecture of choice that is compliant on the one hand and usable, frictional, and positive on the other hand.

Transparency as internal auditing mechanism and compliance facilitator
We maintain that a focus on the quality of communication towards study participants will not only support decisionmaking of the latter, but it can also represent a fruitful strategy to augment investigators' awareness about their data practices and the consequences of their research. Namely, design patterns can be used as an internal check for coherence, consistency, conformity, compliance, and ethics of the research-related decisions, acting thereby as proactive measure of internal auditing towards legal compliance, in the spirit of privacy by design and by default. Concretely, using design patterns and visualizing certain complex processes can help the notice drafters to "plan, clarify and test the logical correctness of the text they create" ( Haapio and Passera, 2017 , p.3). For example, a timeline for data retention can elicit flaws in the data retention and cancellation policy, while organizing the text in meaningful paragraphs can highlight the lack of certain compulsory pieces of communication.
Furthermore, design patterns can also be employed to increase the transparency of communication among the different stakeholders involved in a research project. For instance, they can be used to clarify data sharing agreements between controllers and processors, and data privacy and security policies for employees, therefore facilitating compliance (see e.g., Fig. 10 ). In such complex relationships, non-compliance can have a disastrous cascade effect: the mistake of one processor can impact users' trust in the data controller and thereby undermine study participation.

Measures to ensure a beneficial impact of the GDPR on research activities
Recent data ( Vayena et al., 2019 ) confirm what we, as researchers, witness in our everyday activity: there is the necessity of further investigation into researchers' attitudes towards data protection compliance, their misconceptions about its interplay with research activities, their needs, and their burdens to meet legal-ethical requirements. Proposed solutions fall under three categories: technical, epistemic, and governance-related solutions ( Vayena et al., 2019 ). Firstly, technical measures provide researchers with practitioners tools to facilitate their tasks. For instance, open access design pattern libraries can be leveraged to borrow, share and enrich collections of patterns, for instance patterns for data sharing IF , privacy-by-design patterns for software engineering UC Berkeley School of Information , contract design patterns , and e-consent design patterns in the biomedical domain ( Bionetworks, n.d.). Developing standardized presentation formats might also be a valuable solution: as studies on privacy policy structures ( Kelley et al., 2010 ) and insurance product information documents (i.e., IPID) ( Duke et al., 2016 ) have demonstrated, standardization can improve the comprehensibility of complex technical information -and even facilitate the tasks of notice designers.
In the work presented in these pages, agile, even standardized, methods that evaluate the implementation of design patterns are missing, even though they constitute a necessary step for researchers to assess whether they have reached the transparency goal they had set. Such methods should not only assess whether the communication is usable and comprehensible, but also analyze whether it enhances user's satisfaction, trust, and ultimately participation rates, while lowering anxiety and other emotions that might negatively impact engagement. We agree with Nishimura et al. (2013) in maintaining that if participants had "a better understanding of the study, they would likely feel more like a 'partner' in the research process, they would be easily exposed to a natural test/feedback setting, and a relationship between the participant and the researcher would be established" (p. 12).
Secondly, governance-related auditing tools would be needed to scrutinize the accuracy and understandabilitiy of the communication materials. It is doubtful, though, whether this responsibility belongs to the DPO, the ethics research committee (ERCs), or rather the researchers themselves. With growingly overburdened DPOs and ERCs, it is unrealistic to expect that they can prioritize thorough assessments of information materials over other urgent duties. The establishment of best practices, though, constitutes a governance instrument. Thirdly, capacity-building opportunities (i.e., epistemic solutions) are crucial to raise awareness about data protection and transparency and to enhance the literacy and the practical skills of the scientific community. However, how and even whether transparency-enhancing skills should assume high priority in the broader challenging framework of data protection education remains an open question. Some authors ( de Lecuona and Villalobos-Quesada, 2018 ) have called for a holistic framework that integrates the three components (i.e., technical, governance-related, and epistemic) for the development of responsible and ethical research and innovation.
Lastly, we add, participatory design processes involving research professionals that do not get explicit education about legal and ethical aspects of personal data handling can help identify and identify their main difficulties, needs, constraints, and expectations. 18 These can be actually considered design opportunities to co-devise and co-design solutions. 19

Transparency and trust
Finally, future work should also be devoted to confirm, or rather invalidate, the hypothesis upholding a correlation between transparency and trust. On the one hand, transparency about personal data use is largely considered as an enabler of users' trust, especially if combined with the benefits expected from the applications ( Schwab et al., 2011 ). On the contrary, lack of transparency, deception, and data misuse in digital economies have been the direct cause of the degradation of trust in services (see e.g., the Cambridge Analytica scandal impact on the trust of Facebook's users ( Tuttle, 2018 )). Indeed, stakeholders' concerns about data processing risks and consequences can be mitigated by transparent, accurate, timely provision of information. For example, Vayena et al. (2019 , p. 65-66) upholds that the "GDPR could help promote trust in data-donation and sharing for scientific purposes among European citizens by empowering them with increased control over their data. In turn, data subjects would have a more affirmative role in data-related decision-making, enhanced data security safeguards and more transparent information about data uses. [...]. Research has demonstrated that increased awareness about data uses and increased control of data subjects over their data are all predictors of increased trust 18 On the model of the participatory design workshops organized by the French Data Protection Authority (CNIL) to raise the awareness of and co-create solutions with designers and developers on data protection and transparency matters. See e.g., https://design. cnil.fr/en/ . 19 Similarly to the stage-based participatory design methodology proposed by Eiband et al. (2018) to integrate transparency into intelligent systems in data-sharing and the participation of citizens in research. Likewise, minimisation of data abuses and associated harms, as well as measures to ensure confidentiality are considered predictors of increased trust". On the other hand, there have been claims that "the risk of transparency outweighs the rewards" and that increasing transparency on data harvesting "fails to address privacy and trust concerns end users have" ( Schwab et al., 2011 , p.17). Indeed, definitive conclusions proving the impact of increased transparency on users' trust cannot be drawn ( Janic et al., 2013 ). Under certain circumstances, excessive transparency might well undermine trust rather than reinforce it. In such cases, other measures like governance, oversight and audit mechanisms should be implemented to fill the gaps that information transparency cannot. For instance, public consent to systems and organizations can replace individual consent to particular acts ( O'Neill, 2001 , p. 701). In addition, researchers can regard the need to inform at odds with the need of withholding information, due to fears of low participation. Yet, we argue that transparently informing study participants is not only one of the duties in good scientific practice, but it can potentially attract and retain participants that value transparency as a component of trust.

Declaration of Competing Interest
None. references