Understandable privacy information builds trust with users and therefore provides an important competitive advantage for the provider. However, designing privacy information that is both truthful and easy for users to understand is challenging. There are many complex balancing decisions to be made, not only with respect to legal but also visual and user experience design issues. This is why designing understandable privacy information requires combining at least three disciplines that have had little to do with each other in current practice: law, visual design, and user experience design research. The challenges of combining all three disciplines actually culminate in the design and use of Privacy Icons, which are expected to make lengthy legal texts clear and easy to understand (see Art. 12 sect. 7 of the EU General Data Protection Regulation). However, that is much easier said than done. In this paper, we summarise our key learnings from a five years research process on how to design Privacy Icons as a component of effective transparency and user controls. We will provide examples of information and control architectures for privacy policies, forms of consent (especially in the form of cookie banners), privacy dashboards and consent agents in which Privacy Icons may be embedded, 2) a non-exhaustive set of more than 150 Privacy Icons, and above all 3) a concept and process model that can be used to implement the requirements of the GDPR in terms of transparency and user controls in an effective way, according to the data protection by design approach in Art. 25 sect. 1 GDPR. The paper will show that it is a rocky road to the stars and we still haven't arrived – but at least we know how to go.

易于理解的隐私信息可以与用户建立信任，从而为提供商提供重要的竞争优势。然而，设计真实且易于用户理解的隐私信息具有挑战性。需要做出许多复杂的平衡决策，不仅涉及法律问题，还涉及视觉和用户体验设计问题。这就是为什么设计可理解的隐私信息需要结合至少三个在当前实践中彼此关系不大的学科：法律、视觉设计和用户体验设计研究。结合所有三个学科的挑战实际上最终体现在隐私图标的设计和使用上，预计这将使冗长的法律文本变得清晰易懂（参见《欧盟通用数据保护条例》第 12 条第 7 款）。然而，说起来容易做起来难。在本文中，我们总结了五年研究过程中关于如何设计隐私图标作为有效透明度和用户控制的组成部分的主要经验教训。我们将提供隐私政策的信息和控制架构示例、同意形式（尤其是以 Cookie 横幅的形式）、隐私仪表​​板和可能嵌入隐私图标的同意代理，2) 超过 150 个的非详尽集合隐私图标，最重要的是 3) 一种概念和流程模型，可根据第 1 条中的设计方法中的数据保护，以有效的方式用于实现 GDPR 在透明度和用户控制方面的要求。25 节。1 GDPR。这篇论文将表明，通往星星的道路崎岖不平，我们还没有到达——但至少我们知道如何走。