A GDPR compliant address infrastructure mobile application for Ugandan and Rwandan users

Abstract: More than half of the world's population are negatively affected by inadequate addresses. In Uganda and Rwanda, efforts have been done to implement a national address system but the effectiveness of those efforts have been prevented, due to lack of understanding and fears regarding its impact. With the help of Information and Communication Technology (ICT), because of its knowledge-generating foundation and substantial growth in East Africa, traditional address initiatives could be streamlined. However, negative consequences with ICT, such as surveillance, could cause the already existing reluctance to accept a system that not only registers a location but also an identity, to increase. Privacy, security and trust are therefore key factors to consider when developing a system that target areas characterized by distrust in organizations and government. This paper argues that the General Data Protection Regulation (GDPR) provides a strong framework when accomplishing this. By evaluating the user rights defined in GDPR from an interaction design perspective, this research aims to propose design guidelines that gives users agency of their personal information. This paper argues that redefining the rights as potential user actions gives the users control to manage their personal information, and further, that interest and understanding are important to enable conscious actions. With a Research through Design approach, user studies were conducted in Uganda and Rwanda, to evaluate how to design actions and information in order to enhance interest and understanding, and resulted in three design guidelines: User actions, Action layers and Information layers.