Users’ privacy concerns over their electronic data and how it is used across different digital platforms have grown in recent years. New regulations and policies (e.g., General Data Protection Regulation; GDRP) have been developed to grant users their rights to data transparency and intervenability. To that end, ex-post transparency tools have been offered to provide users with insights into how their data is used by business entities. Nonetheless, these tools do not consider individuals’ privacy concerns ex-ante technology design. While ex-post transparency tools attempt to address users’ privacy concerns, they remain limited in terms of users’ agency and autonomy, and thereby do not consider users’ voices. In contrast, ex-ante human-centered design processes would achieve that. Therefore, this research proposes a human-centered approach for designing data privacy policies with users rather than for users. To develop this approach, we primarily draw upon the human-centered design framework, commonly used in the field of Human-Computer Interaction (HCI). We compile and then use the design principles in the extant literature. The overarching objective of this approach is to understand users’ “privacy” needs and thus facilitate a mutual understanding of users’ priorities, values, and constraints. As such, co-designing data policies with users would give them agency and autonomy to actively participate in the design process. We hope that our proposed approach will allow for designing more effective privacy policies.