What is Privacy UX & How to Implement Privacy-Aware Design Framework?

Reading time: 7 minutes

This is a guest article by Anas Baig from SECURITI.ai

Is privacy dead, barely breathing, or still alive? The answer to this question is many-layered and much more complex than you can imagine. Not so long ago, no one really bothered about online privacy. Consumers were almost unaware about their data being collected as they visited a website until information about numerous massive data breaches went public.

Things took a sharp turn since then with netizens becoming more conscious about data logging practices and regulatory bodies such as the GDPR and CCPA imposed added vigilance on users’ data.

Yet, despite all the safeguards such as using antivirus, firewall, encryption tools etc., many would still argue that privacy is the price you pay for going online. We can also call it an opportunity cost for using the Internet (which is supposedly free). And that is true to quite some extent. Even today, data sharing is an integral part of going online.

Now you must be wondering, what changed in the past few years? Well, the answer is consent. Internet users now demand more control over their data and there are a dozen regulatory bodies to ensure that. The question comes down to how much data the customers are comfortable with sharing for the sake of convenience.

Customers of today and the future are leaning towards transparency and trust. They demand more privacy today, not less. And who can blame them? We are only 8 months into 2020 and the number of data breach incidents has already hit the roof. Lest we forget, there were infamous scandals surrounding some of the giants such as Facebook in regards to malicious privacy and data logging practices that led to serious trust issues among consumers.

What Does Privacy UX Mean for Businesses?

Businesses that in any way engage in data logging practices have been put under strict surveillance. They have to completely revamp their privacy practices under regulatory bodies and laws. It isn’t a good idea anymore. You can be run out of business or at the very least, suffer significant loss of money and reputation.

GDPR has fined some of the biggest companies such as Marriott and British Airways. According to the research by Privacy Affairs, “Google ended up paying a whopping €50 million for its failure to inform customers about collection and usage of their data.” And some small companies felt the heat too. Lately, a hospital in the Netherlands paid €460,00 for failure to protect patient’s data from unwarranted access.

One privacy law after another, they just keep coming now. Just when you thought that those countless hours and efforts in getting yourself fully GDPR ready, your legal or compliance team now wants you to go neck deep into preparing for CCPA. And then you may as well have to start preparing for ePrivacy Regulation in the EU. The bottom line is these privacy laws are only going to increase in number and influence with each newer one more stringent than the older one.

While the situation may seem chaotic, it’s actually a cloud with a silver lining. If businesses take a closer look and worry less about the increasing influence of privacy laws and focus more on the constantly decreasing graph of consumer trust, the odds can be turned in their favor. Trust is tangible. It can be measured, and even mended if broken or hurt.

Risk Management in the Broad Spectrum

Business owners, once they identify and solidify their approach towards data privacy laws, can better analyze the potential risk to their businesses or brands.

Some industries are much more strictly regulated than others. Finance, healthcare, or even VPN or proxy services, for example, have a relatively lower risk tolerance than others. It means that they can expect a significant and most likely negative impact as a new data privacy law comes into play.

Any business that has gone through the utterly rigorous process of fully implementing the GDPR regulations within their business practices would agree in a heartbeat. You would be surprised to hear how many businesses actually completely shut down their operations or at least ceased to operate in the EU. That may be the easy way out but not the proper way out. Businesses should rather ride the ride, and become fully compliant with the laws.

Waiting Isn’t an Option

Many businesses are taking a high-risk-low-impact approach into implementing the laws. They make minimal changes in their business practices, putting faith in the lack of regulatory activities. While it certainly minimizes risk for business, it greatly increases the risk of non-compliance. These are testing times and the business-as-usual approach may be a dangerously unsafe bet.

The regulatory activity has already been in motion and all companies have begun to rethink their stance on GDPR and CCPA compliance. But this abrupt change in the approach shifts a business towards low tolerance of risk with a higher business impact in the most likely instances. When you get your business fully compliant with data privacy laws, you’d have to make some tough changes that may have a direct impact on your core business model and financial profits.

For instance, on your way to GDPR/CCPA readiness, you may find your legal team suggesting you to ask for a user’s consent before you drop any browser cookies. Nothing less than a nightmare for your marketing team isn’t it? As terrifying as it may sound, it simply is the way of the new world that is more transparent and private than it was a while ago. Implied consent doesn’t mean real consent anymore.

So, what shall one do with non-compliance or even partial compliance isn’t an option while compliance costs valuable marketing data that you so casually collect and process?

Privacy UX To The Rescue…

Privacy-Aware Design Framework, more commonly known as Privacy UX is a rational approach that goes deeply into designing ethical and respectful user interfaces within your existing business processes such as data collection and privacy interactions with users.

Consumers are privacy-aware and expect to be treated accordingly by the businesses or brands that they engage with online. Shady cookie consent prompts, meddling push notifications, third-party tracking are some of the many factors behind your increased bounce rate. You need to find ways to optimize your opt-ins in order to minimize the business impact caused by the low risk tolerance of your business. A privacy-aware UX encourages trust among users to opt-in and consent to your marketing activities.

Five Principles of a Privacy-Aware UX?

Here are three things that you should be mindful about when designing a UX that can make it easy for customers to trust you with their privacy.

Customize your flows to serve different personas

One size doesn’t fit all nor does one flow serve the needs of multiple personas that differ so drastically from each other. A UX sprint conducted by Koos revealed that six need-based personas responded completely differently when asked the same question: Do you grant this company access to your data? It only makes sense considering netizens are the most versatile people on the face of the earth.

For instance, a casual sharer would bounce back if prompted with multiple notifications asking for permissions to access data. They would rather just get on with it. On the other hand, an anonymous surfer who probably reached your service with a pseudo VPN IP would want complete insights before they say yes to any permission prompted. Identify the diverse needs of your customers and serve tailored flows accordingly.

Call Attention to the Value Exchange

Instead of being too elaborate about permissions, keep it simple and highlight the value out of the transaction. Value proposition is highly important. Even today, the most privacy-conscious consumers are more than happy to share their data with web cookies provided that they trust the brand/company and find some value in the exchange. Be clear and consistent with your messaging if you expect users to opt in.

You have to earn a customer’s trust a little before you serve them with a cookie or privacy notice. First page notification is a no-go. Let him surf through your website a while feeling anonymous and then ask for his consent. Chances of the user opting in will be twice as strong.

Let Users Have Both Options: ”Accept” and “Decline”

One too many websites serve a cookie consent or privacy notice with the accept option only, making users feel trapped. Consumers want to feel like they have real control over their data and a decline option provides just that.

Keep the Human Factor Alive

Don’t use overkill. Clichés such as “We value your privacy” are a huge turn off for users. Even the most notorious data mongers say the same. Bear in mind that a privacy policy isn’t an ad copy. You are not trying to make a sale.

Nothing would make a user want to not trust you than repeatedly saying “Trust us.” Make sure that the language used throughout the user experience as well as in the privacy policy complements your brand core values. Consistency is the key.

How to Make Privacy a Part of Your Product Design

Design is continuously evolving and so is the user experience, which is now driven by privacy navigation. Many experts argue that GDPR is a design challenge. Designing ethical and clearer user interfaces and experiences makes the process easier for users.

With that in mind, here are a few tips to help you make privacy a part of your product design.

Offer Trial Versions of Your Product

Let users take your product for a test run before you ask them to sign up or create an account. Let them anonymously enjoy your product’s core features for a few days, ideally 1-2 weeks and then ask them to opt in.

Offer Better Security with Login Options

Offer advanced security options with users’ accounts. Frequent password updates, two factor authentication, and auto-generated one-time email links are a few examples.

Keep Checking in with Your Users

If you find a user has been inactive for an extended period of time, it’s a good time to show up in his inbox as a casual check-in.

Purge Your Databases of Inactive Users’ Data

Follow up with your inactive users to determine if they still want to use your product. If they don’t, allow them to close their account and purge your database of any associated information. You don’t want to end up in a data logging controversy in case a malicious cyber-attack hits.

Allow Users to Delete Their Accounts

Enable users to not just deactivate but delete the account. Let them know what deleting their account means, how long it stays that way and what data you will be keeping in case they decide to opt in again.

Final Word

Ethical and mindful experiences drive value to your business as well as growth. User experience is one of the key denominators that influence a consumer’s buying or opt-in decisions.

Data privacy laws will only increase with the passage of time, constantly increasing the value of users’ personal data. As a business, you should be focused on designing user experiences that foster trust and credibility among your existing and prospective customers.


anasWith a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at SECURITI.ai. He holds a Degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.

Want to write an article for our blog? Read our requirements and guidelines to become a contributor.

Add a comment

Comments

avatar