View profile

How to design with privacy in mind | On Privacy by Design

On My Mind
How to design with privacy in mind | On Privacy by Design
By Martin Wiesemborski • Issue #4 • View online
A few days ago, I started reading ‘Ruined by Design’, a great book by Mike Monteiro. In essence, he makes the case that we, as designers, have a responsibility for what we create.
So, to build on last week’s issue, where I wrote about ‘privacy’ as something that is finally getting more attention in the tech-sphere, I want to talk about how to design with privacy in mind. Because it is our responsibility as designers to do so. And to be clear, I share Monteiro’s definition of a designer: ‘If you’re affecting how a product works in any way whatsoever - you’re designing’.

Photo by Matthew Henry on Unsplash
Photo by Matthew Henry on Unsplash
First of all: Why should you care?
Well, there are some obvious economic and legal reasons to make sure you follow the necessary rules to protect your user’s privacy. Especially now, with the GDPR in effect, you could get a hefty fine - like Google, who had to pay 50 Mio Euro in France because of GDPR violations. Besides the legal aspect, you need to make sure sensitive data is secured - or you might get hacked, like so many careless companies recently and thereby losing the trust of your customers.
But even on a smaller scale and not the worst-case scenario in mind, you should think about privacy and data protection: As part of your branding.  
Websites are often the primary point of contact between your company and its customers, therefore they are essential in defining your brand and to create trust. By putting an emphasis on data protection, you can build the foundation for this trust.
So how do you start? What are ways to design with privacy in mind?
Privacy by Design
Back in the 1990s, Dr. Ann Cavoukian created a framework called ‘Privacy by Design’ that is based on 7 principles and seeks to proactively embed privacy into the design. Fast-forward to 2018, and it finally got the attention it deserves by being incorporated into the GDPR. In brief, it states that privacy should be built into your design as a default, that you should minimize the personal data you collect, keep it secure and destroy it when it is no longer needed, as well as be transparent with the user the whole way. Also, always make sure there is no zero-sum trade-off between privacy and other interests.
Before you start
Begin with how much data you actually want and need to collect. Remember: Less is better. The more data you’re collecting, the more you need to explain to the user, e.g. with endless privacy policies or cookie banners that fill the whole screen. Just look at this:
Ad Age's cookie banner is officially the worst
Ad Age's cookie banner is officially the worst
Gotta collect ‘em all
Do you really need all these cookies? Clearly, this is an extreme example because free-to-read ‘journalism’ needs ads to support its business model and you’re probably in a whole different situation with your corporate website. But still, carefully consider how much data you actually need to provide the best experience to the user. 
You don’t need someone’s name to send him a newsletter, just his e-mail address - so why bother asking? Sure, you want to build out your CRM database, but there are better ways, e.g. follow-up e-mails where the user can opt-in to provide further information. Also, sign-up rates tend to be higher, the fewer field a form has - another reason to reduce it to the minimum.
I get it. Humans are collectors by nature, thus we have a natural tendency to ask for more data than we immediately need. Better safe than sorry - maybe we will need it at some point in the future.
Well, the GDPR states that you need one of these 6 legal justifications to collect data: Consent, Contract, Legal Obligation, Vital interests, Public task or legitimate interests. Most companies still rely on the latter, the legitimate interest, and argue that collecting personal data and using e.g. cookies enhances the user experience by offering a more personalized experience. But it’s a very weak argument and in many cases, I’m sure it wouldn’t hold up.
So, start your project by re-thinking how much personal data you really need to collect. And remember there are two ways users provide data: voluntary by filling out forms and passively by automated data collection through tracking scripts etc. 
Also, get your privacy officer involved as soon as possible. Often times I see clients contacting their privacy officer after going live with a project. That’s way too late. He should be involved from the beginning and lay the groundwork to build upon.
Cookie banner
Let’s start with one of the most annoying aspects of data protection: the cookie consent banner. Everyone hates it. And it shows - most of them suck. Companies who don’t want to develop their own implement shitty third-party tools that suck even more. It’s a shame.
From an user experience as well as a branding perspective it’s more than stupid. The cookie banner - as annoying as it might be - is in many cases the first thing a user interacts with when he visits your website. So make sure it’s not a terrible experience.
Again, look at this example from Ad Age below, where you actually have to wait up to a minute after choosing your cookie settings for the website to render the configuration. The screen capture is played back in real-time and just batshit crazy.
Straight out of hell - Ad Age's cookie consent banner
Straight out of hell - Ad Age's cookie consent banner
The advertising industry managed to develop scripts that enable real-time bidding to run complex calculations in order to auction ad inventory against vendors - all within 100 ms. But to save your cookie settings, it takes several seconds up to a minute. Priorities, right?
How to fix it
There are several ways to enhance this experience and the first one is to obviously reduce the number of cookies you want to download to a user’s device. This shortens the list and simplifies the options for the user.
Then, make sure the cookie banner does not feel out of place. Put in the same effort to design it than to any other element on the website. Again, it’s one of the first things a user sees of your website - it shouldn’t look ugly and out of place like in this example:
How to show that you couldn't care less
How to show that you couldn't care less
The same goes for copywriting. Make sure your micro-copy is on point, communicates in a clear manner why you need to use cookies and what options the user has. Keep it as short as possible because you need to display it on mobile devices as well. Add a bad pun? Sure, why not. At least it shows someone cared at least a bit. 
Yes, the joke is quite old. But still...
Yes, the joke is quite old. But still...
Also, think of the banner placement. Your Intercom chat bubble is hip and all, but when it covers the cookie banner, it’s just bad. Show it only after the cookie consent - how else would you know if the user agrees to the usage of such software anyway?
And please, PLEASE, don’t pop up a newsletter subscribe modal immediately after I closed the cookie banner and Intercom bubble. I don’t want to click 2-3 times before I can start using a website. 
The shitty mobile experience of Fast Company
The shitty mobile experience of Fast Company
Lastly, make sure to remember the user’s choice (if he allows it, of course) and don’t show him the cookie banner every 😠 damn 😡 time 🤬(talking to you, LinkedIn).
Again, the ad industry manages to show me ads on Instagram for a company’s product only moments after I read an article about the bespoke company on my laptop. How hard can it be to remember my cookie settings?
If you want to learn more about how to design a great cookie consent I can highly recommend you Vitaly Friedmann’s article on Smashing Magazine.
From privacy policy to privacy hub
Ok, so you took care of the initial cookie consent. Great. But did you make sure, users can change their settings at all time?
Additionally, you’re required to allow users to request all his data you have stored, and if not automated you at least need to have a manual process in place. And then there is the need to implement an imprint (at least in Germany) as well as your privacy policy or data protection text.
Introducing: The Privacy Hub
With all that in mind, you can make a strong argument for something like a privacy hub on your website. Here, the user can change his cookies settings in detail, request his data or learn more about your privacy policy.
The hub should be easily accessible, e.g. from the main navigation or at least from the footer navigation. Make sure it’s always visible, easy to find and consistent throughout your site. Remember: It’s nothing you should hide or be ashamed of, quite the opposite.
A good starting point for this is XING’s privacy policy, which is nicely structured, uses illustrations to further guide the user and offers in-depth information for individuals who wants to learn more. The extra mile that they put in to create this platform pays off and communicates clearly how much they care.
What I would love to see is the integration of e.g. the cookie settings into the platform to make it the central place for everything privacy related at XING.
XING's privacy policy with custom made illustrations and a helpful structure
XING's privacy policy with custom made illustrations and a helpful structure
Structure and guidance
To structure the nowadays ridiculous long privacy policies, make use of accordions to allow users to quickly find the part they’re interested in. You’re required to write your privacy policy in a way everyone can understand. Go even further and ditch the legal language to give contextual explanations that directly relate to your website’s features.
A good example by mubaloo
A good example by mubaloo
Explaining why you use a certain service, e.g. Google Analytics, might also have the nice side effect that you reconsider your choices and think of alternatives.   
Talking about Google Analytics - do you really need tracking data? Don’t get me wrong: As a user experience designer, I should rely on quantitative data to test theses and validate ideas. But in many projects, I saw clients installing Google Analytics without ever looking at the numbers. Or just using the basic configuration, leaving them (and me) with not much data besides generic bounce rates and device usage. If you do it, do it right. Otherwise, just don’t use tracking software.
As mentioned earlier, many companies justify the use of tracking scripts with “optimizing the experience for users”. That’s great. But then actually do it. Use detailed event tracking to figure out if users understand your complex forms or use your search function.
Google Analytics is a blown-up piece of software that’s extremely powerful but for most projects, it’s just too powerful. A smaller, more streamlined altenative like HotJar might not only be better suited for your needs but also offer a better user protection.
Technological Infrastructure
Besides tracking, you, as a website owner, are responsible for every technology, even third-party ones, that run on your website. But do you actually know how e.g. Facebook is handling the data they are collecting through your website? I doubt it. So don’t use it, at least not by default. Let the user decide if they want to opt-in for scripts that communicate ‘home’.
I don’t want to go too deep into the engineering aspects of a privacy-first website as this would be a topic on its own. But to cover the basics, you should make sure to choose a technical system that is fully GDPR-approved, e.g. by the way user data is stored, who can access it and more.
Invest in SSL-certificates should be a no-brainer as they not only build trust but also helps your site’s Google ranking.
Also, invest in security audits where external companies try to breach your system and e.g. extract data. If you think this is unnecessary and something out of movies, I again would like to recommend Darknet Diaries, a podcast about web security. Especially episode 2, where you learn how shockingly easy it was for a hacker to get access to several hundred gigabytes of children’s data because even basic security measurements were missing.
Transparency and trust
In the end, it all comes down to trust and the easiest way to achieve trust is to be transparent. By being open and communicating in a clear language you show the user that you care.
Guide them through situations where he might be uncomfortable, especially in forms where you require information like a telephone number or credit card information. A great way for this is using in-time explanations, where you explain for each and every necessary field why you need this data, how you’re handling it and where the user can change this information later on.
Another great example by mubaloo
Another great example by mubaloo
As you can see there are many ways for you to think about privacy when designing a website and most of them don’t require that much of an effort - just a change of mind maybe. We’re not talking rocket science here but the implementation of principles from the 90s. 
[4.5.99] Datenschutzbeauftragter will Verbraucher besser vor Datensammlungen durch Firmen schützen. Der Nutzer hinterlasse beim "virtuellen Schaufensterbummel" im Internet viele Spuren. Datenschutz müsse deshalb wesentliches Element der entstehenden Informationsgesellschaft sein.
Further reading / listening
Privacy by Design - The 7 Foundational Principles
Ruined by Design
Privacy UX: Common Concerns And Privacy In Web Forms
Integrating Privacy by Design Into Your UI Design Strategy
Darknet Diaries Podcast
GDPR and Privacy by Design: what developers need to know
Did you enjoy this issue?
Martin Wiesemborski

I'm a freelance UX strategist. Think of this newsletter as everything that is on my mind (hence the name): New and emerging tech and design trends, tools and ideas that I stumble upon and think are worth talking about.

⚡️a volt studio product ⚡️

If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Hamburg, Deutschland