User privacy has become a hot topic in recent years. With more reported data leaks and the publication of relevant laws, people are now more conscious of how companies collect and use their data.
Designers play a major role in making people feel safe online. But the task isn’t easy. Our design advocate, Matteo Gratton, gave a talk exploring these challenges at last year’s Design Matters conference.
In this article, we’ll cover the key takeaways as well as some tips to help you design products with privacy and ethics in mind. Let’s dive in.
The problem with data privacy
Businesses have a lot to gain from user data. The more they learn about the user, the more they can optimize their products, and the more money they make. And since businesses are there to make money, not all of them will want to be transparent about their data practices.
And when we’re signing up for a new product or service, we’re typically eager to start using it. That makes it even more tempting to give our data away as quickly as possible.
But, privacy is a human right. And as the ones collecting the data, businesses have a responsibility to get their users’ consent.
The designer’s role
Designers are often caught in the middle of what the business wants and what the user needs. The business is focused on making money, while the user wants an easy and pleasant experience. But because a designer can understand both sides, they’re in a unique position to advocate for data privacy. After all, they’re the ones designing the interface that collects user data.
In the next section, we’ll take a closer look at what designers can do to protect user privacy.
How to design with privacy in mind
Throughout the design process, you can be critical about how the product collects and manages data. Here are six questions you can ask to keep privacy and ethics in mind.
Do we really need the data?
Sometimes it’s obvious what data you need to collect — like asking for the user’s preferred name when they’re booking a dinner reservation. But it’s not always so clear.
For example, let’s think about a company’s career page. Many companies let people pre-fill a job application by having them log into their LinkedIn profile. This can save the applicant lots of time. It can also help the company get to know the applicant more personally. But is it necessary to collect the user’s LinkedIn data? Or is it just convenient?
These dilemmas can be tough, and each company might handle them differently. But the bottom line is that the user shouldn’t have to give their privacy up unnecessarily. So, we should be critical about every piece of information we decide to collect.
Does the user know we’re collecting the data?
Can the user easily manage their data?
Even if the user willingly shares their data, they should always know how to access and manage it. By making it easy for them to find their privacy settings, you let them know that they’re still in control of their information — even after giving it up.
If the user does make changes, let them know their settings have been updated. And let them know clearly. This reminds the user that they can continue to trust the product.
Will we store the data securely?
It’s one thing to tell the user we’ll keep their data safe. It’s another thing to deliver on that promise. Can the company store data securely? Will they encrypt the data? Or protect it with multi-factor authentication?
These might sound like an IT security professional’s questions. But part of a designer’s job is to advocate for the user. That means you should be asking these questions too.
Can we assure the user that we won’t sell or share their data?
User data is personal information. When we’ve been trusted with it, we must avoid sharing it with third parties or selling it. The user deserves to remain in control over where their data goes.
We also don’t want to commit any data breaches. Some countries have strict rules about sharing and selling data. The European Union’s GDPR laws, for example, emphasize the importance of getting the user’s consent. In that sense, designing ethically starts with making sure we’re complying with any relevant data and privacy laws.
Will we delete the data we no longer need?
Finally, the company should always be prepared to delete data it no longer needs. GDPR, for example, maintains that the user has the “right to be forgotten”. But it isn’t just about breaking the law. It would also be unethical to keep a record of the user’s information and activity against their will. If the user wants to stop sharing certain data or to close their account altogether, the company should respect that decision.
Protecting user privacy is an ongoing process
While designers aren’t trained data security professionals, they play a major role in building ethical products. That makes designers part of the ongoing conversation on ethics and user privacy.
By asking the questions above, you can help keep businesses accountable while empowering users to take charge of their data. And after all, isn’t respect the best way to build trusting relationships between businesses and users?