Privacy by Designer* is a talk about the importance of Privacy for UX, and what practical things we as designers can do that benefit user privacy and UX. From using metaphors to make PETs more understandable, to clearly summarising that too-long-to-read policy legal is urging you to throw at the users.
Presented at php.ghent (<->, which is an approach to embedding pro-active privacy protection into business and technical specifications.)
Whitefield Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Ba...
Privacy By Designer (PHP.ghent)
1. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Privacy by
Designer PRACTICAL CONSIDERATIONS ON UX
DESIGN FOR TRUST
2. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
“In God we
trust all others
bring data.” - William Edwards Deming
3. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
We all live in the Age of
Context
SHAPED BY MOBILE, SOCIAL MEDIA, DATA, SENSORS AND LOCATION-BASED SERVICES
4. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Users expect Personalistation
& Personal
EXPERIENCES FOR THE ‘MOST PERSONAL DEVICE EVER’ ARE..
RELEVANT
are you engaging at the right moment?
GLANCEABLE
can you deliver value in milliseconds?
PERSONAL
do you approach people in the right
manner?
5. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
No other Apple device has ever
been so connected to the wearer.
It is important to be mindful of this
connection.
Apple Watch Human Interface Design Guidelines, 2015
6. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Machine-to-human relationships are
now about human-to-human values
UNDERSTANDING PERSONALISATION
H2H M2H
TRUST PRIVACY
7. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
The Privacy Challenge
CONCERN ABOUT PRIVACY JUMPED 5 POINTS BETWEEN 2014 AND 2015. 2nd Annual Poll on How Personal
Technology is Changing our Lives -
January 2015, Microsoft
8. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Loss of control
PRIVACY CHALLENGE USER POINT OF VIEW
91% of adults ‘agree’ or ‘strongly agree’ that
consumers have lost control over how
personal information is collected and used by
companies.
Pew Research Privacy Panel Survey, January 2014
9. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Lack of Transparency
PRIVACY CHALLENGE USER POINT OF VIEW
People are fearful of sharing their data largely
because companies and government have not
been good at clearly explaining how they use
it.
Data Dialog, Demos 2012
10. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Lack of Knowledge(aka Privacy and PETs are ‘too difficult’)
PRIVACY CHALLENGE USER POINT OF VIEW
54% believe it would be “somewhat” or “very” difficult
to find tools and strategies that would help them be
more private online and in using their cell phones
13% unaware about search engines that do not keep track of a user’s search history
31% unaware email encryption programs such as PGP exist
31% unaware of privacy-enhancing browser plug-ins
39% unaware about anonymity software such as Tor
Pew Research, 2015
11. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Everyday privacy measures
that do catch on
ON THE BRIGHT SIDE LESS TECHNICAL WAYS OF OBTING OUT OF DATA COLLECTION
Clearing cookies or browser history: 59%
Refusing to provide information about themselves that wasn’t relevant to the transaction: 57%
Set their browser to disable or turn off cookies: 34%
Deleted or edited something they posted in the past: 29%
Used a temporary username or email address: 25%
Giving inaccurate or misleading information about themselves: 24%
Decided not to use a website because they asked for their real name: 23%
Used a public computer to browse anonymously: 12%
Asked someone to remove something that was posted about themselves online: 11%
12. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
the Facebook
paradox
• 91% of adults feel consumers have
lost control over how personal
information is collected and used by
companies.
• 58% of the entire adult population
(and 71% of internet users) is on
Facebook.
13. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Privacy VS. User Experience
#FALSE – HOW DO YOU DEFINE A BETTER PRODUCT? CONTEXT? DATA QUALITY?
The truth is that collecting information about
people allows you to make significantly better
products and the more information you collect,
the better products you can build .
Dustin Curtis, “Privacy VS. User Experience” (2014)
14. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Privacy is a fundamental component
of the product experience
BUSINESSES CAN DELIVER A GRAND USER EXPERIENCE AND TREMENDOUS VALUE ONLY IF THEY
SAFEGUARD THEIR USERS’ PRIVACY AND SECURITY
BUSINESS
VALUE
CONSUMER
VALUE
PRIVACY
GREAT UX
personalisation
15. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Being credible
BEING CREDIBLE HAS ALWAYS BEEN IMPORTANT FOR A GOOD USER EXPERIENCE
useful
usable desirable
credible
valuable
findable accessible
User Experience Honeycomb (Peter Morville)
CREDIBILITY 2004
the information you present to users
CREDIBILITY 2015
taking responsibility to keep personal data safe
16. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Privacy by designer
DELIVER BOTH PERSONALISATION AND TRUST
We owe it to both our users and the people who hire us to actively think about privacy, and to implement privacy in the
flows and designs we deliver.
B. We need to deliver trustworthy
products.
A. We need to deliver great,
personal experiences.
17. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
What is Privacy?
PRIVACY IS BROAD PRIVACY IS A RIGHT PRIVACY IS NOT DEAD
Personal
Data
• The Universal
Declaration of
Human Rights (Art 12)
• Europe: Directive
95/46/EC
• Belgium: Privacy Act
(1992, 1998 & KBs)
• Telecommunication
law
• …
LAWS
AND SUCH
European Privacy
Watchdogs &
Facebook
GDPR
New EU legislation
in the works
“If data is the
new oil,
privacy is the
new green.”
…
18. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Any
information
This is not limited to data regarding a an individual’s privacy,
also relating to a person's professional or public life.
Eg. name, a picture, a telephone number (professional number too), a code, a
bank account number, an e-mail address, a fingerprint, … .
PERSONAL DATA IS ANY
INFORMATION (RELATING TO)*
AN IDENTIFIED OR
IDENTIFIABLE NATURAL
PERSON
* OFTEN DEPENDS ON CONTEXT
• Object data vs personal data (eg license plate)
• Unique biometric data is always personal data (eg
fingerpint, DNA)
DATA SUBJECT
PERSONAL DATA
RELATES TO
19. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Identifiable evolves
IDENTIFIABILITY = WHEN VALUE > COST
value of
knowing
cost of
identifying
20. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
IP address
AN IP ADDRESS ON ITSELF WILL UNDER THE GDPR NO LONGER BE ‘PERSONAL DATA’ BY DEFAULT
(UNLESS YOU ARE AN ISP)
21. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Counter
measures
Not personal information when
measures are taken which
reasonably rule out
identification of a person
• Anonymisation
• Key-coded data (clinical research)
• Data masking/obfuscation (for
development)
• Granularity
22. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Beware:
location
Special data which under the
GDPR will require extra safety
measures
(as is data on children)
avoid when possible
geohashes
coarse location
23. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Stay clear:
sensitive data
• race
• political opinions
• religious or philosophical beliefs
• trade-union membership
• health
• sex life
• prosecutions or criminal or administrative convictions
Prohibited to collect, register or
ask to disclose.
(exceptions apply, but then additional
safeguards are required)
24. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
What about
republication?
Photographs and personal
information published online may
only be re-used if given consent.
• different context
• different purpose
=> context & purpose apply to
recycling as well
(In case of scraping, copyright and database law are
relevant too.)
25. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Your
responsibilities
as Controller
• Ensure the quality of the data
The data being processed have to be exact and, if necessary, kept up-to-
date
• Ensure the confidentiality of the data
Responsibility to inform and make sure that the individuals working under his
authority only have access to and make use of the data they need to perform
their duties
• Ensure the protection of the data
From unwanted internal or external curiosity, as well as from unauthorised
processing operations. Security measures can be organizational (restriction of
the number of individuals having access to the data, use of access codes,
locking offices with computers and data files, etc.) and technical.
(!) The more sensitive the data and the higher the risks for the data subject
are, the more precautions have to be taken. (see ‘information security’ on
privacycommission.be)
• Erasure of data
Personal data must not be kept in a form allowing for identification of the data
subjects any longer than necessary for the purpose aimed at.
+ BEFORE PROCESSING OF
DATA: NOTIFICATION
26. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
In case of
breach
CONSIDER A BREACH LIKELY –
AND PREPARE ACCORDINGLY
• Do not play the victim
• Be accountable
• Take ownership
• Express regaret
1. What happened? (tell what you know at that time)
crisis communications
(works for downtime communication too)
2. What is being done *NOW*? (investigate, take systems offline, ..)
3. How does this affect your customers? (both short- and long term)
4. What are you doing to minimize risk? What can your customers do?
5. How do people get more information or updates?
(folluw up) 6. What are you doing prevent this from happening again?
27. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for explicit
OPT-IN & COOKIELAW
By signing this contract, you agree
we have the right to collect and
pass on all your information. In case
you do not want your bank to pass
on your credit information to third
partners and other divisions, please
write ‘I do not agree’ on the
contract and hand it over to the
person behind the till.
EXPLICIT EXPLICIT NOT EXPLICIT
(hidden opt-out)
NO YES
IF YOU AGREE, PLEASE
CHECK THIS BOX:
29. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for choice
CONSENT
In your designs and flows, take into account both having and not having the data.
Design personalized experiences
for when you have data.
Design good alternatives for not
having the data.
Today will be sunny
Weather for Olen, Belgium where we
know you live.
Check out the weather!
Antwerpen
30. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Privacy as a
Trading
Function?
Customer Data: Designing for
Transparancy and Trust
– by Timothy Morey, Theodore Forbath, And Allison
Schoop, May 2015 (Harvard Business Review)
31. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for
trust
CLEAR & CONSISTENT, SO
PEOPLE CAN TRUST YOU TO
POINT OUT PRIVACY RELATED
FEATURES & SETTINGS.
32. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
The EU prosed icons: privacy-by-
design taken too literal (how’s that for creepiness factor?)
33. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for
because
EXPLAIN YOUR MAGIC
When users know of the
existence of a certain algorithm,
their satisfaction with the
product increases over time ,
probably as they start to
understand its workings better.
Yet when they discovered an
algorithm they were previously
unaware of, users felt betrayed.
34. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for
because
EXPLAIN YOUR MAGIC
When users know of the
existence of a certain algorithm,
their satisfaction with the
product increases over time ,
probably as they start to
understand its workings better.
Yet when they discovered an
algorithm they were previously
unaware of, users felt betrayed.
WORST CASE SCENARIO
“In the extreme case, it may be that whenever a software developer in Menlo Park
adjusts a parameter, someone somewhere wrongly starts to believe themselves
to be unloved. ”
– Eslami et all.
35. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Because allows people to correct
you when you are wrong.
Something we best figure out before algorithms get to act on our behalf.
36. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for transparency
Show people their data selfs
If we are going to allow algorithms and
expert rules to steer our behaviour, we
must know they understand that
correctly.
Allow for:
- Correction
- Reset
38. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for
forming
secure habits
BURNER ACCOUNTS
Kinja introduced these for
anonymous commenting. They
made private keys
understandable through
metaphor.
“…if you lose the burner key
initially issued we will not be
able to retrieve this information
for you or reset the account.
Save your key.”
39. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
REWARD SECURE BEHAVIOUR
Users that enable two-step
security on their accounts will
now receive a 10% discount off
their monthly bill Mailchimp bill.
40. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design to
encourage
privacy
ACCESS DURATION
People forget to ‘revoke’ things.
Supply limited time access
options:
WeChat: location discoverable
for 10 minutes (default)
LinkedIn: access duration
settings (weeks -> months ->
years)
41. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Design for an
exit
MAKE IT EASY TO LEAVE
BUT CONVINCE THEM TO STAY
Think about WHY people are
leaving, and offer alternatives.
“snooze” services
less-email-option
reset profile/account
..
(and remember data portability!)
42. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
Do you want to know
if your friends are
(action/mood/..) ?
Do you want your friends
to know if you are (action/
mood/..) ?
Don’t allowOK
Design with peer-to-peer privacy
in mind.
Ask the right question: not do you want to see, but are you willing for others to see..
43. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
When in doubt…
STEP 1: ASK YOUR USER – PRIVACY DOES NOT BENEFIT FROM A “DO FIRST ASK FORGIVENESS
LATER” STRATEGY
Build it so a user
always has the option to tell
you to go bugger off.
44. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
When in doubt…
STEP 2: USE COMMON SENSE AND AS LITTLE DATA AS POSSIBLE
PERSONAL DATA
Less is more: in quantity and
detail, but also in time
45. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
i!When in doubt…
STEP 3: ASK THE EXPERTS
Belgian Privacy
Commission
www.privacycommission.be
Article 29 Working
Party
Opinions & recommendations
46. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghentwww.keek.be @vintfalken
We influence what
is acceptable.
So let’s make good,
proportional stuff.