3 min read

Privacy by Design and UX

Privacy in the design of sites is not about efficiency. It's about resiliency. Building a site that meets user privacy expectations will lead to long term and continuing engagement.
Privacy by Design and UX

Originally written and posted for a prior version of this blog on 2013/07/09

With the announcement of IOS 7 elements of the blogosphere have become awash in commentary back and forth about the new design. Does the fact that Apple has chosen Helvetica Ultra Light as the default font have implications for privacy? Not so much. But privacy and design are connected, and all the commentary that I’m seeing about Apple’s new mobile operating system are focussed on the immediate and and the transient. This makes me think about Privacy by Design (PbD).

The focus around IOS 7 is on what the immediate user experience (IUX if you will). Focussing on the IUX is, I would argue, what gets organizations in trouble and does not meet PbD principle #1 - Proactive & Preventative. This is because the user experience of privacy is not immediate, except in the obvious egregious cases such as where web sites demand personal information for registration. A user’s privacy experience with an organization is cumulative and evolves transaction by transaction. 

This is not to say that the IUX is not important. Of course it is, and it is the result of well thought through user interface choices, one of which is Privacy by Design principle #2 - Privacy as the default setting. But have designers fulfilled their PbD goals by making privacy options both available and the default? Again, not so much. On the face of it, by doing this designers will have met most of the PbD requirements:

  1. Designers have proactively included privacy interface features
  2. The system has privacy protective default settings
  3. The system has embedded privacy protective options
  4. Designer ensures that there is full functionality 
  5. Architects ensure the site is designed with end to end security
  6. Privacy officers ensure that the privacy is visible and transparent
  7. By focussing on UI and UX, designers assume that they are user-centric

So what’s the problem? It’s a variant of the old saw in computer programming, when the programmer asks for a set of requirements and builds a prototype for their customer. When shown the prototype, the customer shakes their head and says, “You’ve given me everything I asked for, but that’s not what I wanted." Privacy, it seems to me, is the same thing. If designers focus on the immediate experience they are likely to encounter unintended consequences down the road. Data that is accumulated over time is called longitudinal data. This is the kind of data that is used for epidemiological studies, or changes in a population over time. So I propose to borrow the term and suggest that Privacy by Design requires an understanding of the Longitudinal User Experience (LUX).

Only when system designers study the long term impacts on user privacy will they be proactively addressing and preventing privacy issues. This includes checking back with users on a regular basis for privacy status checks and validation, proactively notifying users of changes impacting their privacy and not implementing changes that could reasonably be construed to be less privacy protective than existing design choices. Above all, it means recognizing that privacy is embodied in the relationship and transactions with the users, not in a series of policy statements.

Bear with me, but this reminds me about a joke about a couple. She says, “You haven’t told me you love me in a long time." He replies, “I told you once, and I’ll let you know if the situation changes". That attitude doesn’t work in relationships and saying, “We told you that we would protect your privacy when you signed on to the service, and will let you know if that changes" doesn’t work that well either.

Meeting the PbD Proactivity principle means regularly engaging with your users about privacy, without beating them over the head with policy statements. Their user experience, in every transaction, needs to reflect your ongoing commitment to giving them control over the information you collect about them. Sometimes that means sacrificing immediate gratification for long term satisfaction. That’s how adults behave, and that’s how you prevent the need for remedial action.


User Experience: According to the Wikipedia entry on User Experience: ISO 9241-210[1] defines user experience as “a person’s perceptions and responses that result from the use or anticipated use of a product, system or service". According to the ISO definition user experience includes all the users’ emotions, beliefs, preferences, perceptions, physical and psychological responses, behaviors and accomplishments that occur before, during and after use. The ISO also list three factors that influence user experience: system, user and the context of use.

User Interface: According to the Wikipedia entry on User Interface: The user interface, in the industrial design field of human–machine interaction, is the space where interaction between humans and machines occurs. The goal of this interaction is effective operation and control of the machine on the user’s end, and feedback from the machine, which aids the operator in making operational decisions. Examples of this broad concept of user interfaces include the interactive aspects of computer operating systems, hand tools, heavy machinery operator controls, and process controls. The design considerations applicable when creating user interfaces are related to or involve such disciplines as ergonomics and psychology.