How to Build a User-Friendly Approach to Data Privacy
As the data privacy field continues to grow, we’re seeing more and more involvement of product and design professionals. In this article, I will explore how the privacy experience is being driven by examining the notion of UX and data ownership.
Data privacy has many different elements, serving a variety of goals. Some have to do with compliance and security, while others are about driving marketing and business development goals.
When businesses set out to create a more transparent experience for customers, they must also be mindful of UX. Only by building a flow that is both privacy-focused and user-friendly will consumers be able to make the most out of the offered experience.
This article outlines a range of strategies and tips for businesses to enhance their own online products and services, making them easier to use in a private, secure manner.
Too Much of a Good Thing: Preventing Consent Fatigue
Transparency is a data privacy cornerstone, but being effectively transparent is an art form. The GDPR requires businesses to offer detailed information regarding their data collection and processing policies, but part of the process is ensuring that consumers can effectively understand the information.
And this is where avoiding an information overload comes to the fore.
Addressing the issue of consent fatigue is critical in maintaining privacy practices that manage to deliver the information effectively. When users are overwhelmed with an abundance of information, businesses are essentially making them cover their eyes and ears, missing the goals transparency aims to achieve.
Current studies show that strict legal demands actually weaken the impact of the consent mechanism, causing “consent desensitisation” due to an overload of permissions and information.
Bombarding online visitors with countless notifications like cookie pop-ups only encourages the average user to close the notification window. Online users suffer from what has been described as “emotional exhaustion and cynicism” that are more powerful than the average user’s privacy concerns in influencing online behaviors.
This was found in a 2019 survey that showed that nearly 40% of users feel notification fatigue following the GDPR.
However, businesses are capable of designing experiences users wouldn’t want to ignore. The fact that very few take the necessary steps to do so for privacy notifications isn’t coincidental.
Consent fatigue can be used as a tactic to mask less agreeable behavior, and businesses have indeed designed some notifications to drive blind consent. For instance, placing them at the bottom of the screen, highlighting the “agree” option, offering little choice to users, and more.
But what can businesses do to resolve this issue?
One solution to this problem can be a standardized content structure that offers a TLDR version for users, making it more digestible and memorable. Still, standardisation needs close attention, and research has found that the closer in similarity privacy notifications are, the more likely users are to ignore them.
Problematic Policies: The Privacy Policies no one Reads
Businesses already know what makes users consume content and retain information - short and concise messaging. The choice rests on businesses to create lengthy and exhausting privacy policies filled with legal jargon that most users simply cannot understand.
Long before GDPR came into effect, a 2008 research found that US consumers encounter an average of 1,462 privacy policies a year, which would take 244 hours to read. Imagine how much time users would have to invest today.
Once again, businesses do follow the rules but still keep consumers one step away from information regarding their privacy rights. It should come as no surprise that only 7% of adults state that they never accept them without reading them.
In this case, an executive summary covering the main points would boost textual asset UX significantly. Businesses should also consider creating more creative policies that remain true to the company’s tone of voice.
Off with their Data: The UX of Data Offboarding
Businesses obviously don’t want users to remove their accounts and data but still need to design procedures that allow them to do so easily. Even though it might seem counterintuitive at first, it can result in being part of how businesses both retain old customers and attract new customers.
From submitting subject requests to understanding which information is being shared with 3rd parties, the process should be user-friendly and accessible. For example, with data offboarding, companies need to verify their users' requests and identity (which is understandable, as we don’t want the data to end up in the wrong hands).
Companies should aim to make this authentication process as easy and free of providing any additional sensitive information as possible, as it is part of giving users the option to exercise their rights.
The data offboarding user experience should also make the process accessible for what the law considers “vulnerable people.” Elderly internet users, for instance, need help in exercising their privacy rights, and the information around the topic should be presented and designed not just for the tech-savvy customer.
We know that awareness of privacy rights is lower at old age, and so does the ability to turn rights into actions. In recent years, accessibility has gained focus with companies like Google scoring companies and promoting websites accordingly. We can expect this approach to move into the data privacy world too.
Ultimately, companies have a lot to gain by improving their data privacy UX. Today’s audiences do not separate a bad privacy experience from any other form of poor product use. Investing in an easy data privacy flow will leave an excellent impression that can convince existing and new users to share their information and trust you with their business and data.