Privacy by design

Privacy by Design in User Experience

Cookies, terms and conditions, tracking codes and pixels are following us everywhere we go on the web nowadays. Before we can access any content or get any piece of value at all, we need to accept extravagant cookie consents, create accounts and confirm we are not a robot. This “I accept” pandemic has not only polluted user interfaces with annoying pop-ups which block us but has also violated one of our basic human needs; the need for privacy.

User Experience 2.0 in the age of cookies

Where did all those cookie pop-ups come from

When we visit websites and applications online, these websites collect our browsing behavior to get to know better what we do online and increase their chances to market us with products and services we might buy. In the past, websites and apps would collect all sorts of personal data, which increased the risk to data misuse and privacy violations, as the data is sometimes not even securely stored.

Governments started therefore enforcing data protection regulations and laws, which forced websites to track our consent to giving access to our data (e.g. cookie pop-ups). In Europe, the data protection law is the GDPR (General Data Protection Regulation), which guarantee’s EU citizens’ personal data are respected and protected against misuse. This is the reason why so many cookie pop-ups started to appear when GPDR took effect and we started to be bombarded with them.

Are cookie pop-ups evil?

The main issue with most cookie pop-ups today is that they are designed using dark patterns, knowing that almost everyone just clicks on “Accept all cookies” or by tracking much more data than they need to let us experience the value of the product. Even though some cookie pop-ups might seem well structured, in reality they mislead by selecting by default checkboxes to track “all data” instead of “only essential”.

Ebay’s cookie consent

Ebay’s cookie policy is an example of a bad cookie policy; it blocks the whole screen not letting you access any content and does not allow you to customize the level of tracking, you are forced to accept everything

BBC’s cookie consent

BBC’s cookie consent is a better version of a cookie consent, giving you the option to go to settings and customize your options, while occupying less real estate in the homepage, letting the user get a preview of the website’s content

A good cookie policy respects user’s privacy and time by selecting by default only the essential cookies. This makes it more difficult for users to give away more data than needed, as they would need to check more checkboxes or go to different tabs in order to allow more data to be tracked.

Cookiebot’s cookie consent

Cookiebot’s cookie consent takes it one step further, splitting cookies into 3 categories (all – selected – only necessary). The necessary cookies are shown more prominently, capturing the user’s attention and the selection of cookies is only limited to the necessary ones.

Why we need to care for privacy in the web

Ethical companies know that respecting user’s privacy might not always be the best solution for fast profits, but it does help maintain long-term relationship based on mutual trust and respect. Privacy might not sound sexy to most web users; that’s because we are living such busy lives and being so distracted that we can’t even afford to take 1 minute to review the consent pop-up before we click directly on the “Accept all cookies” button. But the truth is, small actions can gather, and before we know it our data might be exposed and compromised by many unwanted eyes. In a world which is so full of information overload, how do we manage to make people stay on track? There is luckily a solution for this: Privacy by design.

Privacy by design

Designers have big power but also big responsibility. The interfaces we design have the power to make or break people; we can really shape how the world evolves and the daily habits of millions of people on a daily basis. But we can use this power for good; we can design with privacy in mind, therefore influencing user behavior for the good.

The concept of privacy by design is not new; Ann Cavoukian created the 7 principles for privacy by design and offers a concrete and practical approach on how we can apply them. We can use these principles as a checklist while designing, to ensure we are not harming any user data or exposing our users to unnecessary risks. The 7 principles are:

  1. Proactive not Reactive; Preventative not Remedial: anticipate that privacy violations can happen and proactively address those issues by ensuring they don’t happen in the first place.
  2. Privacy as the Default: minimize how much data you ask from the user; limit yourself to what you need to get the task or transaction done. Don’t store data for longer than you need and limit the use of data to performing your core business.
  3. Privacy embedded into design: when designing business practices and IT systems, embed privacy into their design at the beginning, not at the end.
  4. Full Functionality – Positive-Sum, not Zero-Sum: look for win-win and creative solutions to achieve both privacy and business goals, respective privacy does not mean we cannot achieve our ambitions.
  5. End-to-End Security – Lifecycle Protection: we need to protect data all the way across the customer’s journey and phases, not only in specific parts.
  6. Visibility and Transparency: collecting personal information comes with a responsibility to protect it. Be transparent about your process of collecting, storing and using the data.
  7. Respect for User Privacy: give users tools and ways to consent, access and correct their personal data while respecting data regulations and keeping the user’s best interest in mind.

Practical examples and tips to apply privacy-by-design

Explain where you got the data

We all know the creepy ads appearing in our browser following us just because we click on one item of an e-commerce shop. We know they are tracking us, but this feels creepy as they don’t explain us why we see these adds. A simple solution would be the Netflix approach:

Netflix removed successfully the creepiness by adding a simple explanation: “Because you watched X… (we think you will like Y)”. This clearly explains to the user that they are getting these recommendations based on their previous watching behavior.

Allow users to export, delete or move their data

Foresee easy ways for users to manage their personal data, export it or move it. WordPress offers this functionality to its users by just clicking a button on the dashboard and entering their username, removing the friction of complicated forms and multiple steps before the user can access them.


Notify users when data breaches occur

Even though sensitive user information such as passwords should be stored securely and encrypted, hackers can always try and compromise user information. The least you can do if that happens is inform users immediately and ask them to change the password. Unfortunately, many websites today are not even monitoring if data from users has leaked, therefore they never inform users if a data breach happened. Luckily, some new features such as Google Chrome’s data breach pop-up proactively informs users on if there was a data breach on their account. However, I was personally highly disappointed to see this pop-up in some websites I visited and shopped products from and never got informed about it.

Image source: Google Support

Use simple, human language and be transparent

How will their data be used? Who will access it? For what purpose? Users have the right to know what happens to their data. Use simple and human language to explain this, as below.

Present privacy options easily and organized

Help users understand and select the level of privacy they feel comfortable with by neatly organizing privacy options and explaining what each option means. TechCrunch’s cookie pop-up does it well:

Default to the most private option

As in cookiebot’s cookie policy example seen also above, protect user’s privacy and help them make the right choice by using the most private option as the default. By providing the most private option as the default, we design for this behavior and increase chances to protect user’s privacy.

If you have data, provide value in exchange

If users have been kind enough to provide you with a lot of data, the least you can do is offer them something in return. Provide them with personalized recommendations which are useful for them, send them a greeting card on their birthday, personalize your site based on the country they live. Personalized recommendations which are useful for users, and help discover useful information such as online courses users might be interested in, is where users can get additional value from your product.

LinkedIn Learning

And finally, track only what you need to know

When asking customers to fill in a form to buy a product, do you really need to know so much info such as their birthdate? When asking a user to create an account, do you really need anything more than a username and a password? Why ask users to fill in their whole list of personal information, just to create an account so that they can only try your product? Consider how much friction and lack of trust this introduces for people but also for your own company – if you make it easier for users to use your product you will also win by having many more people trying it.

Leave a Reply

Your email address will not be published. Required fields are marked *