different situation. But still, consider Sure, I get it. Humans are collectors how much data you actually need by nature, thus we have a natural to provide the best experience to tendency to ask for more data than the user. we immediately need. Better safe than sorry — maybe we will need it You don’t need someone’s name to at some point in the future. Well, the send him a newsletter, just his e-mail GDPR states that you need either of address — so why bother asking? these 6 legal justifications to collect Sure, you want to build out your CRM data: Consent, Contract, Legal Obli- database, but there are better ways, gation, Vital interests, Public task or follow-up e-mails e.g. where the user legitimate interests. Most companies can opt-in to provide further infor- still rely on the latter, the legitimate mation. Also, sign-up rates tend to interest, and argue that collecting be higher, the fewer field a form has personal data and using e.g. cook- ies enhances the user experience by offering a more personalized experi- ence. But it’s a very weak argument and in many cases, I’m sure it wouldn’t hold up. Also, get your privacy officer involved as soon as possible. Often times I see clients contacting their privacy officer after going live with a proj- ect. That’s way too late. Your privacy officer should be involved from the beginning and lay the groundwork to build upon. So, start your project by re-thinking how much personal data you really need to collect. And remember there are two ways your users leave their data with you: voluntary by filling out forms etc (active) and passive by automated data collection through tracking scripts etc. With that mind, let’s tackle some of the real-world topics you face in every project. Cookie Banner Ann Cavoukian’s — another reason to reduce it to the Let’s start with one of the most privacy guiding minimum. annoying aspects of data protec- principles tion: the Cookie banner. Everyone hates it. And it tells — most of them suck. Companies who don’t want to develop their own, implement shitty third-party tools that suck even more. It’s a shame. And from an user expe- rience as well as a branding perspec- tive it’s more than stupid. The cookie banner — as annoying as it might be — is in many cases the first thing a user interacts with when he visits 51
your website. So make sure it’s not a bad pun? Sure, why not. At least it a terrible experience. Again, look at shows someone cared at least a bit. this example from Ad Age, where you actually have to wait up to a minute Placement after choosing your cookie settings for the website to render the config- Also, think of the banner placement. uration. It’s crazy. Your Intercom chat bubble is hip and all, but when it covers the cookie ban- The advertising industry managed to ner, it’s just bad. Show it only after the develop scripts that enable real-time cookie consent — how else would you bidding to run complex calculations in know if the user agrees to the usage order to auction ad inventory against of such software anyway? vendors — all within 100 ms. But to save your cookie settings, it takes And please, PLEASE, don’t pop up a several seconds up to a minute. Pri- newsletter subscribe modal immedi- orities, right? ately after I closed the cookie ban- ner and Intercom bubble. I don’t want How to fix it to click 2–3 times before I can start using a website. There are several ways to enhance this experience and the first one is Lastly, make sure to remember the to obviously reduce the number of user’s choice (if he allows it, of course) cookies you want to download to a and don’t show him the cookie banner user’s device. This shortens the list every. damn. time. and simplifies the options for the user. Again, the ad industry manages to Then, make sure the cookie banner show me ads on Instagram for a com- does not feel out of place. Put in the pany’s product only moments after same effort to design it than to any I read an article about the bespoke other element on the website. Again, company on my laptop. How hard can it’s one of the first things a user sees it be to remember my cookie settings? of your website — it shouldn’t look ugly and out of place. If you want to learn more about how to design a great cookie consent I can highly recommend you Vitaly Fried- mann’s article on SmashingMagazine. From privacy policy to privacy hub Ok, so you took care of the initial cookie consent. Great. But did you make sure, users can change their settings at all times? Author’s The same goes for copywriting. Make Additionally, you’re required to allow example of a sure your micro-copy is on point, users to request all his data you have bad cookies communicates in a clear manner why stored, and if not automated you at banner you need to use cookies and what least need to have a manual process options the user has. Keep it as short in place. And then there is the need as possible because you need to dis- to implement an imprint (at least in play it on mobile devices as well. Add Germany) as well as your privacy pol- icy or data protection text. Introducing: The Privacy Hub With all that in mind, you can make a strong argument for something like a 52
privacy hub on your website. Here, the installing Google Analytics without user can change his cookies settings ever looking at the numbers. Or just in detail, request his data or learn using the basic configuration, leaving more about your privacy policy. them (and me) with not much data besides generic bounce rates and The hub should be easily accessi- device usage. If you do it, do it right. ble, e.g. from the main navigation or Otherwise, just don’t use tracking at least from the footer navigation. software. Make sure it’s always visible, easy to find and consistent throughout As mentioned earlier, many companies your site. Remember: It’s nothing you justify the use of tracking scripts with should hide or be ashamed of, quite “optimizing the experience for users”. the opposite. That’s great. But then actually do it. Use detailed event tracking to figure A good starting point for this is XING’s out if users understand your complex privacy policy, which is nicely struc- forms or use your search function. tured, uses illustrations to further guide the user and offers in-depth Google Analytics is a blown-up piece information for individuals who wants of software that’s extremely power- to learn more. The extra mile that they ful but for most projects, it’s just too put in to create this platform pays off powerful. A smaller, more streamlined and communicates clearly how much alternative like HotJar might not only they care. be better suited for your needs but also offer better user protection. What I would love to see is the inte- gration of e.g. the cookie settings into Technological Infrastructure the platform to make it the central place for everything privacy related Besides tracking, you, as a website at XING. owner, are responsible for every tech- nology, even third-party ones, that Structure and guidance run on your website. But do you actually know how e.g. Facebook is To structure the nowadays ridiculous handling the data they are collecting long privacy policies, make use of through your website? I doubt it. So accordions to allow users to quickly don’t use it, at least not by default. find the part they’re interested in. Let the user decide if they want to You’re required to write your privacy opt-in for scripts that communicate policy in a way everyone can under- ‘home’. stand. Go even further and ditch the legal language to give contextual I don’t want to go too deep into the explanations that directly relate to engineering aspects of a privacy-first your website’s features. website as this would be a topic on its own. But to cover the basics, you Explaining why you use a certain should make sure to choose a tech- service, e.g. Google Analytics, might nical system that is fully GDPR-ap- also have the nice side effect that you proved, e.g. by the way user data is reconsider your choices and think of stored, who can access it and more. alternatives. Investing in SSL-certificates should Tracking be a no-brainer as they not only build trust but also helps your site’s Google Talking about Google Analytics — do ranking. you really need tracking data? Don’t get me wrong: As a user experience Also, invest in security audits where designer, I should rely on quantitative external companies try to breach data to test theses and validate ideas. your system and e.g. extract data. But in many projects, I saw clients If you think this is unnecessary and 53
something out of movies, I again would like to recommend Darknet Diaries, a podcast about web security. Espe- cially episode 2, where you learn how shockingly easy it was for a hacker to get access to several hundred giga- bytes of children’s data because even basic security measurements were missing. Transparency and trust In the end, it all comes down to trust and the easiest way to achieve trust is to be transparent. By being open and communicating in a clear lan- guage you show the user that you care. Guide them through situations where he might be uncomfortable, especially in forms where you require informa- tion like a telephone number or credit card information. A great way for this is using in-time explanations, where you explain for each and every neces- sary field why you need this data, how you’re handling it and where the user can change this information later on. Conclusion As you can see there are many ways for you to think about privacy when designing a website and most of them don’t require that much of an effort — just a change of mind maybe. We’re not talking rocket science here but the implementation of principles from the 90s. 54
A good example by mubaloo 55
Has Privacy Become a Luxury Good? Julia Angwin paying for the product, you are the product. And currently, we aren’t pay- ing for very much of our technology. Not long ago, we would have bought services as important to us as mail and news. Now, however, we get all those services for free — and we pay with our personal data, which is spliced and diced and bought and sold. Peter Arkle LAST year, I spent more than $2,200 Consider Google, which scans what illustration and countless hours trying to protect you write in Gmail to offer advertis- my privacy. ers a chance to promote their items based on your missives. Or a visit to Some of the items I bought — a $230 an online news site where your data service that encrypted my data in is secretly auctioned and sold before the Internet cloud; a $35 privacy fil- the page loads. Or Facebook, which ter to shield my laptop screen from allows marketers to turn your status coffee-shop voyeurs; and a $420 updates into ads for their products. subscription to a portable Internet service to bypass untrusted connec- Those who aren’t bothered by that tions — protect me from criminals exchange should keep in mind that and hackers. Other products, like a our data is used not just for adver- $5-a-month service that provides me tisements. It has also been used to with disposable email addresses and charge people different prices based phone numbers, protect me against on their personal information. It has the legal (but, to me, unfair) mining been used to provide different search and sale of my personal data. results to different people based on their political interests. It has been In our data-saturated economy, pri- used by the government to identify vacy is becoming a luxury good. After possible criminal and terrorist sus- all, as the saying goes, if you aren’t pects. Just last week, we learned that the British government had intercepted and archived still images from millions of Yahoo webcam chats around the world, whether or not the participants were suspected . 56
The more we learn about how our data Standing in the way of the widespread is being harnessed — and how it may adoption of these tools, however, is be exploited in the future — the more the problem of verification. I have Mr. likely we are to re-evaluate the true Harvey’s OFF Pocket and it seems to cost of these supposedly free ser- block the cell signals, but I don’t know vices. And some of us will start trying for sure that it works as promised. The to buy our way out of the trade-your- same is true with the Blackphone, or data-for-services economy. DuckDuckGo’s privacy policies. I hope their claims are true, but there are few But, as I have learned, it isn’t cheap trusted third parties to verify them. or convenient to start buying pri- vacy. I spend annoying amounts of This was brought home to me when I time updating software or trying to signed up for a service from Truste- resolve technical difficulties when my dID. For $35, the company promised different privacy-protecting services to opt me out of some of the big- conflict with one another. gest American data brokers. A few months later, I contacted those bro- It all reminds me of the early days of kers to confirm that my information the organic food movement, when had been removed from their data- buying organic often meant trekking bases. It turned out that TrustedID to inconveniently located, odd-smell- had failed to process more than half ing stores and paying high rates for of the opt-outs. The service has since misshapen apples. Only the devoted been suspended. few were willing to suffer the hassles. As more privacy-protecting services Over time, however, the number of pop up, we need to consider two people worried about chemicals important questions: Can we ensure in their food grew large enough to that those who can afford to buy pri- support a robust market. The stores vacy services are not being deceived? eventually became better looking, And even more important, do we want the apples were less misshapen, and privacy to be something that only organic food entered the mainstream those with disposable money and of American life. time can afford? A similar evolution in the person- The food industry can offer some al-data-protection market is under- possible answers to those questions. way. Traffic to the privacy-protect- Our government enforces baseline ing search engine DuckDuckGo has standards for the safety of all food more than doubled since Edward J. and has strict production and label- Snowden revealed vast government ing requirements for organic food. It surveillance programs last June. The may be time to start doing the same Blackphone, a $629 not-yet-released for our data. Android-based smartphone that will have privacy-protecting software installed to allow users to send encrypted texts and make encrypted calls, is being pre-ordered by the thousands. And last year, a New York entrepreneur, Adam Harvey, sold out of his first run of the OFF Pocket — an $85 cellphone case that blocks signals to and from the phone. “My vision is that privacy won’t be given to you as a law completely,” he told me. “You have to commer- cialize it so people can speak with their money.” 57
References p.06 — Frascara, J. p.40 — Crowfoot, A. (2018, (2006, November 8). The September 13). Designers, Dematerialization of Design. stop designing for yesterday’s planet. p.12 — Ruscello, J. (2018, February 5). Future of Print: How p.42 — Benson, E. (2010, June Design Brought it Back from the 14). TEDxUIUC - Eric Benson - Dead. Sustainable Graphic Design. p.16 — Burrus, D. (2019, June 27). p.44 — Kaufman, L. (2020, Dematerialization — A Pathway February 3). Is Privacy a Luxury? for Innovation. The new commoditization of privacy. p.18 — Morley, M. (2019, June 10). The Subversive Power of Print p.48 — World Economic Forum + Analog in the Era of Digital Annual Meeting. (2017, January Surveillance. 19). What If: Privacy Becomes a Luxury Good?. p.20 — Brown, T. (2016, November 29). Tim Brown: Design & the p.50 — Wiesemborski, M. (2019, circular economy – Circular May 19). How to design with Design Guide. privacy in mind. p.22 — Auken, I. (2016, November p.56 — Angwin, J. (2014, March 11). Here’s how life could change 3). Has Privacy Become a Luxury in my city by the year 2030. Good?. p.24 — Webster, M. (2019, April 26). Making Sustainability Tangible: From Ownership And Purchase to Access And Participation. p.26 — Diacono, S. (2016, October 11). Rethinking Ownership: Making the Shift from Consumer to User. p.30 — Tzuo, T. (2018, June 26). Think Tank: The End of Ownership. p.32 — Gidopoulos, Y. (2019, April 9). Access vs Ownership: Really a Revolution?. p.34 — Cueva, A. (2017, May 5). The case for purpose- driven design | Amy Cueva | TEDxAmoskeagMillyard. p.38 — McAfee, A. (2018, May 18). Dematerialization: Humanity’s Biggest Surprise | Andrew McAfee | TEDxCambridge. 568
597
product service de-mag you. 608 de—mag
Search
