Designing for Privacy in an Increasingly Public World — Speed Talk

Designing for Privacy in an
Increasingly Public World
Design Museum Week| 27 April 2022 | Robert Stribley

What do we mean by
designing for privacy?

• In 2021, we learned that
Facebook, the most popular
social media platform on the
planet had been hacked
• 533 million user’s phone
numbers and personal data
were leaked online
• Fraud & identity theft on the
rise during the pandemic
• FTC: 1.4 million reports of
identity theft in 2020 — double
from 2019
Data Security & Identity Theft

Clearview.ai, a facial
recognition platform offers
services to law
enforcement.
They downloaded over 3
billion photos of people
from the Internet and
social media and used
them to build facial
recognition models for
millions of people without
their permission.
Facial Recognition Illustration: Elena Lacy for
Wired
Photo by Kyle Glenn

The New York Times
reported on how the
donation site for Donald
Trump deployed “dark
patterns” to trick
supporters into agreeing
to recurring donations,
earning the campaign a
huge spike in
contributions
Dark Patterns

Data Sharing
A 2019 survey by RSA found only 17%
of respondents said it was ethical to
track their online activity to personalize
ads.
Apple rolled out a new iPhone privacy
feature called “App Tracking
Transparency,” which prevents apps
from following you across the internet.
Hugely popular in US: Only about 20%
of iOS users allowing apps to track them
so far.

What’s Our Role
as Designers?

“Arguing that you don't
care about the right to
privacy because you
have nothing to hide is
no different than saying
you don't care about
free speech because
you have nothing to
say.”
— Edward Snowden, former CIA
employee, NSA leaker
Why Care About Privacy?

• Even if we’re not concerned with a particular privacy
issue, we’re not designing for ourselves
• If we’re designing for privacy, we’ll consider the
needs of people not like ourselves — people with
different backgrounds and experiences
• That means researching privacy issues, but also
interviewing or talking to people with diverse
backgrounds and lived experiences

For example, LGBTQ youth should
feel their privacy is secure when
reaching out for help online.
In this sense, privacy issues are
very often also diversity issues.
Privacy is a key consideration for
inclusive design.
Screenshot from The Audre Lorde Project’s Facebook page

We may need to explain to our clients the impacts of ignoring privacy concerns.
• Civic responsibility: Encourage clients to treat their “end users” as human beings,
who are members of their community
• Reputation management: Remind clients that what companies do can undermine
their brands
• Site abandonment: Using dark patterns may anger people, prompting them to
leave your site for another with a more transparent experience
• Financial consideration: Fine for not following the increasing number of laws and
regulations (GDPR & California Consumer Privacy Act)
Even if there’s an up-front cost to designing for privacy, the long-term costs can be
devastating.
Our Role

In her Privacy by Design
manifesto, Dr. Ann Cavoukian
recommends making privacy the
“default setting” in our designs
and says privacy should be
“embedded” into design.
What are some practical ways to
ensure we’re doing that?
Best Practices
“Privacy by Design: The 7 Foundational Principles”
by Dr. Ann Cavoukian
Founder of Global Privacy & Security by Design and the former Information and Privacy
Commissioner for the Canadian province of Ontario

Avoid dark patterns
Dark Patterns
1

Dark Patterns
UX designer Harry Brignull
coined the term dark pattern: a
“user interface that has been
carefully crafted to trick users
into doing things” that you didn’t
mean to do — like buying or
signing up for something.

Dark Patterns
“Dark patterns are the
canaries in the coal mine
of unethical design.
A company who’s willing
to keep a customer
hostage is willing to do
worse.”
— Mike Monteiro, Ruined by
Design

Here on a major airline site, the customer
has already chosen Basic Economy but
"Move to Main Cabin”— which costs $100
more — is placed as a large red button
where you’d typically find a "Next" button.
Here the pattern is used to trick people
into an upsell.
But the same pattern is used to trick
people into sharing their personal
information in ways they didn’t intend to.
Dark Patterns

Strava, a popular app for runners, automatically
tagged other runners when you passed them if they
didn’t change their settings.
This feature had a name: Flyby.
If you clicked on a face, it showed the user’s full
name, picture and a map of their running route —
effectively revealing where they lived.
This happened without you following users and
without them knowing they were sharing their
activity.
After receiving criticism, Strava did change the
default setting to private. But it should have always
been private.
Dark Patterns

Be transparent about
what personal data is
used
What Data Is Used?
2

Be specific about what data is shared—
especially when sharing PII.
Personally identifiable information —
data points such as name, email, phone
number, social security number, mother’s
maiden name, can be used to steal
people’s identities and to commit fraud
87% of the U.S. can be uniquely
identified by just their date of birth,
gender, ZIP code (Those items aren’t
even considered PII.)
Imagine how much damage a bad actor
can do with just 3 data points of PII.
What Data Is Used?

Be transparent about
why specific personal
data is collected or
shared
Why Is Data Used?
3

Consider this an opportunity to explain the benefits of
sharing their data:
• Does it ensure a better experience in the future?
• Does it personalize ads and offers for them?
And if you can’t explain the benefits, consider whether
you’re designing the right sort of product.
Why Is Data Used?

Why Is Data Used?
The home insurance app Lemonade
sets a great standard for transparent
privacy policies.
They include an itemized, detailed
explanation of what personal
information you’re sharing, as well as
why.
They also promise never to sell your
information to third parties.
“TL;DR: We will never, ever, sell your data to
anyone.”

Always use clear,
approachable language
Clear Language
4

Clear Language
In 2019 The New York Times studied 150
privacy policies from various platforms.
They described what they found as an
“incomprehensible disaster.”
They described AirBnB’s privacy policy as
“particularly inscrutable.”
Vague language and jargon allow for
broad interpretation, making it easy
companies to defend their practices in a
lawsuit but hard for us to understand
what’s really going on.

Twitter advises you to read
their privacy policy in full
but highlights key aspects
of it up front advising you
to pay attention to those
specific points.
Clear Language

Give users options to
control their own data
User Controls
5

User Controls
Google offers a Privacy Checkup with high
level descriptions of how your personal data
is being used and why.
They allow you to turn off activity tracking,
location history, your YouTube history, your
Google photo settings, check which third
parties have access to your information, and
access other key settings all in one sort of
privacy dashboard.

Ensure these privacy
features are placed
contextually and easy to
find
Easy to Find
6

Easy to Find
Contextual and easy to find also means
…
Onboarding — Explaining in detail how
you use people’s data when they’re
using your app for the very first time.
“Just in time” alerts – Alerting users in
the moment—when they’re about to
share data in a new way—even if
they’ve already been using your
experience.

Easy to Find
Mozilla displays robust
Privacy information by
default in a dedicated tab
when you download and
open their Firefox
browser for the first time.

Remind users regularly about their
privacy options
And actively encourage them to take
advantage of them
Reminders
7

Reminders
Facebook allows you to set
reminders to do a privacy
checkup every week, month, 6
months or year.
Google also has a feature,
which will send you a reminder
to check your privacy settings.

One final point:
Never change users’ privacy settings
without telling them in advance.
And ensure they have the option to opt
out.
Never Change Without Notice
8

A few years ago, Facebook made users’ “likes” visible
overnight, which consequently may have outed some people
in the LGTBQ community or revealed people’s personal,
political or religious beliefs.
When I asked an employee how they justified this change,
they responded that the company valued transparency and
wanted people to be transparent about their interests.
Facebook’s founder Mark Zuckerberg had even famously said
privacy was no longer a “social norm.”

We don’t have the right to make decisions about other
people’s personal data on their behalf.
Assuming everyone’s information can safely be made
public is a belief that comes from a position of privilege.
We should never make decisions like this, which can
profoundly affect people’s privacy without their explicit
consent.

We talk a lot about “empathy” in
design.
If we design with empathy, we
won’t design experiences we
wouldn’t want to use ourselves.
And we won’t design using “dark
patterns” either.
Conclusion
Photo by Josh Calabrese

Privacy is not about secrecy.
It’s all about control.
— Dr. Ann Cavoukian
If we want to ensure people have control over their
own personal information
If we want to ensure the experiences we design are
user friendly and truly “user-centered”
We’ll keep these best practices for privacy in mind
Conclusion
Photo by Zanardi, Unsplash

Designing for Privacy in an Increasingly Public World — Speed Talk

Designing for Privacy in an Increasingly Public World — Speed Talk

More Related Content

What's hot (20)

Similar to Designing for Privacy in an Increasingly Public World — Speed Talk (20)

More from Robert Stribley (20)

Recently uploaded (20)

Designing for Privacy in an Increasingly Public World — Speed Talk

Editor's Notes