Discover more from The Privacy Whisperer
Transparency by Design: Transforming the Web
Why and how data protection should also be thought and implemented at UX design level
Today’s newsletter topic is Transparency by Design, which is the approach I proposed in my last research article to solve some unfair practices online. You can download the article (for free) here.
Transparency by Design basically proposes that compliance with transparency rules (such as the ones established in the GDPR) should happen at all levels of UX design instead of being restricted to privacy policies or obscure settings. I show how failing to support users with accessible information, privacy-supportive design, and meaningful choices creates an unfair online environment, exacerbating informational vulnerabilities.
In the last two issues of this newsletter, we discussed dark patterns in data protection and the cognitive biases that are exploited by them, which make us more vulnerable to these unfair practices. In this post, I want to highlight the role of UX design in helping users to learn about what happens with their data and to empower them to navigate the web with more privacy awareness.
A starting point for this discussion - and the elephant in the room - are privacy policies. They have always bothered me because they are “fake.” They pretend to be directed to users when they are actually documents written by lawyers, for lawyers, aiming mostly at avoiding liability in cases of fines and lawsuits. Nevertheless, they try to use “friendly” language, and they make clear that it is the user’s responsibility to read it and to come and check further in case of updates. It makes no sense, and it always makes me angry. An internet user might navigate through dozens of websites or apps in a single day. Is he or she expected to read all these privacy policies - and even check for updates? In addition to this nonsensical expectation (that users have to read privacy policies), even if they wanted to embark on this mission, there are so many cognitive biases involved in the process that they would probably not succeed (I wrote an academic article about that in the past, you can read it here). There has to be another solution, and here is where UX design enters the game.
The UX design experts Don Norman and Jakob Nielsen said:
“The first requirement for an exemplary user experience is to meet the exact needs of the customer, without fuss or bother. Next comes simplicity and elegance that produce products that are a joy to own, a joy to use. True user experience goes far beyond giving customers what they say they want, or providing checklist features. In order to achieve high-quality user experience in a company's offerings there must be a seamless merging of the services of multiple disciplines, including engineering, marketing, graphical and industrial design, and interface design.”
Transparency by Design, therefore, proposes that the UX design of a product or service should be a vehicle to transmit data protection information and help mitigate informational vulnerabilities. When planning and executing their product UX, organizations should consider the data practices that occur in that context and aim at generating awareness about these practices. I will exemplify:
Above is a screenshot of the interface shown when a user wants to post something on Facebook. The UX design presents the visibility menu right below the profile name, which is where the user can choose between posting publicly, to “friends”, “friends except ...,” “specific friends” or “only me.” Showing this menu every time the user posts new content is a positive data protection feature, as well as a better practice than concealing it (and expecting the user to go to the general settings page and, from there, choose a default configuration).
However, it is still not ideal, as it makes several assumptions about the users’ previous knowledge of data practices which might not be true and might generate discomfort and privacy harm. For example, the current design assumes that users understand that:
clicking on the audience menu will give them audience options for the post, and they might benefit from tailoring the visibility of certain types of content (it is not mandatory to confirm a visibility choice before proceeding to post, so users might not understand that there is the option to change it);
posting on Facebook means that, as a digital and fungible asset, the content now is out of the user’s control and can potentially be re-uploaded indefinitely and on different platforms for different uses;
posting publicly means that strangers might see that content and interact with it;
posting publicly means that if someone comments on the post, some of the commenter’s Facebook “friends” will be notified on their feed about this interaction and might want to interact as well, generating a cascade of potentially unwanted interactions;
posting to “friends” means that anyone from the user’s Facebook “friends” list might see the content, even long-time ex-coworkers, distant family members, or estranged acquaintances;
posting to “friends” means that if someone comments on the post, some of the commenter’s “friends” that are also “friends” with the original author will be notified on their feed about this interaction and might want to interact as well, generating a cascade of interactions;
a Facebook profile is searchable on search engines such as Google (unless selected otherwise in the privacy settings). If users post something publicly, this content can be indexed and found through search engines when someone looks up their name;
the content posted on Facebook will be used to tailor advertising to the user;
the content posted o Facebook will be used by third-party apps whose accounts were connected to Facebook by the user.
These assumptions are all embedded in the UX design choices shown in the image above, meaning that Facebook UX designers have assumed that users are aware of items 1-9 above when they post certain content. If these assumptions were true, then the current UX design would be ideal, as it would be suitable for the skills and background knowledge of the users it is catering to. However, studies have shown that users lack essential knowledge about data practices. Designers and developers are particularly specialized in the functioning of the product or services of the organization that employs them and might forget that the regular user does not have a fraction of that background knowledge and, therefore, will be uninformed and vulnerable when trying to navigate a certain interface.
Transparency by Design proposes that no data protection background knowledge should be expected from users. UX designers should have data protection illiteracy in mind and build interfaces that can cater to audiences that are vulnerable to privacy harm. Going back to Facebook’s interface above, examples of changes in the UX interface that would be aligned with Transparency by Design are:
ask users to manually select the audience of the post before every post;
after the user has selected the desired audience, show on average how many people will see the post and ask whether the user wants to change the desired audience;
warn the user before posting that others could download or screenshot the content and repost it on Facebook or other platforms. Therefore it might be impossible to retrieve control over its availability;
warn users that even posting to friends only, distant or estranged friends might interact with the post and generate unwanted attention;
ask the user if he or she wants to allow others to comment or share the post;
add a button before posting where users could receive more information about audiences, how their data is being used, and how information is shared with connected apps and to personalize advertising;
actively ask users if they want their profiles to be publicly indexed by search engines;
inform users before posting that the content posted will be used by advertisers and third-party apps;
provide an easily accessible 24/7 channel (i.e., an intelligent chatbot) to offer tech support to users on data protection issues. If the chatbot cannot provide a satisfactory answer, provide a feedback form that should be answered in due time.
These are a few suggestions from a researcher unaware of the proprietary structure of Facebook’s UX design or decision-making processes. I argue that data protection and safeguarding users’ privacy should be two more disciplines to be considered by UX designers during the elaboration of their product or service interface. The main guideline to be followed by UX designers is a simple one: no prior data protection knowledge should be expected from users, all data collection points should be transparent and clear, and the explanation should be contextual and as close to the collection point as possible.
In addition to the general guideline above, market players and industry organizations could develop specific sectorial guidelines on how to elaborate these contextual and UX-embedded privacy notes (or visceral notices, as Ryan Calo has named them), having as the main focus reducing users’ informational vulnerabilities and increasing users’ data protection literacy. More research is needed at this point to measure and propose adequate forms of UX-embedded privacy notices for different online scenarios and audiences.
There is a lot to unpack (my full article has 58 pages, you can read it for free here), and I hope to talk more about it in future posts, especially regarding UX designers’ role in promoting privacy. I personally believe that the web can be a more empowering place where people can have their vulnerabilities protected, their privacy respected, and their autonomy valued. I think this transformation is possible, and I invite you to join the conversation.
✅ Before you go:
Did someone forward this article to you? Subscribe to The Privacy Whisperer and receive this weekly newsletter in your email.
At Implement Privacy, I offer specialized privacy courses to help you advance your career. I invite you to check them out and get in touch if you have any questions.
See you next week. All the best, Luiza Jarovsky