Upload
ann-wuyts
View
2.226
Download
1
Tags:
Embed Size (px)
Citation preview
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Privacy by Designer PRACTICAL CONSIDERATIONS ON UX
DESIGN FOR TRUST
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
“In God we trust all others bring data.” - William Edwards Deming
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
We all live in the Age of Context
SHAPED BY MOBILE, SOCIAL MEDIA, DATA, SENSORS AND LOCATION-BASED SERVICES
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Users expect Personalistation & Personal
EXPERIENCES FOR THE ‘MOST PERSONAL DEVICE EVER’ ARE..
RELEVANT
are you engaging at the right moment?
GLANCEABLE
can you deliver value in milliseconds?
PERSONAL
do you approach people in the right manner?
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
No other Apple device has ever been so connected to the wearer. It is important to be mindful of this
connection.
Apple Watch Human Interface Design Guidelines, 2015
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Machine-to-human relationships are now about human-to-human values
UNDERSTANDING PERSONALISATION
H2H M2H
TRUST PRIVACY
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
The Privacy Challenge CONCERN ABOUT PRIVACY JUMPED 5 POINTS BETWEEN 2014 AND 2015. 2nd Annual Poll on How Personal
Technology is Changing our Lives - January 2015, Microsoft
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Loss of control
PRIVACY CHALLENGE USER POINT OF VIEW
91% of adults ‘agree’ or ‘strongly agree’ that consumers have lost control over how personal information is collected and used by companies.
Pew Research Privacy Panel Survey, January 2014
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Lack of Transparency
PRIVACY CHALLENGE USER POINT OF VIEW
People are fearful of sharing their data largely because companies and government have not been good at clearly explaining how they use it.
Data Dialog, Demos 2012
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Lack of Knowledge (aka Privacy and PETs are ‘too difficult’)
PRIVACY CHALLENGE USER POINT OF VIEW
54% believe it would be “somewhat” or “very” difficult to find tools and strategies that would help them be more private online and in using their cell phones 13% unaware about search engines that do not keep track of a user’s search history 31% unaware email encryption programs such as PGP exist 31% unaware of privacy-enhancing browser plug-ins 39% unaware about anonymity software such as Tor
Pew Research, 2015
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Everyday privacy measures that do catch on
ON THE BRIGHT SIDE LESS TECHNICAL WAYS OF OBTING OUT OF DATA COLLECTION
Clearing cookies or browser history: 59% Refusing to provide information about themselves that wasn’t relevant to the transaction: 57% Set their browser to disable or turn off cookies: 34% Deleted or edited something they posted in the past: 29% Used a temporary username or email address: 25% Giving inaccurate or misleading information about themselves: 24% Decided not to use a website because they asked for their real name: 23% Used a public computer to browse anonymously: 12% Asked someone to remove something that was posted about themselves online: 11%
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
the Facebook paradox • 91% of adults feel consumers have
lost control over how personal information is collected and used by companies.
• 58% of the entire adult population (and 71% of internet users) is on Facebook.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Privacy VS. User Experience
#FALSE – HOW DO YOU DEFINE A BETTER PRODUCT? CONTEXT? DATA QUALITY?
The truth is that collecting information about people allows you to make significantly better products and the more information you collect,
the better products you can build .
Dustin Curtis, “Privacy VS. User Experience” (2014)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Privacy is a fundamental component of the product experience
BUSINESSES CAN DELIVER A GRAND USER EXPERIENCE AND TREMENDOUS VALUE ONLY IF THEY SAFEGUARD THEIR USERS’ PRIVACY AND SECURITY
BUSINESS VALUE
CONSUMER VALUE
PRIVACY
GREAT UX personalisation
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Being credible BEING CREDIBLE HAS ALWAYS BEEN IMPORTANT FOR A GOOD USER EXPERIENCE
useful
usable desirable
credible
valuable
findable accessible
User Experience Honeycomb (Peter Morville)
CREDIBILITY 2004 the information you present to users
CREDIBILITY 2015 taking responsibility to keep personal data safe
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Privacy by designer
DELIVER BOTH PERSONALISATION AND TRUST We owe it to both our users and the people who hire us to actively think about privacy, and to implement privacy in the flows and designs we deliver.
B. We need to deliver trustworthy products.
A. We need to deliver great, personal experiences.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
What is Privacy?
PRIVACY IS BROAD PRIVACY IS A RIGHT PRIVACY IS NOT DEAD
Personal Data
• The Universal Declaration of Human Rights (Art 12)
• Europe: Directive 95/46/EC
• Belgium: Privacy Act (1992, 1998 & KBs)
• Telecommunication law
• …
LAWS AND SUCH
European Privacy Watchdogs &
GDPR New EU legislation
in the works
“If data is the new oil,
privacy is the new green.”
…
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Any information
This is not limited to data regarding a an individual’s privacy, also relating to a person's professional or public life. Eg. name, a picture, a telephone number (professional number too), a code, a bank account number, an e-mail address, a fingerprint, … .
PERSONAL DATA IS ANY INFORMATION (RELATING TO)* AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON * OFTEN DEPENDS ON CONTEXT
• Object data vs personal data (eg license plate) • Unique biometric data is always personal data (eg
fingerpint, DNA)
DATA SUBJECT
PERSONAL DATA RELATES TO
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Identifiable evolves
IDENTIFIABILITY = WHEN VALUE > COST
value of knowing
cost of identifying
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
IP address
AN IP ADDRESS ON ITSELF WILL UNDER THE GDPR NO LONGER BE ‘PERSONAL DATA’ BY DEFAULT
(UNLESS YOU ARE AN ISP)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Counter measures
Not personal information when measures are taken which reasonably rule out identification of a person
• Anonymisation • Key-coded data (clinical research) • Data masking/obfuscation (for
development) • Granularity
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Beware: location Special data which under the GDPR will require extra safety measures
(as is data on children)
avoid when possible
geohashes
coarse location
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Stay clear: sensitive data • race
• political opinions
• religious or philosophical beliefs
• trade-union membership
• health
• sex life
• prosecutions or criminal or administrative convictions
Prohibited to collect, register or ask to disclose. (exceptions apply, but then additional safeguards are required)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
What about republication?
Photographs and personal information published online may only be re-used if given consent. • different context • different purpose
=> context & purpose apply to recycling as well
(In case of scraping, copyright and database law are relevant too.)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Your responsibilities as Controller
• Ensure the quality of the data The data being processed have to be exact and, if necessary, kept up-to-date
• Ensure the confidentiality of the data Responsibility to inform and make sure that the individuals working under his authority only have access to and make use of the data they need to perform their duties
• Ensure the protection of the data From unwanted internal or external curiosity, as well as from unauthorised processing operations. Security measures can be organizational (restriction of the number of individuals having access to the data, use of access codes, locking offices with computers and data files, etc.) and technical. (!) The more sensitive the data and the higher the risks for the data subject are, the more precautions have to be taken. (see ‘information security’ on privacycommission.be)
• Erasure of data Personal data must not be kept in a form allowing for identification of the data subjects any longer than necessary for the purpose aimed at.
+ BEFORE PROCESSING OF DATA: NOTIFICATION
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
In case of breach CONSIDER A BREACH LIKELY – AND PREPARE ACCORDINGLY
• Do not play the victim • Be accountable • Take ownership • Express regaret
1. What happened? (tell what you know at that time)
crisis communications (works for downtime communication too)
2. What is being done *NOW*? (investigate, take systems offline, ..)
3. How does this affect your customers? (both short- and long term)
4. What are you doing to minimize risk? What can your customers do?
5. How do people get more information or updates?
(folluw up) 6. What are you doing prevent this from happening again?
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for explicit OPT-IN & COOKIELAW
By signing this contract, you agree we have the right to collect and pass on all your information. In case you do not want your bank to pass on your credit information to third partners and other divisions, please write ‘I do not agree’ on the contract and hand it over to the person behind the till.
EXPLICIT EXPLICIT NOT EXPLICIT (hidden opt-out)
NO YES
IF YOU AGREE, PLEASE CHECK THIS BOX:
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for informed NO SURPRISES
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for choice CONSENT
In your designs and flows, take into account both having and not having the data.
Design personalized experiences for when you have data.
Design good alternatives for not having the data.
Today will be sunny
Weather for Olen, Belgium where we know you live.
Check out the weather!
Antwerpen
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Privacy as a Trading Function? Customer Data: Designing for Transparancy and Trust – by Timothy Morey, Theodore Forbath, And Allison Schoop, May 2015 (Harvard Business Review)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for trust CLEAR & CONSISTENT, SO PEOPLE CAN TRUST YOU TO POINT OUT PRIVACY RELATED FEATURES & SETTINGS.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
The EU prosed icons: privacy-by-design taken too literal (how’s that for creepiness factor?)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for because EXPLAIN YOUR MAGIC
When users know of the existence of a certain algorithm, their satisfaction with the product increases over time , probably as they start to understand its workings better. Yet when they discovered an algorithm they were previously unaware of, users felt betrayed.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for because EXPLAIN YOUR MAGIC
When users know of the existence of a certain algorithm, their satisfaction with the product increases over time , probably as they start to understand its workings better. Yet when they discovered an algorithm they were previously unaware of, users felt betrayed.
WORST CASE SCENARIO “In the extreme case, it may be that whenever a software developer in Menlo Park adjusts a parameter, someone somewhere wrongly starts to believe themselves to be unloved. ”
– Eslami et all.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Because allows people to correct you when you are wrong. Something we best figure out before algorithms get to act on our behalf.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for transparency Show people their data selfs
If we are going to allow algorithms and expert rules to steer our behaviour, we must know they understand that correctly. Allow for: - Correction - Reset
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Reflect all data collected in functionality
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for forming secure habits BURNER ACCOUNTS
Kinja introduced these for anonymous commenting. They made private keys understandable through metaphor.
“…if you lose the burner key initially issued we will not be able to retrieve this information for you or reset the account. Save your key.”
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
REWARD SECURE BEHAVIOUR
Users that enable two-step security on their accounts will now receive a 10% discount off their monthly bill Mailchimp bill.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design to encourage privacy ACCESS DURATION
People forget to ‘revoke’ things. Supply limited time access options:
WeChat: location discoverable for 10 minutes (default)
LinkedIn: access duration settings (weeks -> months -> years)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Design for an exit MAKE IT EASY TO LEAVE BUT CONVINCE THEM TO STAY
Think about WHY people are leaving, and offer alternatives.
“snooze” services less-email-option reset profile/account ..
(and remember data portability!)
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
Do you want to know if your friends are (action/mood/..) ?
Do you want your friends to know if you are (action/
mood/..) ?
Don’t allow OK
Design with peer-to-peer privacy in mind. Ask the right question: not do you want to see, but are you willing for others to see..
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
When in doubt… STEP 1: ASK YOUR USER – PRIVACY DOES NOT BENEFIT FROM A “DO FIRST ASK FORGIVENESS LATER” STRATEGY
Build it so a user always has the option to tell
you to go bugger off.
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
When in doubt… STEP 2: USE COMMON SENSE AND AS LITTLE DATA AS POSSIBLE
PERSONAL DATA Less is more: in quantity and
detail, but also in time
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
i!When in doubt… STEP 3: ASK THE EXPERTS
Belgian Privacy Commission www.privacycommission.be
Article 29 Working Party Opinions & recommendations
Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent www.keek.be @vintfalken
We influence what is acceptable. So let’s make good, proportional stuff.