The user experience and data privacy

The user experience and data privacy

Heidi Trost
Heidi Trost

Until recently, many people didn’t realize how much of their personal data was being collected and stored in the digital realm. The truth is that companies capture, store and analyze large amounts of consumer data every day. They look at how customers behave, who they are, and what they care about. They pull the data from everywhere, from every device. To put it simply, customer data is a very big business.

Sometimes, it is obvious that a business is collecting your data. For example, you may be directly asked questions. Other times, it is much less transparent and is collected in the background of the websites, social media, and apps you use on a daily basis.

At Voice+Code, we help our clients sort out the practical and ethical issues around collecting and using personal data from their customers because it is a fundamental aspect of the user experience. How your company approaches these issues and communicates them to the end user affects a person’s relationship with an organization.

Digital relationships

Human relationships must have trust in order to survive. And that includes relationships in the digital space. Even technologies such as blockchain, which don’t require you to trust another person in order to conduct a transaction, require trust in the process. You believe the transaction will go according to plan or you would not use it.

Additionally, the basic tenets of user experience rely on a core concept: business goals must align with user goals. Getting users to do things that don’t align with their own goals, motivations, and behaviors makes organizations resort to tactics like long, dense terms and conditions, omitting critical details that impact the relationship, or crafting the user experience to trick users into performing a desired action like pre-checking opt-in boxes.

This misalignment between business goals and user goals puts the long-term viability of a company at risk. When organizations sell information or rely on advertising, their clients are not the end users. Instead, their clients are companies that want to advertise. Once users realize this, they start to alter their behaviors in using the service or stop using the service altogether.

For example, when ads for products appear in Facebook after a Google search for similar products, users block ads and become skeptical of the relationship with both companies. But the current relationship between tech giants and consumers is reliant on an exchange of personal information for services. Personal information is then sold to other companies or used for targeted advertising.

Printed magazines, and other traditional advertising channels, have operated on a model similar to this for a long time. The key difference is that a magazine isn’t privy to your most private conversations, your personal contacts, and your exact location at any given moment. That’s where the imbalance occurs—and consumers are starting to react.

Government steps in

Unfortunately, the industry has not stepped up to the plate with business solutions. That means that government has intervened. The European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018, affects how EU companies, as well as United States-based companies that do business in the EU, collect and use the personal data of people in the EU.

Instead of sneaky, pre-checked opt-in boxes, users must explicitly agree to the organization’s use of their data. Multi-page terms and conditions filled with confusing legalese must be replaced with clear, simple language explaining what information you are providing and what it will be used for. Further, even if you do provide consent, you may revoke that consent and ask for your personal information to be deleted.

GDPR could influence privacy-related legislation in the United States. Earlier this year, California passed the California Consumer Privacy Act, which will go into effect in 2020. All 50 states have passed legislation that require organizations to notify affected people of data breaches within a certain period of time.

Organizations that violate legislation will face fines. For corporate giants that violate GDPR, those fines could be in the billions of dollars. But perhaps worse than fines is consumer distrust. Legislation will weed out sneaky business practices and companies will be left to compete based on the value they provide to users. Businesses that can’t demonstrate that value—without relying on selling personal information—risk becoming obsolete.

Companies that are doing the right thing will gain user loyalty. I personally experienced this recently when I received a flurry of GDPR-related emails telling me how businesses I barely remember are using my personal information. I received one particularly compelling email from a software company. Their email—in stark contrast to the others—said that they have always been committed to my privacy; they have always complied with GDPR, long before the legislation existed. Now that is a company I trust and want to do business with.

Heidi Trost is a usability expert, user experience researcher, speaker and founder at Voice+Code.