A new era of privacy in tech: time to challenge the mindset

“Legally, you have to think about privacy when you design.” — Lon Barfield

Following our first birthday in December, we met last week for the first UCD Bristol of 2019. This time, our speaker was Lon Barfield, with a talk titled ‘Privacy by design, changing the mindset’ and a focus on the modern concept of privacy and data protection.

Lon’s talk started by comparing the period between the 1930s and the 1950s when tobacco was adulterated to get people addicted, with the current state of social media and Facebook’s algorithms — two perfect and very different examples of addiction by design.

If people were not concerned about the consequences of using social media a few years ago, they surely are now. The Cambridge Analytica scandal is a good example of why some people don’t trust Facebook (and social media, in general) anymore. The question is:

How do we stop these companies from doing this in the first place? Privacy by design is the answer.

Privacy as a modern concept

Our lives are now more private in terms of what we share with other people, but not in terms of what we share with the companies whose services we use — if or when using their services or products, this is out of our control.

The seven foundational principles of privacy by design listed by Ann Cavoukian (and adapted by Lon below) are a good start. However, as Lon said at the meetup: “everyone quotes them, but is anyone actually using them?”.

  1. Be proactive in doing it
  2. Use the right defaults
  3. Make it part of the design process
  4. Avoid trade-offs and find ways to successfully implement privacy from the start
  5. Data life cycle is part of the design
  6. Be transparent: don’t lie about what you are doing
  7. Keep it user-centric (good UX design!)

The challenge is to change the industry’s legacy mindset of “the more data, the better”, which famously leads to:

  • Bad practice in design
  • Standard (bad) patterns of construction
  • False justifications (the law says you can have the data if you need it, which leads marketing teams to come up with reasons to have the data)

The future of privacy

All digital products and services must now provide users with the ability to protect and access their data — GDPR has made this a legal requirement.

Inspired by the new data protection legislation and the growing awareness around data protection and privacy, Simpleweb Studio Block— where Lon worked as a Design Analyst — developed the TapMyData app. Find out more about it here.

Lon believes that, in the future, the relationship between users and companies will be more equitable, with users demanding to be rewarded for sharing their data. Just like the boom of UX, the time has come for privacy (by design), but it won’t happen until we have the following in place:

  • An understanding of privacy from the user’s point of view and a complete understanding of the law
  • Proper processes and tools readily available
  • Education, which will lead to a mindset change

Using blockchain technology to boost this new era of privacy is one of the possibilities, along with the idea of self-sovereign identity, firstly discussed in 2016. For now, privacy by design will, hopefully, slowly continue to develop along with a new notion of “digital privacy”, with users exponentially pressuring companies to abide by the new rules.

UCD Bristol 15 — February 2019

The meetup will be back on Wednesday 20th February and we will soon share more information about it.

We are currently accepting talk submissions, so if you would like to feature in one of our next meetups as a speaker, complete this short form. We can’t wait to hear about your awesome ideas!