A Small Change To Amazon.com To Improve Privacy through Transparency And Control

Overview

For this project I reviewed literature in protection of privacy principles and analyzed Amazon.com through a privacy-centric lens and their privacy control settings. I then introduce a new central page for controlling privacy settings in order to improve the transparency and intervenability of a person’s Amazon account.

Interaction Prototype Video

https://streamable.com/35pmf

The Problem

Going through a basic analysis of the Amazon webpage, finding specific privacy settings, advertisement control, profile settings, and personal data deletion is found to be either difficult to find — under ambiguous section titles — or entirely missing. Therefore, with this assessment I wish to make the Amazon website more: transparent, accessible and give more control to the user over their personal data.


Background Information on Privacy:

With recent published public policies such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act of 2018 (CaCPA), privacy regulation has been on a lot of people’s mind-especially me. I believe privacy is important because privacy is more than keeping your thoughts and beliefs away from others. Privacy has social implications, it provides autonomy by providing freedom to think, say and do things without overreach from larger entities such as governments or corporate conglomerates. (See The value of privacy)

Daniel Solove, a Law professor at the George Washington University law school and a large advocate and spokesperson for privacy as a basic human right believes in these ideologies too. He says, “privacy is important because it respects individuals, builds trust with others, limits governments and large corporation’s powers, creates freedom for social and political activities and, gives the opportunity of a second chance in online activity”. Privacy has to be an inherited human right for everyone (See his website)
 Furthermore, Privacy policy is much more comprehensive than hiding your information. The most common argument against privacy is the “I’ve got nothing to hide” argument. Without divulging into great detail why that argument is flawed and ignorant, Edward Snowden summarizes it best,

“Saying that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about freedom of speech because you have nothing to say. It’s a deeply anti social principle because rights are not just individual, they’re collective, and what may not have value to you today may have value to an entire population, an entire people, an entire way of life tomorrow. And if you don’t stand up for it, then who will?” — Edward Snowden

Continuing, how is this associated with Amazon, design or overall user-experience? Technology has had a lot of impact on everyday life in several decades. But unfortunately, public policy hasn’t kept up the pace. Information now is much more public than it ever has and we put a lot of our trust in these large corporations to keep our information and data safe. The most prominent example of this is with the social media giant, Facebook. It has been on the burner for data breaches and FTC violations of decent decrees and even fined by the Information Commissioners Office in the UK for its misuse of data with Cambridge Analytica (See The Gaurdian). Data is being handled with more hands in the pot than ever before.

Furthermore, this leads to the implication that there needs to be a better consideration for user’s privacy. One school of thought that is leading into the public policy like in the GDPR, is the idea of privacy by design. Ann Cavoukian, who is referenced as the person to first coin the term says that privacy by design is to make sure that privacy is taken into account throughout the whole engineering process(See The Principles). She establishes seven Principles of Privacy by Design that technology should follow. The one that is routinely used is embedding privacy inside the design. It’s written as follows: “Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, without diminishing functionality.” This is where Amazon falls short.

Although, Amazon is compliant with The California Online Privacy Protection Act of 2003 (CAlOPPA) which is effectively one of the first nationwide laws with a broad requirement for privacy policies to be public on all websites (See the Californian Law). It does a poor job on giving access and control over a user’s data and personal information. One contradiction is that although Amazon has a privacy policy, most people don’t read them (See Nothing To Hide). One solution is showcasing and giving more control to the user of their own data. European Union Agency for Network and Information Security (ENISA) establishes several principles and goals to improve technology and privacy by design: Unlinkability, Transparency, Intervenability. Unlinkability is associated with data minimization and purpose binding. Transparency is related to openness, consent and accountability. Intervenability relates to: choice, user access, rectification, data deletion (See EU Law). Using these terms I want to propose a solution to Amazon’s lack of transparency and intervenability that is inclusive and doesn’t break functionality.


Design Inspiration and Research:

Microsoft

Microsoft.com

First, I wanted to explore what current technology companies are doing to address privacy control and transparency. The first organization I looked into was Microsoft. The Chief Executive Officer, Satya Nadella has publicly been open about improving the privacy for Microsoft’s users and believes that privacy is a human right. Microsoft took the liberty to open up some of the rights and principles of GDPR and made it available to everyone using Microsoft products (See Bloomberg). This is evident on their privacy website where their key principles are shown: control, transparency, security, legal protections, No content-based targeting, benefits to you (See Microsoft’s Policy).

Transparency

One of my favorite things that Microsoft has are these specific explanations of the information they’re collecting and why. It is expected they’re collecting information but it is nice there is some openness and transparency about the process.

Dashboard

Additionally, Microsoft has an intuitive dashboard that allows users to control their privacy settings. This allows for better understanding of the information that Microsoft has on a user.

Ads Settings

On default the settings are turned on to enable personalized ads, but they make it easy to turn it off for the browser and if you have a windows computer.

Apple

Apple.com

Another key player in privacy controls is Apple. Tim Cook, the CEO of Apple has been adamant improving Apple user’s privacy rights inside the company and in the U.S. On, October 2018, Tim Cook spoke at the European Data Protection Conference in Brussels and supported federal regulation on privacy. He also mentioned 4 key rights regarding privacy that legislation should focus on: the right to have personal data minimized; the right for users to know what data is collected on them; the right to access that data; and the right for that data to be kept securely (See The Verge).

Transparency

Data & Privacy Section of your Apple Account

Data Management

Proposed solution

Using the previous examples as inspiration I wanted to recreate something that aligned with Amazon’s design guidelines and also give more control to the user. I also wish that my proposed solution will open up public discussion with how technology companies like Amazon and others handle user privacy.

Sketches

As mentioned before, I want to adhere as close as possible to Amazon’s design guidelines. As an outsider looking in, I picked up several patterns that Amazon does. Therefore, Instead of recreating the available options and controls Amazon gives to control a user’s account, I tried to place them in a central location under the Privacy Control umbrella.

Account Settings: Added a privacy menu section
Privacy controls: a central place with all of the privacy controls for an account

Inside the Privacy Controls menu, it will allow Amazon to show the available privacy options and controls a user can change and be in charge of. Additionally, some information about how Amazon handles privacy concerns and how to contact for further privacy related questions can be shown here.

Some of the settings such as, voice, store, profile and ad settings already exist, but they are difficult to find. By adhering to this architecture, it creates a better understanding and mental model for controlling the settings of an account’s privacy. This also limits the goose chase that users have to do when trying to search for specific settings to change. Ultimately, I believe this could lead to better understanding and better protection over a user’s privacy on Amazon.

High-Fidelity Designs

Account Settings — Before

Account Settings — After

Privacy Control Menu — Before

Not Available

Privacy Control Menu — After

Apps & Skills Menu — Before

Not available

Apps & Skills Menu — After

Interaction Prototype Video

https://streamable.com/35pmf

Conclusion

Finally, after researching, ideating and designing, I believe this design can improve Amazon user’s awareness and control over their privacy. The reason I believe that this will help is that by organizing and creating a better architecture of customizable account settings, it can allow for users to further understand the rights they have when using the website. It also allows them to be in control of their privacy. I also believe this design will allow Amazon to further analyze user’s behavior on the site to accommodate them and their privacy needs.

Shortcomings and Next Steps

Although I feel confident in the design and its purpose, there were some shortcomings. First, for some of the features, Amazon employs anti-privacy-centered behaviors that take advantage of the common user. For example, although my solution allows for customizable controls, the default for advertising is set to collect information and personalize ads for the user.

In addition to this, Amazon writes in fine print that regardless of selection for personalizing ads, users will still see personalized product recommendations and other similar features on Amazon and affiliated sites. 
 Therefore my solution does nothing to solve both issues. I would recommend for future investigation that a solution is provided to give more control over personalized advertisements (See Amazon.com).

Next, My solution doesn’t address the customization of the specific elements in my dashboard like Alexa, advertisements, profile, store, and wishlist. At this current stage, my solution aims to combine all of the information of Amazon into a single area for easier access. Further development in these areas may be required.