Utilizing Design’s Richness in “Privacy by Design”

This post summarizes a research paper, Bringing Design to the Privacy Table, written by Richmond Wong and Deirdre Mulligan. The paper will be presented at the 2019 ACM Conference on Human Factors in Computing Systems (CHI 2019) on Wednesday, May 8 at the 4pm “Help Me, I’m Only Human” paper session.

How might the richness and variety in human computer interaction (HCI) design practices and approaches be utilized in addressing privacy during the development of technologies?

U.S. policy recommendations and the E.U.’s General Data Protection have helped concept of privacy by design (PBD) — embedding privacy protections into products during the initial design phase, rather than retroactively — gain traction. Yet while championing “privacy by design,” these regulatory discussions offer little in the way of concrete guidance about what “by design” means in technical and design practice. Engineering communities have begun developing privacy engineering techniques, to use design as a way to find privacy solutions. Many privacy engineering tools focus on design solutions that translate high level principles into implementable engineering requirements. However, design in HCI has a much richer concept of what “design” might entail: it also includes thinking about design as a way to explore the world and to critique and speculate about the world. Embracing this richness of design approaches can help privacy by design more fully approach the privacy puzzle.

To better understand the richness of ways design practices can related to privacy, we conducted a curated review of 64 HCI research papers that discuss both privacy and design. One thing we looked at was how each paper viewed the purpose of design in relation to privacy. (Papers could be classified into multiple categories, so percentages add up to over 100). We found four main design purposes:

• To Solve a Privacy Problem (56% of papers) — This aligns with the common perception of design, that design is used to solve problems. This includes creating system architectures and data management systems in ways that collect and use data in privacy-preserving ways. The problems posed by privacy are generally well-defined before the design process; a solution is then designed to address that problem.
• To Inform or Support Privacy (52%) — Design is also used to inform or support people who must make privacy-relevant choices, rather than solving a privacy problem outright. A lot of these papers use design to increase the usability of privacy notices and controls to allow end users to more easily make choices about their privacy. These approaches generally assume that if people have the “right” types of tools and information, then they will choose to act in more privacy-preserving ways.
• To Explore People and Situations (22%) — Design can be used as a form of inquiry to understand people and situations. Design activities, probes, or conceptual design artifacts might be shared with users and stakeholders to understand their experiences and concerns about privacy. Privacy is thus viewed here as relating to different social and cultural contexts and practices; design is used as a way to explore what privacy means in these different situations.
• To Critique, Speculate, or Present Critical Alternatives (11%) — Design can be used to create spaces in which people can discuss values, ethics, and morals-including privacy. Rather than creating immediately deployable design solutions, design here works like good science fiction: creating conceptual designs that try to provoke people into think about relationships among technical, social, and legal aspects of privacy and ask questions such as who gets (or doesn’t get) to have privacy, or who should be responsible for providing privacy.

One thing we found interesting is how some design purposes tend to narrowly define what privacy means or define privacy before the design process, whereas others view privacy as more socially situated and use the process of design itself to help define privacy.

For those looking towards how these dimensions might be useful in privacy by design practice, we mapped our dimensions onto a range of design approaches and methodologies common in HCI, in the table below.

A mapping of design approaches, design purposes, and how they relate to privacy. An HTML version of the table is available at https://bytegeist.wordpress.com/2019/04/28/utilizing-designs-richness-in-privacy-by-design/#design-table

These findings can be of use to several communities:

• HCI privacy researchers and PBD researchers might use this work to reflect on dominant ways in which design has been used thus far (to solve privacy problems, and to inform or support privacy), and begin to explore a broader range of design purposes and approaches in privacy work.
• HCI design researchers might use this work to see how expertise in research through design methods could be married with privacy domain expertise, suggesting potential new collaborations and engagements.
• Industry Privacy Practitioners can begin reaching out to UX researchers and designers in their own organizations both as design experts and as allies in privacy by design initiatives. In particularly, the forward-looking aspects of speculative and critical design approaches may also align well with privacy practitioners’ desire to find contextual and anticipatory privacy tools to help “think around corners”.
• Policymakers should include designers (in addition to engineers and computer scientists) in regulatory discussions about privacy by design (or other “governance by design” initiatives). Many regulators seem to view “design” in “privacy by design” as a way to implement decisions made in law, or as a relatively straightforward way to solve privacy problems. However, this narrow view risks hiding the politics of design; what is left unexamined in these discussions is that different design approaches also suggest different orientations and conceptualizations of privacy. HCI design practices, which have already been used in relation to privacy, suggest a broader set of ways to approach privacy by design.

Our work aims to bridge privacy by design research and practice with HCI’s rich variety of design research. By doing so, we can help encourage more holistic discussions about privacy, drawing connections among privacy’s social, legal, and technical aspects.

Download a pre-print version of the full paper here.

Paper Citation:
Richmond Y. Wong and Deirdre K. Mulligan. 2019. Bringing Design to the Privacy Table: Broadening “Design” in “Privacy by Design” Through the Lens of HCI. In CHI Conference on Human Factors in Computing Systems Proceedings (CHI 2019), May 4–9, 2019, Glasgow, Scotland UK. ACM, New York, NY, USA, 17 pages. https://doi.org/10.1145/3290605.3300492