A privacy policy for all
Starting October 3rd, 2018, the App Store will require all new apps and app updates to contain a privacy policy. If you’re an app developer the question is; what do you do now?
This article will give you practical advice to help design a privacy notice that actually helps people understand what you’re proposing to do with their data. More importantly, it’ll help you understand why strong privacy practices can help increase trust and maximise value.
Let’s kick off with some basic context.
Where are we now?
In 2017 trust was at an all-time low. This is broader than just data. It’s the result of organisational success metrics — and the behaviours these metrics encourage — not aligning to the metrics the people they serve as customers care about most. To put it simply: when we compete with our customers, no one wins.
On top of this systemic issue we’ve got questionable data practices, outdated business models, and zero-sum experiences. These are contributing to a digital trust divide; something we’ve come to know as the data trust gap.
The data trust gap is the gap between brand and data trust. It means people have a low propensity to willingly share their data.
If you’re thinking right now that people don’t care. They do. But, they feel like they’ve lost control. People share because there’s no other option. We’ve designed a power imbalance.
But this doesn’t have to be a negative story. Data grants access. It helps us uncover meaningful insights. How we use it can mean the difference between new customer and lost customer. More importantly, data sharing, analysis and decision-making can help us save lives. Because of this it’s critical we close this data trust gap.
So how does this relate to Apple’s decision to enforce mandatory privacy policies?
First off, there have been a bunch of regulatory shifts of late. From the U.S. to the EU to Brazil, data protection regulations are strengthening. People are gaining new rights. Organisations are investing in evolving their data processing practices.
People’s views of privacy are also strengthening.
The idea that an organisation can do anything they want with data is long gone. Purpose limitation, data minimisation and at times, explicit and granular consent, are enabling lawful data processing.
Apple has long been considerate of this. They’re far from perfect, but they have been considerate.
This is where we are now. Onto the next question.
Where do we want to be?
Fortunately this is a very simple question to answer. We want to design a trustworthy data ecosystem. We want people, organisations and connected things to share data as equals. We want data sharing to drive mutual benefit. We want rights to be respected and protected.
We want this because there’s massive value to unlock. People, communities, societies and all types of organisations can benefit if we do this.
Getting to this point is the tough part.
How will we get there?
The answer is complicated, but to summarise, it’s about designing inherently trustworthy organisational structures, products, services and business models. It might sound simple, but customer-facing privacy notices are a decent place to start. This is because they’re a proxy for trustworthiness.
Our customer facing notices are only going to be effective if we get all of the other stuff right.
The rest of this article is about helping you construct your foundation. It’s about helping you increase trust and maximise value. From this foundation you can design a differentiated, and perhaps even engaging, privacy notice.
The Data Trust Stack
Before continuing, let’s get something out of the way. This is what you need to avoid. If you do nothing other than this you will still be in a better position than most.
Most customer facing privacy policies, or rather ‘privacy notices’, read at about a Grade 14 or 15 level. As a rule of thumb, never ship a privacy notice that reads at Grade 14 and takes 60 minutes to get through. If you do this you have not designed a customer-facing notice. You’ve simply published legalese.
To help you get past this, use Hemingway App. It’ll help you refine and simplify your content. Grade 9 is solid. Simplify further if you can. Then design an actual experience that helps inform the people you call customers.
Back to it the Data Trust Stack.
Layer 1: Data Ethics
A data-ethical company sustains ethical values relating to data, asking: Is this something I myself would accept as a consumer? Is this something I want my children to grow up with? A company’s degree of “data ethics awareness” is not only crucial for survival in a market where consumers progressively set the bar, it’s also necessary for society as a whole
— Data Ethics: The New Competitive Advantage
Although few companies have formal data ethics frameworks, this is where your effort has to start. Your data ethics answer the moral questions. They help you decide what you are comfortable doing with data. They help you live and breathe your unique point of view.
To become a trustworthy and effective data custodian (what you should be aiming for) you need to operationalise data ethics. This can take its simplest form in principles, decision-making frameworks, regular consequence mapping activities and transparent auditing.
Don’t go at this alone. Organisations like the IEEE, The Data Trust Alliance and Data Ethics EU (to name a few), can help you get there. A diverse, inclusive, open and collaborative approach will net the best result.
Layer 2: Privacy and Security by Design (PSbD)
This approach was first developed in the late 90’s by Dr. Ann Cavoukian. It provides a systematic way to embed privacy and security into the design of an organisation structure, business process or system.
It’s now endorsed by the International Association of Data Protection Authorities and Privacy Commissioners, the U.S. Federal Trade Commission, the European Union and privacy professionals globally.
Operationalising these principles builds upon your data ethics framework. It’ll help you design the operational foundation to become a trusted data custodian.
Layer 3: Data Trust by Design (DTbD)
“Years ago I urged people to embed Privacy, by Design. With trust at an all-time low, it’s now time to “design for trust.” And the best way to overcome the data-trust gap is with Data Trust by Design. This is an essential ingredient to enabling user empowerment.”
— Ann Cavoukian, Ph.D., LL.D. (Hon.), M.S.M. Privacy by Design Centre of Excellence, Ryerson University
Data Trust by Design was developed as a way to bring trustworthy practices to customer-facing activities. There are six principles, along with a series of design patterns.
If you’re interested, here’s the guidance on applying DTbD to up front terms and conditions. And here’s a detailed post breaking breaking down a consent experience using DTbD.
These principles and patterns are then supported by three practices; trust mapping, experiments and pair design. Trust Mapping and Experiments are covered at depth in this playbook.
By embedding the Data Trust Stack into the core of your organisational culture and practices you’ll be well positioned to respect sand protect people’s privacy. From this foundation you can find ways to design high trust customer experiences that actually earn you access to more of the right customer data. This data access is your competitive differentiator.
Privacy isn’t a compliance burden. Privacy is part of your value proposition. It’s integral to the customer and brand experience. It’s not about static policies that hide in the background, rather, dynamic value exchanges occurring within an environment of trust.
So how do you achieve this with your privacy notice?
Designing a simple and useful Privacy Notice
Your privacy notice is just one output the Data Trust Stack will help you produce. Yet in combination with your actual processes and practices, your marketing and communications, and your service experience, you can design experiences that showcase your trustworthiness. You can inform people. You can give them ‘good feels’. You can earn greater access to data that’ll help you augment your proposition.
This design effort is broad. It requires you to understand what data you need to process, for how long and for what purpose. It requires you to be considerate of relevant data protection regulations. It likely means conducting due diligence on Privacy Enhancing Technologies to ensure you can uphold your values and operate effectively as a business. It requires you to frame hypotheses, put them to the test with your customers and constantly evolve how you design data sharing and disclosure experiences.
This will force you to collaborate across your business. It means having designers work with lawyers and data protection practitioners. It’s a much broader effort than we can possibly cover in one post.
If you’re ready to do this the right way, get in touch. If you want some simple tips to get started, keep reading.
Lead with values
Few organisations lead with their data values. Fewer organisations embed these values into their end to end service experience. Doing this is an opportunity to differentiate.
We’ve done this at >X since before day 1.
Leading with values is not about asking people to trust you. It’s about bringing your data ethics to life in a simple and comprehensible way. It’s about embedding them in your brand conversation and bringing them to the forefront of that conversation at appropriate times.
Cater to the context
Some people want to dive deep. Others are happy to move on after viewing a 30 second video. Design for this by challenging information design practices.
Give people the ability to learn and engage in ways and at the level they’re most comfortable with. Don’t just assume. Put this stuff to the test.
Aim for Grade 5
Comprehension matters. Although we advocate relying on a variety of form factors (i.e. interactive video, visualisations and interactions), it’s likely a decent part of your privacy notice will be written. Use Hemingway App or something similar to help ensure readability. Your stretch goal should be Grade 5.
Support the conversation
Chat popups are ubiquitous. When was the last time you saw one on a privacy notice?
Giving people the ability to contextually inquire supports the conversation. It helps you understand where people are getting stuck. It helps people understand where you’re coming from. It supports dynamic exchanges in an environment of trust.
Although there are a variety of business constraints to consider here, this implementation could be a chatbot with some basic conditional logic than hands off to a person if and when the time is right.
Quick note on this. If you deliver a chat experience via a bot, make sure people know they’re speaking to a bot!
Make it actionable
Even well thought out privacy notices that support people in exercising their rights make it too tough. Challenge this. As an example you could give people the ability to exercise their rights by going above and beyond the GDPR. You could partner with a Personal Information Management Service. That way people could get their data and actually do something with it!
A novel idea indeed…
Appropriate transparency
Radical transparency is great, but it can scare people. Think of appropriate transparency as transparency that caters to the context. It deepens the conversation. It assists with understanding. It gets you aligned on the objectives and the journey.
An example of this could be clearly explaining cookie usage, along with how to opt out. Explaining the inner workings of tracking functions won’t help too many people.
Here’s an example of a cookie notice that focuses on appropriate transparency.
Bringing it all together
Privacy notices aren’t going to disappear overnight. In fact, thanks to Apple’s stance they’ll only become more relevant. Our collective challenge is to ensure the privacy policies of old die quickly. Our job is to make privacy simple, meaningful and actionable. A thoughtfully designed customer-facing privacy notice is one way to do that.
Enjoy the process!
