Data Trust, by Design: Principles, patterns and best practices (Part 1)
When thinking about how to communicate this, a colleague of mine suggested a little Golden Circle action. So thanks to Simon Sinek, I’m going to start with why, talk about how then get into the what. To set a clear expectation upfront, this is a multi-part content series that will progressively expose the reasoning behind the Data Trust Design Principles and Patterns, whilst also progressively disclosing specific patterns you can use and contribute to.
I’m cool with uncertainty, so let’s also set the context that this is a multi-part series because I actually have no idea how many individual pieces of content will contribute to it. Maybe it’ll just constantly evolve, who knows.
With that out the way, let’s start with why!
Why does data trust matter?
Hideaway terms and conditions, implicit consent and other dark patterns being pushed to the users of digital products and services simply aren’t working. People don’t understand what they’re getting into. Their trust in brands is at an all time low. Data breaches continue to rise at an astounding rate, often times with far reaching consequences. Major regulations like the GDPR and ePrivacy are upon us. Many people have become sick of the model. They’re beginning to take action to protect their privacy and rights.
We’ve got more data that ever before. We’re also more reliant on data than ever before. These capabilities and this focus gave rise to the belief that privacy is already dead. This view is misinformed and falsely assumes privacy equals secrecy. It does not.
New(ish) developments like Distributed Ledger Technology, Zero Knowledge Storage, Homomorphic Encryption and a variety of other approaches, projects and capabilities are supporting Eve’s view of privacy by giving some of the power back to people. These emerging capabilities, specifically Customer Identity and Access Management (CIAM) and Personal Information Management Services (PIMS) are beginning to change the way people, organisations and things interact with identity and other data attributes.
All of the above is forcing the personal data landscape to change, quickly. How organisations ask for, process and generate value from data is transitioning. It’s shifting the power dynamic away from centralised towards a more distributed and decentralised model, where the people the data relates to consciously engage in the personal data value chain.
To cut a long story short, if we’re to use both big and small data in ways that generate real value for people (meaning we need to be sharing and processing data at scale, often), communities and society we need to establish a more trustworthy model as the new normal. We need Privacy and Security by Design (PSbD). We need positive sum thinking. We need radical transparency and we need an ecosystem that is inherently participatory. We need to focus on how data can be used to create mutual value.
If we can achieve this by collaboratively designing an inherently trustworthy data ecosystem, we can share more of the right data, just at the time’s it’s needed most. The impact of such an ecosystem could be anything from assisting with positive behavioural change that collectively impacts the health of our planet through to real-time outcomes like personalised meal prep that fits your ethics, budget, genetics and health goals.
So even though we’re starting very small, we’re thinking as big as we can.
How can data trust and DTbD help us achieve this?
If people have a high propensity to willingly share their data, if organisations are incentivised to process data ethically, and if an entire ecosystem is optimised for individual, communal and societal outcomes, data can become an asset that positively impacts us all.
To make all of this happen we shouldn’t push it on people. We should take ownership. In fact, we have the power to impact the types of products, services and experiences that make up people’s daily lives. We therefore have the opportunity to empower the people using these products and services. You know what Spider Man’s uncle would say here. And it’s true — this is a responsibility.
Our experience at >X leads us to believe this has to start with values, ethics and guiding principles. Those principles need to be actionable — we need to operationalise them in meaningful ways. This means they must help us design better customer propositions. They need to help us reduce costs and mitigate risks. They also need to enable us produce data-driven propositions that boost top line and competitively differentiate our brand.
This is a big ask, so to answer the how question, we’re proposing the principles we’ve developed become part of your daily consideration set. We trust these principles and the patterns that follow will assist us all in empowering, informing and enabling the people we serve as customers to make choices about how the engage in the digital world. To draw on an analogy, think of Customer Development and Lean Startup — they’ve become movements. Together with Human Centred Design they comprise the broadly accepted approach to defining, designing and deploying new products and services. By adding DTbD to this movement we can ensure our products and services are inherently trustworthy and inherently human centric.
We‘ve already observed that DTbD changes behaviour. It changes how we approach product design, product development and product marketing. As we operationalise DTbD in more situations across a broader set of organisations and industries it’s our expectation the products and services themselves will change. We’ve observed this also changing the relationship people have with their data. For the first time ever, people actually get the gist of what’s happening. They have clear visibility of the tangible progress their data is helping them make.
Over time — through a heap of trial and error — we’ expect the market to develop new design patterns that are widely accepted and used by billions of people in ways that make data sharing more valuable, meaningful, engaging and of course, safe.
So we’re starting by socialising these principles. We’ll then progressively release different patterns for interactions like upfront terms and conditions, just in time consent, consequence clarification, progressive disclosure and the various actions people can take (particularly in the EU) as part of their data subject rights. We’ll pull this together into a coherent design system — something that complements existing design collaboration workflows and the tools we use on a daily basis.
We’re very keen to make it happen quickly, so get in touch if you’d like to work with us on this.
With the why and how out of the way, here’s the what.
What is data trust?
Through years of dedicated work we’ve come to learn that data trust is the sum of data transparency, value delivery and consequence acceptance. A brand must therefore say exactly what it will do and do exactly what it said, whilst accepting and clearly communicating the positive and negative consequences of their actions.
“…data trust is the sum of data transparency, value delivery and consequence acceptance”
In simple terms Data Trust is the trust a person places in an organisation’s data practices. Data trust has been earned when people have a high propensity to willingly share their data. As we now know, this is not the case today.
What is Data Trust, by Design?
Data Trust by Design is the practice of designing transparent, positive-sum, value-generating experiences that give people the ability to make free and easy choices about how their data is and isn’t used.
Data trust design principles give organisations a foundation to design processes, workflows and experiences that are inherently trustworthy. These principles align to the stages of a person:organisation relationship. They have a beginning, a middle and an end. They provide a simple frame of reference for how to treat people and their data at each stage of the relationship.
There are 6 principles guiding this practice.
First contact: Define shared objectives
People and organisations have stuff to achieve — stuff they’re motivated by. For a person:organisation relationship to really work, objectives need to be clearly stated by both parties upfront. If common ground is reached, proceed. If common ground can’t be reached, maybe it’s not meant to be. In either case the upside is that you may have just won yourself a brand advocate. Remember, people value transparency.
In practical terms, this means truly practicing data minimisation. Simply communicate your objective whilst finding ways for your potential customer to do the same. At this point in time there is no need for identity or any unnecessary attributes to be exchanged. KISS and decide whether it’s worth proceeding with further data processing quickly.
Before every interaction: Make the purpose clear
To make use of people’s data to fulfil a value proposition, your purpose has to be explicit. It has to be understood. People need to be informed, and only once they’ve made a choice in your favour do you proceed.
In practical terms this means catering to the context. If the interaction is simple and transactional, give people the most important information first. But give them the ability to drill down deeper if they feel it’s necessary. If specific requirements have to be met, ensure these are communicated explicitly. People need to understand the context if they are to assess it.
If you can explain your purpose in a sentence, picture or simple interaction, do it. If it requires more granularity and support, you’ve got to be willing to go the extra mile. Remember, people need to be informed and empowered so they can make a choice.
Establish a baseline: You are equals
The most successful relationships are built on a foundation of mutual respect and trust. Mutual respect starts with attitude, behaviour follows.
In practical terms, clearly state the control and access rights the person you’re building a relationship with has and relate it to your data processing purpose. Just like you, people need ways to make use of their data, withdraw your right to use that data and take their data to other relationships.
If you can do it, so can they. In this new world, people and organisations exchange value as equals.
Take your time: Trust has to be earned
Trust compounds over time. It’s the sum of radical transparency, consistent value delivery and a willingness to accept consequence.
Data trust relies on a show, don’t tell model. Give people the opportunity to try before they buy. Give them simple, light touch ways to engage with your brand. Show them that you do what you say, and you’re willing to own the consequence of your actions.
Design for the long game. Quarterly reporting isn’t the metric that matters most. Sustained customer value creation is.
Mutual success: Share in the value you co-create
They call it value exchange for a reason. By focusing on the value you create, rather than the value you take, it’s very likely you’ll begin delivering superior outcomes to the people you serve. If you do this consistently people will trust you to deliver.
Practically this means evolving your design practice and business metrics. It means focusing on the value, meaning and engagement you create for the people you serve, not just the metrics of old like CAC to LTV ratio.
When utilising people’s data to create value for them, make sure they understand how their data is being used to create that value. Magic tricks are great but feeling like the magician is much more rewarding.
Say goodbye: Make endings matter
Even the best relationships must end. The trusting relationships you have with the people you serve are no exemption. When the time is right, regardless of who activates the ending, make it simple and easy for both parties to get out on the best of terms.
Practically this means giving people options. It means giving them ways to get all of their data, and helping them use that in whatever comes next for them. Think beyond people’s right to portability. Endings are contextual to each relationship. Some people might want assistance enforcing their right to be forgotten. If so, make this happen seamlessly. Give them visibility of tangible progress and show them clearly you’ve done exactly what they’ve asked you to do.
We’ve been formally putting these principles into practice for a few months now. We’re currently working through the challenges that relate to how we operationalise them, how we reference them as part of our design workflow and how we use them to design specific patterns that are new, inherently trustworthy, yet familiar enough that we don’t lose sight of the leaps and bounds of progress our industry has made over the past few decades. We’ve got zero intention to make it harder for people than it needs to be.
The output of this work will be shared with you progressively. The first of which will be a design pattern for upfront terms and conditions.
I’d like to say a massive thank you to our team for all the help, guidance and support they constantly offer. I’m looking forward to experiencing the impact designing for data trust will have with all of you.
Stay tuned for more or get involved if you’d like to be part of the action sooner.
>X is a distributed research, design and strategic advisory firm at the forefront of the personal data economy.
Working with leading organisations globally, >X helps make sense of today’s rapidly evolving behavioural, regulatory and technical trends. They help organisations get closer to their customers than ever before and assist cross-functional teams in producing and validating experiences that are inherently trustworthy, competitively differentiated and deeply personal.