How to use UX design to safeguard users’ privacy

Koos
Hidde Burgmans

Leestijd
8 min Lees

Datum
09 dec 2019

Online privacy is that thing you kind of gave up the moment you embraced the internet. Or, at least, that is my point of view after a two month project on the subject. But there’s hope: more and more companies are taking initiatives in fixing this twisted state of affairs and I gratefully got to be part of one of them.

We got to do a complete Service Design cycle for the data privacy challenges of one of the biggest corporations in the electricity sector of the Netherlands. In short, our conversations with the user showed that to them, in it’s core, privacy is being able to move carefree in whatever it is you’re doing. The current digital world has managed to completely obliterate this primary need. Our job at Koos was to design a UX that reverses the current situation, taking the control of personal data out of the hands of companies and putting it in the hands of the user. Here is a picture of our Service Design ride:
Source: An introduction to Design thinking, H. Plattner, Institute of Design at Stanford

During this process we went all the way from extensive qualitative research to the concrete part where we put our ideas to the test in UX sprints. Starting with the empathise phase, we explored the topic of privacy as a whole, slowly narrowing down towards privacy concerning your personal electricity or gas data.

If by now you’re thinking, why the hell should I care about my gas- or electricity data, you’re not on your own. One of our main insights was the unawareness of the richness of this data. Let me explain: Through your electricity data companies are able to extract what kind of devices you’re using, when you’re using them, for how long, and whether they are up for replacement. This means that data can tell when you come home, when you turn on your lights, how often you go to the toilet… Basically this data allows them to extract your complete lifestyle.

As we laid out this future scenario of personal data during the interviews, the necessity of our project became more an more apparent. We gathered our insights and formed our strategy by constructing an ideal customer journey. By strict prioritisation we chose the most essential part of this journey and took 3 UX sprints to validate our ideas through prototyping and testing.

Emilie performing a user test in the back, while the rest (including client) watches and formulates insights

Not only did this project start with the user, the user concluded it as well. During these sprints we worked from hypotheses towards validation. Testing our assumptions with real users in the final day of each sprint-week. It showed that privacy is a complex and rather sensitive matter. Here are the 5 lessons we believe are applicable for anyone designing a UX that touches upon privacy.

How the authorization-screen serves different flows for our personas

1. Serve persona tailored flows

In its essence, the service provides a gatekeeper function, helping you manage your data permissions. Hence, the app came down to one essential question: Do you grant this company access to your data? During our research phase we identified six needs based personas and even though we chose to focus on only three, the needs hugely differed when answering this question. For instance, an ‘Idealistic sharer’ just wants to get on with it, where an ‘Anonymous controller’ wants to have absolute insight and control on every permission given.

The user test during our UX sprints showed that while trying to please all personas in one screen, we dissatisfied all of them with the option overload. Therefore, we created one screen that separates the flows based on our needs based personas. (See image above) Make sure you find out the customer needs and tailor your flows accordingly.

The evolution of the openings-screen throughout the sprints.

2. Make sure your story is cristal clear.

During our first prototype, MEO was introduced as a stand alone service helping to protect your data. Though functionally the service remained the same throughout our sprints, the distrust towards MEO as a brand was at its highest in our early attempts. People just couldn’t understand why a non-government party would help them protect their privacy. ‘This sounds to good to be true, what’s the catch?’ During the interviews, the users pointed us towards the right direction, stating that the Dutch government is the only reasonable party to take this initiative. With a second try, that led to even more confusion, as we blended the propositions of MEO and the government. We managed to tell a story that made sense in our third sprint: A full on government approach.

This shows that even if you have the most honest and righteous intentions, if your story doesn’t make sense to the user, the reliability of your service collapses. Make sure the foundation of your service is cristal clear.

Evolution of the authorization-screen throughout the sprints.

3. Don’t specify the data, specify your intentions

When allowing access to your energy data, there are quite some variables that can be set. Gas or electric, the duration of the permission, the frequency of measuring, etc. In our first attempt, we gave many options to the user, aiming to provide maximum freedom by being able to extensively control your permissions.

During the tests, our user kindly showed us that we were not helping them by forcing them to make this many decisions. We learned that privacy is not about setting the right specifics, it’s about the relationship between you and the company instead. There is only one important question: Do I trust this company? If the answer is not an immediate yes, setting the specifics of the permission is irrelevant. Information that turned out to be valuable to assess the credibility of a company is the specification of their intentions with your data. This led us to design a completely simplified permissions-page. (mand!)

Data is fuzzy, and its specifications even more so. Keep in mind that when working on privacy, it is the relationship between the user and the company that determines their decision.

4. Stay away from security shield

We love clear rules. They give guidance in a complex world. Here’s a clear rule: Don’t use security shields.

The intent of our new feature was to comfort users by providing a safety analysis of companies asking for your data. We would assess their safety level and express this by a number of security shields. Since every company has its flaws, the level would never add up to a 100%.

Though it was intended to be a subtle yet comforting feature, during the tests it turned out to achieve a counterproductive effect. Though very effective in grasping the attention of users, it was not the amount of shield assigned to the company that stood out. It was the amounts of shields missing. Wether a company had 3.1 or 4.9 shields didn’t matter, it was the missing 0.1 shield immediately worried our users. Unless you want to scare your users, don’t use security shields.

5. Nobody wants to be confronted with complex problems

Finally, during our user tests we learned that dealing with privacy issues evoked emotions that were hard to place. During interviews, we often experienced a dropping mood as users showed an increasing resistance towards the topic. Even though, all we wanted to achieve was to give user control over their privacy, it appeared that not everyone was keen on our designs. The fact is, that privacy and especially online, is a complex problem that does matter to people. However, since online privacy is something we haven’t had control over since… ever, we managed to cope with it by gently putting it away in deep, dark and ignorable corners of our mind. Most users liked us more if we let them be in their ‘ignorance is bliss mode’ than if we forced them to start digging.

Bear in mind that even if you have the most honest intentions, people are not always eager on thinking about their complex problem, especially if they have securely an neatly put it in their ignorance box. This doesn’t mean you shouldn’t address the problem, but make sure you provide some guidance and comfort along the way.

The project showed that, when working on abstract a complex problems like online privacy, you’re helping your user by turning these complex issues into concrete and understandable ‘steps’. Our interviews helped us understand which ‘steps’ are important to whom and furthermore, which ones to focus on.

Even though this is the moment to high five and compliment ourselves on having made a strategy, only half the work is done. The hard part is finding the right execution that makes your strategy tangible. There are a millions ways to unfold your strategy into a UX, the only one who’s going to tell you wether you picked the right one is your user. So in the final stage of the project, conclude a project with UX sprints and make sure you keep validating and keep learning.

At Koos we love to run projects that beautifully combine Service Design and UX. Want to read more on Service Design and UX? This article is part of a series in which I try to unravel the beautiful complexity of combining the best of these worlds.

Ready for tailor made UX design?

Employee experience exceeds HR

Service Design Workshops

Wat is service design?

Service design in Shanghai

Service Design and Scrum: Why UX is key.

Koos’ brandmodel – Map and leverage the strengths of your organisation

Best insights of the Service Design Experience in Lisbon

Six ways to measure the impact of your service design efforts

Dear UX-ers: the future is human

Redesigning the Portuguese Postal Service