Skip to main content

Designing the future of data ownership: Embracing privacy by design on a deeper level

data
(Image credit: Shutterstock / whiteMocca)

The notion behind Privacy by Design is to encourage organizations to implement technical and organizational measures at the earliest possible stages of the design of the product and operations. Doing so will help safeguards privacy and data protection principles right from the very start. While this principle has been in motion for longer than the law, the GDPR frames it more clearly as part of businesses’ overall commitment to data privacy.

The fundamental value that businesses offer customers must include how they treat privacy issues. Many companies may consider transparency and privacy an integral part of their values, but these bold statements may be empty if they are not manifested in the product itself. Privacy must be part of the user-focused digital journey that today’s customers seek and appreciate. Designing secure and private experiences increases brand trust, improves the product’s user-experience, and builds stronger relationships with audiences.

In this article, I’ll discuss how Ann Cavoukian’s seven basic principles of privacy by design apply to today’s data privacy challenges. 

1. Proactive, not reactive; Preventive, not remedial

Companies shouldn’t put out fires by responding to the latest breach, regulation, or request. Businesses know their products better than anyone and should create a privacy-focused design process that initiates ways for protecting users’ data.

Don’t wait for a breach or complaint to occur. Make sure you’re only using data you really

need and doing what is needed to protect it. Take a look at your data collection and retention policies today. In addition to compliance, think of the essence of privacy — how can you offer users the necessary peace of mind? Incorporate these issues into your focus groups and surveys, and if your privacy strategy feels like crisis management, rethink your approach.

2. Privacy as the default setting

Users may have ownership over their data, but the responsibility to protect their privacy still rests on businesses’ shoulders. Users should not have to worry about data privacy or invest too much effort in keeping private information safe.

In addition to building a private product from the get-go, give users easy visibility and control tools to manage their data as they wish. Put yourself in users’ shoes. When you check the user journey from a UX perspective, examine processes like data offboarding and filing a data subject request to your company. Does it feel clear and accessible to you?

3. Privacy embedded into design

Privacy isn’t an afterthought and should be considered from the earliest stages of building and designing your product or service. This means that the design and development teams should be aware of privacy pitfalls and challenges and take them into account.

Give your product and user experience teams privacy-focused training.

Consider privacy the same way you do other UX best practices and ask specific questions regarding the data protection of your customers when building each part of the product. 

4. Full functionality — Positive-sum, not zero-sum

A common mistake is to think of privacy as a sacrifice you have to make at the expense of the products’ functionality or business value. The best version of your product also respects data privacy and integrates it seamlessly into the design.

Don’t build products that have to violate users’ privacy to succeed. Allow users to opt-in and enhance their experience by sharing more data, but ensure that the product operates well regardless. This is especially true in the new reality with data privacy and consumer control over data has become increasingly important, in fact companies that invest in a better privacy experience get almost double in returns, with a 76 percent increase in customer trust.

5. End-to-end security — lifecycle protection

Think of end-to-end privacy, which includes all the steps taken while using a product or service and what happens after users no longer need it. Go through your product from the very first step to the very last step to make sure you’ve considered data protection and privacy in all of them.

Consider post-churn privacy and consider the data offboarding process an integral part of your lifecycle. What happens when users want to delete their data? What kind of experience will they encounter? Although it might seem counterintuitive at first, making it easy to leave your service can be the reason for new (and old trusting) customers to (re)join your service instead of a competitor.

6. Visibility and transparency – Keep it open

Communication is key, and it’s critical to explain your decisions and their impact on users’ privacy clearly and openly. Let users know how you collect and use their private information.

Offer visibility and ownership by implementing an accessible privacy experience with helpful solutions like Mine for Business.

Create user-friendly privacy policies that are easy to reach and read and make it easy for customers to access their data with a dedicated privacy form.

7. Respect for user privacy – Keep it user-centric

When privacy is considered part of the design process, you keep customers’ interests in mind and work with users, not against them. Data isn’t something you want to trick people into giving you.

Your privacy strategy should be accessible and easy to implement. Build a process that the average user finds simple to follow, don’t design for a compliance officer conducting an audit.

Today privacy is way more than just a compliance issue, it has become a crucial part of companies’ user experience, brand reputation, trust, and bottom line. And even though privacy and compliance go hand in hand, the real meaning of privacy by design goes far beyond legalities by promoting the following notions. It involves forming a privacy-first approach that puts data ownership before profit or product features and ensures businesses treat it as a natural human right.

Privacy by design is a powerful narrative that continues to evolve alongside regulation and public conversations. By following this set of rules and understanding the logic behind each one, organizations alike can build improved products that serve people’s needs much better. If you haven’t done so yet, now would be a good time to implement the above principles and the technology solutions designed to support them.

Gal Ringel, CEO & Co-founder, Mine for Business

Gal Ringel is the CEO and co-founder of Mine, a company focused on empowering internet users to know who holds their data and get to decide how it is used.