Summary: Privacy by design is critical to winning user trust on several fronts. Furthermore, it is important to make privacy management easy for users to avoid excess configuration and confusion.
“We are all in the privacy business.”
This was my general conclusion when working on next-generation usability for the popular directory look-up portal whitepages.com website (used by 200 million adults in the US). It doesn’t matter what your website does online. If it involves giving consumers information, you are in the privacy business first and foremost. What does this mean?
Privacy is one of the biggest concerns users bring to the Web experience. Facebook’s litany of privacy mistakes is a good starting point. In addition, companies like Google were rated worst on privacy of all global companies for “comprehensive consumer surveillance and entrenched hostility to privacy” (Privacy International 2007). Facebook continues to struggle with privacy. This is evidenced by the leak of sensitive information by the Face-booking spouse of the next head of the British Secret Service (MI6) this week.
In this post I will cover the importance of privacy in online user experience. I will also give you three proven UX guidelines for privacy user experience on your site.
Check out see these Privacy by Design guidelines (Deloitte PDF).
Privacy is cited as the #1 blocker to e-commerce conversions
Privacy continues to be the most dominant concern of users online, dominating empirical and industry studies in the past decade (Cavoukian and Crompton, 2000; Burst Media 2009). In this 2003 empirical study (Ahuja; Gupta; Raman) of online consumer purchasing behavior, privacy and security concerns ranked #1 as the reason for preventing user from purchasing online.
The big search engines are not helping the privacy problem. Only Yahoo this year demonstrated leadership in the privacy area, stating they will only retain personally identifiable information for 90 days. To appease privacy groups, Google reduced its cookie that expires in 2038 to a two-year expiration period.
Privacy and Security: What’s the difference??
When mentioning privacy as a user experience issue, many technical folks say, “Privacy and security are not the same thing!”
However, privacy and security are interchangeable to users.
Worse, when sites carrying the Hacker Safe logo were shown to be hack-able, user fears not only become warranted but justified. Note: Marketing Sherpa case studies and our own clients told us they lifted conversions on e-commerce sites using the old Hacker Safe logo, so it did work to ease the perception of privacy/security.
Privacy settings mandatory for Social Networking site
Facebook has struggled with privacy usability and garnered a lot of negative attention this year from it. Regulators now seek better privacy protection from Facebook and Twitter, announced in late June 2009 to match stricter EU privacy policies.
However, Facebook continues to violate the first privacy pitfall identified by Lederer et.al (2004)
“To whatever degree is reasonable, systems should make clear the nature and
extent of their potential for disclosure. Users will have difficulty appropriating a system
into their privacy practice if the scope of its privacy implications is unclear”.
Facebook only made the Settings link more obvious on the top navigation with its recent 3/09 redesign. However, it’s uncertain how many users are aware of the privacy controls available. Even I had trouble finding the privacy settings. Instead, I had to rely on a colleague to guide me through the process in February. Once you’re in the Settings area, managing your privacy settings becomes a tedious task that I refer to as Configuration Hell.
Over the next few weeks (July 2009), Facebook will unveil a new set of privacy features. According to Computerworld, it will alleviate “the need to tamper with the site’s privacy controls as frequently” without needing a handbook to control all your Facebook privacy settings.
LinkedIn, the other popular business social networking site, offers better privacy UX. LinkedIn allows you to View your Profile as Others See it. They also state whether an item of content is visible or hidden. These two strategies have kept LinkedIn out of the privacy public relations spotlight, while offering a transparent privacy user experience. This ‘contextual privacy’ is simply the best and easiest way for users to be aware, in control and able to manage privacy inside of their user experience.
3 Privacy UX Guidelines= Privacy is your biggest UX challenge
2. Justify and reassure every form capture with privacy reassurance. Anytime you ask for an email address, you need to reassure users that you care about their privacy. It does not matter how loyal or interested they are, if you are committed to privacy- show it.
3. Show users what is being shared and provide contextual privacy controls. Goecks et.al (2009) developed prototypes to demonstrate that it is not necessary for users to understand low level technical details to make informed decisions about their privacy. Giving users clues such as (Everyone can see this) or (Showing to All/ Hide…) or’ See this How Others see it’, without requiring users to log in under a different account to see that 200 million users can also see your high-profile spouse in his Speedo alongside his personal address.
Privacy in the news: Design for it before Government regulation forces it
- The US government (FTC) announced stricter privacy controls, triggering an early response draft of Privacy Principles from the largest marketing trade industries. These guidelines educate users on how their data is being tracked online, with a “privacy dashboard”. If you have ever worked with users, educating them (providing training or help-see my prior post) about privacy online seems to be a lame-duck approach.
- The New York Times pointed out (July 6th 2009) four things that the privacy principles left out. This put the onus on the technology and the design (user experience), not on the user’s understanding or managing their privacy.
Design for privacy and make sure it is easy to use and understand. Win your user’s trust with privacy first. Learn from industry giants who have violated user trust. Avoid the public relations nightmare of bad UX.