trustux: balancing personalisation and privacy to create understanding and trust (strata+hadoop...
TRANSCRIPT
TRUST UX
ann wuyts @vintfalken
sentiance customer experience & UX
BALANCING PERSONALISATION AND PRIVACY TO CREATE UNDERSTANDING AND TRUST
Strata + Hadoop World, 2015
HAPPY TO INTRODUCE YOU TO MY NEW BEST FRIENDS
THESE THINGS KNOW
ME
THE FOUR PHASES OF COGNIZANT COMPUTING
1. SYNC ME Store copies of my digital assets and keep it in sync across all end points and contexts
2. SEE ME Know where I am (and have been) on the internet and in the real world. Understand my mood and context to better align services
3. KNOW ME Understand what I want and need and proactively present it to me
4. BE ME Act on my behalf based on learned and explicit rules
94% COMPLETED
82% WEARABLES UPDATE
31% … LOADING DATA
INITIALIZING.. 12%
Meanwhile, at the Apple Watch announcement, 19× Personal.
relevant
are you engaging at the right moment?
glanceable
can you deliver value in milliseconds?
personal
do you approach people in the right manner?
EXPERIENCES FOR THE MOST PERSONAL DEVICE EVER ARE
No other Apple device has ever been so connected to the wearer. It is important to be mindful of this connection .
Apple Watch Human Interface Design Guidelines, 2015
UNDERSTANDING PERSONALISATION TRUST PRIVACY
H2H
MACHINE-TO-HUMAN RELATIONSHIPS ARE NOW ABOUT HUMAN-TO-HUMAN VALUES
M2H
2nd Annual Poll on How Personal Technology is Changing our Lives - January 2015, Microsoft
Concern about privacy jumped 5 points between 2014 and 2015.
THE PRIVACY CHALLENGE
91% of adults ‘agree’ or ‘strongly agree’
that consumers have lost control over how personal information is collected and used
by companies.
Pew Research Privacy Panel Survey, January 2014
LOSS OF CONTROL
MISCOMMUNICATION
People are fearful of sharing their data largely because companies and
government have not been good at clearly explaining how they
use it.
The Data Dialog, Demos 2012
TERRIBLE HEADLINES
In the future your insurance company will
know when you are having sex.
Kashmir Hill, Fusion.net - 2015
38% of those who say not concerned about privacy online say they do mind companies using information about them 71% of those who are happy to share personal information with companies and brands that they like are concerned about how information collected about them is being used by companies
Personalisations vs Privacy, Ipsos MORI, 2014
USER INCONSISTENCY
THE FACEBOOK PARADOX THE FACEBOOK PARADOX
91% of adults feel consumers have lost control over how personal information is collected and used by companies. 58% of the entire adult population (and 71% of internet users) is on Facebook.
Having knowledge of the customer is the only durable competitive advantage for companies.
Bruce Kasanoff, the author of Smart Customers, Stupid Companies
Increased knowledge of the consumer and the fine-tuning of offers that are perceived as personal and highly relevant should lead to an increase in spend.
Gartner on the monetization of contextualization
DATA VALUE EXCHANGE
insights in own behaviour customer insights
peer comparison optimising processes & products
personalisation (right message)
relevance (right person, right moment)
accountability (on ADDD) data driven decisions
CONSUMER BUSINESS magic moon
standard moon
no moon
value on the consumer side should be equal or more
privacy
THE UNTRUTH
UX
VS
The truth is that collecting information about people allows you to make significantly better products and the more information you collect, the better products you can build .
Dustin Curtis,
“Privacy VS. User Experience” (2014) #FALSE (or at least a very one-sighted truth)
Whether or not better products can be made by collecting more user data is a matter of… • Context • Opinion • Causation/correlation • Data quality (accurate? relevant? complete?)
• Define: better product
MORE DATA, BETTER PRODUCTS?
BUSINESS VALUE
CONSUMER VALUE
PRIVACY
GREAT UX personalisation
PRIVACY AS A FUNDAMENTAL COMPONENT OF THE PRODUCT EXPERIENCE
PRIVACY
@ SENTIANCE
UX DESIGN
Businesses can deliver a grand user experience and tremendous value to both customers and the company, only if they safeguard their users’ privacy and security.
→
Niveau 1
Niveau 2
Niveau 3
aggressive driver
…
… waking up
…
city worker
sleeping
walking running
car subway
train
bus boat
zigzagging standing
airplane*
biking
arriving at home, work, the gym, ...
shopping
lunch inactive
noisy environment*
in a meeting
horse*
@home
working
in company*
couch potato
workaholic
sportive
N2 moments
N3 profiles
N1 events
watching tv
motorcycle
agitated*
suddenly stopped
tram
climbing*
SENTIANCE FROM MOBILE DATA TO SMART LIFE
why great
UX requires privacy
what UX &
privacy have in
common
10 examples to do both Privacy & UX right
DEFINE: PRIVACY
Personal data is any information
relating to an individual, whether it relates to his or her private, professional
or public life.
(it is however, an essential requirement)
SECURITY = PRIVACY
“Security is a very important topic, but it’s primarily a technical topic, and to a large extent it’s a very well-understood one. If you pay attention to security, it is possible to get it right, whereas privacy is something that’s much more fluid and is much more about social norms, expectations, implicit contracts between consumers and providers.”
Pilgrim Baert – co-founder of AlertMe
THE INTERNET OF EVERYTHING: DESIGNER ROLES ARE UNDERGOING CHANGE
UX design has been extended to address all aspects of a product or service as perceived by its users – that includes the control they have of their personal dta, their privacy.
BEING CREDIBLE
useful
usable desirable
credible
valuable
findable accessible
User Experience Honeycomb (Peter Morville)
credible 2004
the information you present to users
2015 taking responsibility to
keep personal data safe
PRIVACY-BY-DESIGNER: DELIVER BOTH PERSONAL & TRUST
We owe it to both our users and the people who hire us to actively think about privacy, and to implement privacy
in the flows and designs we deliver.
B. We need to deliver
trustworthy products.
A. We need to deliver
great, personal experiences.
1. You need to fully understand the end goal (by asking the right questions)
WHY Why are we doing this? What do you want to achieve?
What is required to achieve this? What is the best way? WHAT
WHO Who is impacted by this? What do they expect?
GOAL DATA PIA
2. There are rules, guidelines, toolkits. (which continuously evolve)
UX PRIVACY • Apple, Android, .. design guidelines • Interaction patterns • Best (and worst) practice examples • Models & frameworks • User research methods • Emerging trends • …
TOOLKITS: omnigraffle, illustrator, fireworks, pen & paper, …
• Existing & upcoming EU Law (GDPR) • Local privacy act & royal decrees • Local telecommunications law • Privacy watchdog recommendations • ToS of the platform (iOS, Android) • Internal policies • …
TOOLKITS: information classification, risk assessments, privacy policies, PIA framework, …
2. There are rules, guidelines, toolkits. (which continuously evolve)
General Data Protection Regulation
EXPANDED SCOPE any organization processing personal
data of EU residents
PRIVACY-BY-DESIGN & DEFAULT
EXPLICIT INFORMED CONSENT
DATA BREACH NOTIFICATION DPA & possibly consumer
DPO REQUIRED
Users/month threshold or location data
DATA PORTABILITY
3. Less is More. (value & proportionality)
collection processing
storing
purpose
PROPORTIONALITY
fewer data fewer less detailed shorter period in time de-idenfity asap
Less is more, not just in quantity but also in identifiability & time
value of knowing
cost of identifying
IDENTIFIABILITY
Why an IP an sich will no longer be personal data… (unless you are an ISP)
avoid when possible geohashes coarse location
beware location GDPR: this is ‘special data’ → extra safety measures
4. You can not do it alone. (it is multi-disciplinary and cross-departmental)
Privacy requires a clear mandate to get things done.
Everybody accepts it is important – but not a single
department has it as a priority.
Have privacy as part as the project plan and estimates as
soon as possible.
A continuous need to explain the significance of privacy in the overall product & company picture
Have privacy as a deliverable, avoids the delays & soring costs of adding it after the facts.
Privacy is not only a fundamental right, it can also be a competitive advantage .
Neelie Kroes
Conform to EU legislation? Ready for the world market, then.
People can trust you with their digital identities → sets you apart from competition
5. The devil is the details. (and the cost of mistakes is high)
• up to 1,000,000 EUR fine or up to 2% of the annual worldwide turnover in case of an enterprise, whichever is greater (Draft GDPR, art 79)
• customers leaving
•
• customer complaints
• customers leaving
UX Privacy
Most of these were hacked (security), but as soon as personal data leaks: Privacy & trust disaster too.
6. Practice Honest Communication. (from the start)
Consider a breach likely – and prepare accordingly.
VISA’s ‘Responding to a Data Breach – Communications Guidelines for Merchants‘ guidelines.
do not play the victim express regret take ownership be accountable
1. What happened? (tell what you know at that time)
crisis communications (works for downtime communication too)
2. What is being done *NOW*? (investigate, take systems offline, ..)
3. How does this affect your customers? (both short- and long term)
4. What are you doing to minimize risk? What can your customers do?
5. How do people get more information or updates?
(folluw up) 6. What are you doing prevent this from happening again?
Privacy does not benefit from a “do first, ask forgiveness later” strategy.
(avoid: “Hey, we just lost all this data of yours you did not we had in the first place.”)
which data you gather & what for set correct expectations
FROM THE START:
informed explicit consent
(avoid: “Hey, we just lost all this data of yours you did not we had in the first place.”)
clear affirmative action use plain language
1. You need to fully understand the end goal – Ask the right questions 2. There are rules, guidelines and toolkits – Rules & tools evolve. Fast. 3. Less is more – Value & proportionality 4. You can’t do it alone. – Multi-disciplinary and cross-departmental 5. The devil is in the details – and the cost of mistakes high 6. Honest communications – from the start
As designers, then what can we easily do that improves both UX and privacy?
GOOD UX AND PRIVACY
10 examples to get it right
1. Design for Explicit: Opt-In
By signing this contract, you agree we have the right to collect and pass on all your information. In case you do not want your bank to pass on your credit information to third partners and other divisions, please write ‘I do not agree’ on the contract and hand it over to the person behind the till.
EXPLICIT EXPLICIT NOT EXPLICIT (hidden opt-out)
NO YES
IF YOU AGREE, PLEASE CHECK THIS BOX:
2. Design for Informed: No Surprises
3. Design for Choice: Consent
In your designs and flows, take into account both having and not having the data.
Design personalized experiences for when you have data.
Design good alternatives for not having the data.
Today will be sunny
Weather for Olen, Belgium where we know you live.
Check out the weather!
Antwerpen
Privacy as a trading function
Accelerometer
Gyroscope
Microphone
Camera
In-App Usage
GPS
Expected value
User acceptance
Wi-Fi
Browsing History
The more permissions are required, more added value is expected from the mobile app.
Calendar
SMS
Light
GSR
Clear & consistent, so people can trust you to point out privacy related features & settings.
4. Design for Trust
5. Design for Because.. Explain your magic. When users know of the existence of a certain algorithm, their satisfaction with the product increases over time , probably as they start to understand its workings better. Yet when they discovered an algorithm they were previously unaware of, users felt betrayed.
Worst case scenario “In the extreme case, it may be that whenever a software developer in Menlo Park adjusts a parameter, someone somewhere wrongly starts to believe themselves to be unloved. ”
– Eslami et all.
Because... allows people to correct you when wrong. Something we best figure out before algorithms get to act on our behalf.
6. Design for Transparency Show people their data selfs. If we are going to allow algorithms and expert rules to steer our behaviour, we must know they understand that correctly. Allow for: - Correction - Reset
7. Design for forming secure habits “Burner accounts” Kinja introduced these for anonymous commenting. They made private keys understandable through metaphor. “…if you lose the burner key initially issued we will not be able to retrieve this information for you or reset the account. Save your key.”
Reward secure behaviour Users that enable two-step security on their accounts will now receive a 10% discount off their monthly bill Mailchimp bill.
8. Design to encourage privacy Access duration People forget to ‘revoke’ things. Supply limited time access options: - WeChat: discoverable
for 10 minutes (default)
- LinkedIn: access duration settings (weeks → months → years)
9. Design for an Exit Offer Alternatives Make it easy to leave, but think about WHY people are leaving, and offer alternatives. Eg. - “snooze” services - less-email-option - reset profile/account - ..
10. Design with P2P privacy in mind
Do you want to know if your friends are (action/mood/..) ?
Do you want your friends to know if you are (action/mood/..) ?
Don’t allow OK
We influence what is acceptable.
Snowden Challenge at SXSW
Combine exceptional ux with privacy at INCEPTION, not afterwards
“ Combine exceptional UX with privacy at inception, not afterwards.”
Edward Snowden’s Challenge to Startups at SXSW
As the need for permanent access to data increases, so does the need for ethics & morality.
Weak AI (expert systems)
Strong AI (singularity)
Machine Learning
Deep Learning
Recommender Systems Autonomous Systems
Transition period (Danger Zone)
GOOD UX AND PRIVACY
Privacy is about more than data.
Privacy does not benefit from a “do first, ask forgiveness later” strategy.
It’s their data. Not yours. (Safeguarding it is a joint effort, though).
It is their choice.
Design the best possible experience, regardless the choice.
HELP BUILD THE FUTURE BOLDLY. DO SO RESPONSIBLY
ann wuyts @vintfalken
sentiance customer experience & UX Strata + Hadoop World, 2015
Thank you.