Privacy is a more important issue than ever for designers. With recent regulations on data protection and privacy — such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) with its recent expansion via the California Privacy Rights Act (CPRA) — there’s a growing need for digital products that respect users’ data.
For designers, this means creating work that empowers people to make more informed decisions about their privacy, and giving them easier, more accessible ways to control their data. Let’s look at some of the key legislative requirements and explore how designers can advocate for better protection of their users’ data, activity and personal information.
1. Designing for transparency in data collection
Data minimization is one of the major requirements set forth by the GDPR and CCPA. It includes explaining why you’re collecting certain data, and asking for no more than is necessary for that purpose.
For designers, there’s opportunity here for creating forms that clearly explain why you’re collecting certain information. Generally, the more sensitive or private the information is, the more effort should be put into explaining why it’s needed. These explanations can include why you need the data, its benefit to the user, and the security measures that will be taken to handle the data.
Here’s a great example from Mailchimp. During the onboarding process, they clearly explain why, according to international laws, they need a physical address when setting up your account.
Here’s another great example from Dropbox. This part of the sign-up flow asks for a preferred email if a user has signed up using Apple’s “Hide My Email” feature (which creates a randomly-generated email). The prompt explains the benefits of using an email address that your collaborators can recognize.
Designing or redesigning products with user privacy in mind allows you to question existing UX practices, and to explore whether there are better alternatives for getting the same information. For example, if you need to ask for someone’s age, having them provide their date of birth would be considered asking for more information than you need. Not only are people more likely to provide false information when asked for data that seems too personal, it could also be unnecessarily risky if the data is not securely stored and protected.
Customizing forms on Editor X
In order to foster transparency in your data collection process, create descriptive input fields and forms on your Editor X site. You can fully customize your forms in order to make their content easy to understand and trust.
2. Receiving clear consent to automated data tracking
For designers, empowering users to opt in (or stay opted out) to cookie tracking and allowing them to revoke access at any time is crucial. Users’ consent should be given as a conscious choice, rather than as something that they may not be aware of (such as with pre-checked boxes), and it should be just as easily withdrawn if users change their minds at any time. Designers should also provide information about the types of cookies used by the site, so that users can make informed decisions about their preferences.
A great example can be found on Slack’s site. The cookie consent form clearly explains each category of cookies (strictly necessary, functional, performance, and targeting), and allows users to opt in or out using a toggle switch.
The CCPA doesn’t require users to consent to cookie tracking, but it does ask that sites include a link labeled: “Do Not Sell Or Share My Personal Information.” Despite the laws around this, users are struggling to opt out of the sale of their personal information, from not being able to find the link to not receiving confirmation that the opt out was honored, at times through the use of deceiving dark patterns.