Designing for Privacy & Web Success

For example, in 2012 the Federal Trade Commission (FTC), which is the primary federal regulator of privacy issues in the U.S., settled privacy violations with several prominent companies, including a record $22.5 million settlement with Google regarding its misrepresentation of privacy assurances to users of Apple's Safari browser.

In another prominent case, the FTC entered into a settlement with an online advertising network that had secretly gathered data from millions of consumers. In addition, the FTC alleged in a complaint that the default settings of a file-sharing application, which allowed sharing of all existing files on the device with people in the consumer's immediate vicinity and throughout the world, was an example of "unfair design."

When used in conjunction with website design, "privacy" typically refers to the protection of a user's personal data in reference to certain "Fair Information Principles" or FIPs. FIPs typically include limits on the collection, processing and use of personal data, limits on data retention, notice to users, individual choice or consent regarding the collection and subsequent use of personal data and transparent data processing. 

In recent years, public opinion surveys indicate that users are sensitive to the privacy of their personal data online. For example, a March 2012 survey conducted by the Pew Internet Project indicates that two-thirds of those surveyed disapproved of having their personal data used to personalize search results and that the same percentage views online targeted advertising negatively. Another report found that 81 percent of parents of teens were concerned about how much information advertisers can learn about their child's online behavior.

Federal and state regulators are also increasing attention paid to privacy issues. In addition to the Google settlement, the FTC has recently settled prominent enforcement actions against Facebook, Myspace and other sites. In December 2012, the FTC also announced a major revamp to its rules regarding the Children's Online Privacy Protection Act, which requires companies to get parental approval before collecting online information from children under 13 and limits collection of information regarding children. Under the revised rules, the restrictions on collection of personal information will include geolocation information, photographs and videos, as well as persistent identifiers that recognize users over time and across different websites, including IP addresses. Covered website operators, which now include third parties collecting information, as well as the websites themselves, must also adopt reasonable procedures for data retention and deletion.

At the state level, application design is receiving increasing attention from regulators concerned about user privacy. For example, the California Attorney General has released a series of privacy best practices for mobile applications that would inform users before collecting data and has sued Delta Airlines for failing to provide notice to consumers that it is collecting sensitive information on its mobile application.

Facing this myriad of challenges, website designers may be tempted to leave privacy issues to lawyers or other professionals, if and when they arise. Experience indicates that this would be a mistake. Privacy is much better addressed in an early stage of website design than after problems arise. Moreover, this is consistent with the principles of "privacy by design" that are receiving ever increasing attention from regulators, including the FTC and the White House.

According to the FTC's 2012 report Protecting Consumer Privacy in an Era of Rapid Change, privacy by design means that "companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services." Rather than present consumers with lengthy privacy notices, privacy by design encourages companies to incorporate FIPs, including reasonable collection limits, sound retention and disposal practices, and transparency into the entire life cycle of a product or service. Context and user expectations are also key elements of privacy by design.

For example, data collection by a website should be consistent with the context of the  transaction. As stated in the White House's 2012 report Consumer Data Privacy in a Networked World, which proposes a Consumer Privacy Bill of Rights for online transactions, the consumer should be seen as an active participant in the online experience. Companies that collect consumer data are "stewards of data" and as such must respect consumers' expectations regarding the collection, use and disclosure of data.

Another important aspect of privacy by design is recognizing that the relationship between consumers and the company collecting personal information through a website may change over time in unforeseeable ways. As the White House proposal recognizes, "adaptive uses of personal data may be the source of innovations that benefit consumers. However, companies must provide appropriate levels of transparency and individual choice-which may be more stringent than was necessary at the time of collection-before reusing personal data."

For website designers, the principles underlying privacy by design may seem abstract or inconsistent with current design practices. The challenge for designers therefore is to translate privacy principles, including transparency and respect for context, into practical design practices.

Privacy researchers Ira S. Rubinstein and Nathaniel Good have recently suggested one approach to this problem that incorporates privacy by design into the established principles of user-experience design (UXD). Because UXD focuses on obtaining information concerning the interaction between users and a design to promote positive user experience, Rubinstein and Good suggest that consumers' privacy concerns could be incorporated as part of UXD research. Along with other matters of importance to the user, such as features and user interface, UXD research could include user expectations regarding privacy, such as collection and use of personal data, data retention, and sharing of information with third parties. Armed with this research, design professionals could incorporate privacy protections into designs from the outset, rather than waiting for privacy issues to emerge after the website has launched.

In order for this approach to succeed, professionals in the website design field first need to be equipped with an understanding of what works and does not work in website privacy. Although there is a wide variety of "privacy fails," analyzing the experience of prominent companies, such as Google and Facebook, among others, helps highlight privacy issues that may arise when the flow of personal information is obscured or when users do not understand the scope of the use of their personal information and to whom it is being disclosed. As recent examples demonstrate, companies ignoring privacy concerns may suffer significant negative consequences, including loss of user confidence, negative publicity, or regulatory actions, including consent decrees and fines. Incorporating respect for users' privacy into the design process may not only help avoid such consequences but also confer a competitive advantage. Meeting user expectations, therefore, makes good business sense in our increasingly privacy-conscious world.