Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Designing Trust: Context, Choice, Control...and Respect

Noble Ackerson
September 22, 2019

Designing Trust: Context, Choice, Control...and Respect

Trust is one of the greatest issues companies face, given the rise of data breaches. Recent regulations mean a death sentence to startups and a significant brand hit for larger organizations.

In this talk, Noble walks us through designing for trust and its four tenets: control, context, choice, and respect. He takes the audience through a journey showing where we've been, where we are, and where we're going in this data landscape. He shares insights on human-centered design-focused opportunities and obligations that can guide software architecture decisions for the independent developer or an established corporation.

Noble Ackerson

September 22, 2019
Tweet

More Decks by Noble Ackerson

Other Decks in Technology

Transcript

  1. Designing Trust
    Control, Context, Choice...and Respect!
    prepared for Fluxible 2019

    View Slide

  2. Today’s Goal
    Help you understand how the evolving
    privacy landscape affects shipping code
    Provide examples via design guidelines to
    support positive sum experiences

    View Slide

  3. Hi, I’m Noble
    Product Strategy focused on
    Web, Immersive, & Emerging Tech
    We’re hiring! @nobleackerson @nobleackerson @stigsfoot

    View Slide

  4. Back to the future
    1990
    Static content
    2010
    Interactivity
    2019
    Smart agents
    2025
    Smarter personalized
    agents
    “Thanks, Gartner
    Innovation trigger Peak of inflated
    expectations
    Trough of
    Disillusionment
    Plateau of great data
    stewardship

    View Slide

  5. privacy =
    context +
    choice +
    control + respect

    View Slide

  6. trust = data
    transparency +
    value delivery +
    consequence
    acceptance

    View Slide

  7. ● Names
    ● Addresses
    ● Email addresses
    ● IP Addresses
    ● National ID #
    ● Banking information
    ● Social media posts
    ● Photos
    ● Medical Information
    ● PII of Children
    PERSONAL DATA
    Data elements that are not privileged under the GDPR,
    but release would not require notification or cause
    individuals drastic harm. For example
    ● Place of Birth
    ● Mother's Maiden Name
    ● Photograph
    ● Race/Ethnicity
    SENSITIVE DATA
    Data Categories

    View Slide

  8. Back to the future
    1990
    Innovation trigger
    2010 2019 2025

    View Slide

  9. Data retention
    $3000
    5MB

    View Slide

  10. 2019 2025
    Back to the future
    1990
    Innovation trigger
    2010
    Peak of inflated
    expectations

    View Slide

  11. View Slide

  12. View Slide

  13. View Slide

  14. A glasshole’s journey to
    data privacy awareness
    https://www.nbcnews.com/tech/tech-news/watch-where-you-point-your-head-google-glass-begs-new-flna

    View Slide

  15. no consent

    View Slide

  16. Security vs. Privacy
    ON BEING GOOD STEWARDS OF USER DATA

    View Slide

  17. Minimize Data

    View Slide

  18. Zero Trust
    Humans
    Data
    Applications

    View Slide

  19. 2025
    Back to the future
    1990
    Innovation trigger
    2010
    Peak of inflated
    expectations
    2019
    Trough of
    Disillusionment

    View Slide

  20. Data trust is broken

    View Slide

  21. Positive Sum Opportunities
    Vulnerabilities and breaches
    cause Governments to view
    data as a human right.
    Growth In Regulations
    Massive amounts of our
    personal data is given up
    for convenience.
    Growth In Data
    Evolving Data Privacy Landscape

    View Slide

  22. Credit: Wired: Guide to Personal Data

    View Slide

  23. View Slide

  24. CONTEXT CHOICE CONTROL
    Adapt design for trust

    View Slide

  25. View Slide

  26. Clear reason why you need my data
    CONTEXT

    View Slide

  27. 19,972
    To read or not to read
    Apple iTunes Terms &
    Conditions word count

    View Slide

  28. View Slide

  29. ALLOWING FACIAL RECOGNITION

    View Slide

  30. View Slide

  31. View Slide

  32. 32
    1 2
    Credit: Shpetim Ujkani via DRIBBLE
    Progressive disclosure

    View Slide

  33. Give me agency over my data
    CHOICE: THE RIGHTS TO RECTIFICATION, DELETION, AND INFORMATION

    View Slide

  34. ?
    Right to Access
    Where would you expect to request
    access or deletion of your data if not
    Account?

    View Slide

  35. The Data Liberation Front was an engineering team at Google whose singular goal is to make it easier for users to move their
    data in and out of Google products. DLF’s efforts rolled into Google current Takeout initiative.
    “Liberate” the data

    View Slide

  36. Easy access to my data
    CONTROL

    View Slide

  37. www.lynxfit.com

    View Slide

  38. www.lynxfit.com

    View Slide

  39. www.lynxfit.com

    View Slide

  40. OneTrust, CookieBot, Nymity, etc.
    Image Credit: Siddarth Kengadran - Dribbble
    Choice and control for users
    Privacy Promise Banner or Dialog

    View Slide

  41. Privacy integrated throughout
    Initial
    Insight
    Plan
    Ship &
    Respect
    Discovery Delivery
    Ideation/Generation
    Iterative design
    Definitions/Requirem
    ents
    Im
    plem
    entation
    Research
    Data
    Discovery
    Risk
    Assessment
    Remediation
    Plans
    Data
    Cataloging
    Product
    Integration
    Build
    User Tests
    Prototype
    Solution
    Refine

    View Slide

  42. RESPECT
    GOAL
    Are we proactive about being
    data minimalists and do we do
    enough to secure and purge
    data.
    USE
    Are there accessible settings
    or an account section giving
    the user agency over their
    data?
    CONTROL
    CHOICE
    LEARN
    Is our privacy promise clearly
    articulated? Is there an option
    to opt out of tracking?
    Privacy in your Design Process
    TRANSPARENCY
    CONSIDERATIONS
    DESIGN STAGE
    Key Measure
    ONBOARDING STAGE
    DISCOVER
    Are we clearly communicating
    how the users data will be
    used?
    CONTEXT

    View Slide

  43. Back to the future
    1990
    Innovation trigger
    2010
    Peak of inflated
    expectations
    2019
    Trough of
    Disillusionment
    2025
    Plateau of great data
    stewardship

    View Slide

  44. View Slide

  45. Try it out github.com/google/differential-privacy/
    Respect
    Differential privacy allows you
    to send back aggregate
    patterns of datasets without
    PII or PHI

    View Slide

  46. Context
    What does your role as
    product practitioners look like
    when your users command
    their own terms and
    conditions?
    Credit NEURALINK

    View Slide

  47. Choice
    What does your user
    experience look like when your
    customer has the agency to
    give up only the data they are
    comfortable with?
    Your life feed
    Credit Tanner Wayment - Dribbble

    View Slide

  48. ...and respect

    View Slide

  49. classified
    classified

    View Slide

  50. KEEP CALM
    AND
    ASK CONSENT

    View Slide

  51. What future do you want to build for...
    Agency over data or the status quo?
    Call to arms
    Credit: https://dribbble.com/napsys

    View Slide

  52. This presentation was made possible through extensive research by the following entities and individuals
    Acknowledgements
    ● 2002 European Union ePrivacy Directive
    ● General Data Protection Regulation
    ● IEEE Standards PDP Working Group
    ● NIST Privacy Framework
    ● Dr. Anne Kevorkian - Privacy by Design
    ● Nathan Kinch - Founding Partner, Greater than X
    ● Clayton Christensen (Jobs to be done) - The Christensen Institute
    Standards and regulations
    Influencers and individuals R T
    G
    I
    S
    E
    D
    T U
    N
    ● Noun project
    ● Dribble (dribble.com/napsys)
    ● TensorFlow Privacy - https://github.com/tensorflow/privacy
    ● Envato Market (Graphic River user Mo_Np)
    Assets and resources

    View Slide

  53. View Slide

  54. @nobleackerson @nobleackerson @stigsfoot
    youtube.com/c/nobleackerson
    Thanks!

    View Slide

  55. Privacy and utility are complementary.
    POSITIVE-SUM, NOT ZERO-SUM
    Inform your stakeholders to gain user
    confidence.
    MAINTAIN VISIBILITY &
    TRANSPARENCY
    Privacy is a human right.
    PRIVACY AS THE DEFAULT SETTING
    PRIVACY BY DESIGN PRINCIPLES
    Privacy, choice and access are core to value
    proposition, not add ons.
    EMBED PRIVACY INTO DESIGN
    All data is secure at rest and in motion.
    Erased when no longer required.
    ENSURE END TO END SECURITY
    Take action before the fact, not after it.
    PROACTIVE NOT REACTIVE
    It’s about the user. Not the data alone.
    RESPECT USER PRIVACY

    View Slide

  56. users of our products care about their data
    entrepreneurial activities differ substantially depending on the type of
    organization and creativity involved. entrepreneurship ranges in scale from
    solo. entrepreneurial activities differ
    growth in user data
    entrepreneurial activities differ substantially depending on the type of
    organization and creativity involved. entrepreneurship ranges in scale from
    solo. entrepreneurial activities differ
    company’s competitive advantage to hold on to data
    entrepreneurial activities differ substantially depending on the type of
    organization and creativity involved. entrepreneurship ranges in scale from solo.
    entrepreneurial activities differ
    company’s face rising legal data governance risks
    entrepreneurial activities differ substantially depending on the type of
    organization and creativity involved. entrepreneurship ranges in scale from
    solo. entrepreneurial activities differ
    increase in data privacy standards
    entrepreneurial activities differ substantially depending on the type of
    organization and creativity involved. entrepreneurship ranges in scale from
    solo. entrepreneurial activities differ
    growth in data privacy regulations
    entrepreneurial activities differ substantially depending on the type of
    organization and creativity involved. entrepreneurship ranges in scale from
    solo. entrepreneurial activities differ
    Push & pull

    View Slide

  57. Credit: Wired: Guide to Personal Data

    View Slide