Designing Trust: Context, Choice, Control...and Respect

Transcript

1. Designing Trust Control, Context, Choice...and Respect! prepared for Fluxible 2019

2. Today’s Goal Help you understand how the evolving privacy landscape

   affects shipping code Provide examples via design guidelines to support positive sum experiences

3. Hi, I’m Noble Product Strategy focused on Web, Immersive, &

   Emerging Tech We’re hiring! @nobleackerson @nobleackerson @stigsfoot

4. Back to the future 1990 Static content 2010 Interactivity 2019

   Smart agents 2025 Smarter personalized agents “Thanks, Gartner Innovation trigger Peak of inflated expectations Trough of Disillusionment Plateau of great data stewardship

5. privacy = context + choice + control + respect

6. trust = data transparency + value delivery + consequence acceptance

7. • Names • Addresses • Email addresses • IP Addresses

   • National ID # • Banking information • Social media posts • Photos • Medical Information • PII of Children PERSONAL DATA Data elements that are not privileged under the GDPR, but release would not require notification or cause individuals drastic harm. For example • Place of Birth • Mother's Maiden Name • Photograph • Race/Ethnicity SENSITIVE DATA Data Categories

8. Back to the future 1990 Innovation trigger 2010 2019 2025

9. Data retention $3000 5MB

10. 2019 2025 Back to the future 1990 Innovation trigger 2010

    Peak of inflated expectations
11. None
12. None
13. None

14. A glasshole’s journey to data privacy awareness https://www.nbcnews.com/tech/tech-news/watch-where-you-point-your-head-google-glass-begs-new-flna

15. no consent

16. Security vs. Privacy ON BEING GOOD STEWARDS OF USER DATA

17. Minimize Data

18. Zero Trust Humans Data Applications

19. 2025 Back to the future 1990 Innovation trigger 2010 Peak

    of inflated expectations 2019 Trough of Disillusionment

20. Data trust is broken

21. Positive Sum Opportunities Vulnerabilities and breaches cause Governments to view

    data as a human right. Growth In Regulations Massive amounts of our personal data is given up for convenience. Growth In Data Evolving Data Privacy Landscape

22. Credit: Wired: Guide to Personal Data

23. None

24. CONTEXT CHOICE CONTROL Adapt design for trust

25. None

26. Clear reason why you need my data CONTEXT

27. 19,972 To read or not to read Apple iTunes Terms

    & Conditions word count
28. None

29. ALLOWING FACIAL RECOGNITION

30. None
31. None

32. 32 1 2 Credit: Shpetim Ujkani via DRIBBLE Progressive disclosure

33. Give me agency over my data CHOICE: THE RIGHTS TO

    RECTIFICATION, DELETION, AND INFORMATION

34. ? Right to Access Where would you expect to request

    access or deletion of your data if not Account?

35. The Data Liberation Front was an engineering team at Google

    whose singular goal is to make it easier for users to move their data in and out of Google products. DLF’s efforts rolled into Google current Takeout initiative. “Liberate” the data

36. Easy access to my data CONTROL

37. www.lynxfit.com

38. www.lynxfit.com

39. www.lynxfit.com

40. OneTrust, CookieBot, Nymity, etc. Image Credit: Siddarth Kengadran - Dribbble

    Choice and control for users Privacy Promise Banner or Dialog

41. Privacy integrated throughout Initial Insight Plan Ship & Respect Discovery

    Delivery Ideation/Generation Iterative design Definitions/Requirem ents Im plem entation Research Data Discovery Risk Assessment Remediation Plans Data Cataloging Product Integration Build User Tests Prototype Solution Refine

42. RESPECT GOAL Are we proactive about being data minimalists and

    do we do enough to secure and purge data. USE Are there accessible settings or an account section giving the user agency over their data? CONTROL CHOICE LEARN Is our privacy promise clearly articulated? Is there an option to opt out of tracking? Privacy in your Design Process TRANSPARENCY CONSIDERATIONS DESIGN STAGE Key Measure ONBOARDING STAGE DISCOVER Are we clearly communicating how the users data will be used? CONTEXT

43. Back to the future 1990 Innovation trigger 2010 Peak of

    inflated expectations 2019 Trough of Disillusionment 2025 Plateau of great data stewardship
44. None

45. Try it out github.com/google/differential-privacy/ Respect Differential privacy allows you to

    send back aggregate patterns of datasets without PII or PHI

46. Context What does your role as product practitioners look like

    when your users command their own terms and conditions? Credit NEURALINK

47. Choice What does your user experience look like when your

    customer has the agency to give up only the data they are comfortable with? Your life feed Credit Tanner Wayment - Dribbble

48. ...and respect

49. classified classified

50. KEEP CALM AND ASK CONSENT

51. What future do you want to build for... Agency over

    data or the status quo? Call to arms Credit: https://dribbble.com/napsys

52. This presentation was made possible through extensive research by the

    following entities and individuals Acknowledgements • 2002 European Union ePrivacy Directive • General Data Protection Regulation • IEEE Standards PDP Working Group • NIST Privacy Framework • Dr. Anne Kevorkian - Privacy by Design • Nathan Kinch - Founding Partner, Greater than X • Clayton Christensen (Jobs to be done) - The Christensen Institute Standards and regulations Influencers and individuals R T G I S E D T U N • Noun project • Dribble (dribble.com/napsys) • TensorFlow Privacy - https://github.com/tensorflow/privacy • Envato Market (Graphic River user Mo_Np) Assets and resources
53. None

54. @nobleackerson @nobleackerson @stigsfoot youtube.com/c/nobleackerson Thanks!

55. Privacy and utility are complementary. POSITIVE-SUM, NOT ZERO-SUM Inform your

    stakeholders to gain user confidence. MAINTAIN VISIBILITY & TRANSPARENCY Privacy is a human right. PRIVACY AS THE DEFAULT SETTING PRIVACY BY DESIGN PRINCIPLES Privacy, choice and access are core to value proposition, not add ons. EMBED PRIVACY INTO DESIGN All data is secure at rest and in motion. Erased when no longer required. ENSURE END TO END SECURITY Take action before the fact, not after it. PROACTIVE NOT REACTIVE It’s about the user. Not the data alone. RESPECT USER PRIVACY

56. users of our products care about their data entrepreneurial activities

    differ substantially depending on the type of organization and creativity involved. entrepreneurship ranges in scale from solo. entrepreneurial activities differ growth in user data entrepreneurial activities differ substantially depending on the type of organization and creativity involved. entrepreneurship ranges in scale from solo. entrepreneurial activities differ company’s competitive advantage to hold on to data entrepreneurial activities differ substantially depending on the type of organization and creativity involved. entrepreneurship ranges in scale from solo. entrepreneurial activities differ company’s face rising legal data governance risks entrepreneurial activities differ substantially depending on the type of organization and creativity involved. entrepreneurship ranges in scale from solo. entrepreneurial activities differ increase in data privacy standards entrepreneurial activities differ substantially depending on the type of organization and creativity involved. entrepreneurship ranges in scale from solo. entrepreneurial activities differ growth in data privacy regulations entrepreneurial activities differ substantially depending on the type of organization and creativity involved. entrepreneurship ranges in scale from solo. entrepreneurial activities differ Push & pull

57. Credit: Wired: Guide to Personal Data