Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Rethinking product in a privacy by design world

Rethinking product in a privacy by design world

Video of the presentation: https://youtu.be/snExWCKCZZk

Abstract:
Personal data privacy is a hot-button item today. It can often seem overly burdensome for the software developer looking to change the world. Established businesses may look at regulations and current trends in data privacy as negative impacts to product innovation.

This is the wrong lens by which we should look at this.

In this talk, Noble shares opportunities to innovate around the growth in data, the growth in regulations like the GDPR. He shares insights on human-centered design opportunities that can help both independent developer or an established corporation. He presents practical examples to minimize the data you collect and best practices on asking for data in software only when it provides value for the user.

Noble Ackerson

April 21, 2018
Tweet

More Decks by Noble Ackerson

Other Decks in Technology

Transcript

  1. 1
    medium.com/@nobleackerson
    @nobleackerson
    Rethinking product
    IN A PRIVACY BY DESIGN WORLD

    View Slide

  2. 2
    Hi, I’m Noble!
    Recovering Startup founder, GDE,
    Independent Software Engineer

    View Slide

  3. 3
    Sparrow

    View Slide

  4. 4

    View Slide

  5. 5
    5
    Why innovate around data privacy, why now?
    Help you understand the evolving data
    landscape
    Provide examples via design guidelines
    to support positive sum experiences
    Today’s Goals

    View Slide

  6. 6
    EVOLVING DATA LANDSCAPE
    Vulnerabilities and breaches cause
    Governments to view data as a human right.
    Growth In Regulations
    Massive amounts of our personal data is
    given up for convenience.
    Growth In Data
    Users don’t have to sacrifice privacy
    at the expense of services.
    Positive Sum Opportunities

    View Slide

  7. 7
    EU
    379.7M Labor
    Market
    GDPR IS A GLOBAL STANDARD

    View Slide

  8. 8
    GDPR Consent Definition
    “ any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a
    statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”
    GDPR consent guidance — https://ico.org.uk/about-the-ico/consultations/gdpr-consent-guidance/

    View Slide

  9. 9
    Information in profiles Allowing face recognition

    View Slide

  10. 10
    DEMAND FOR DATA PRIVACY CHANGES HOW WE BUILD
    Progressive disclosure not only limits collection g information you might not
    need. It also introduces decluttered interfaces and focuses your user.
    Only collect information when you need it
    Look at disclosure of what you're using your customers data for as your value
    proposition. An opportunity to be transparent and earn trust.
    Clearly communicate justification of storing data
    Not for the sake of compliance with regulation but understanding that giving
    users access to what you store provides users with additional value.
    Give users agency over their data

    View Slide

  11. 11
    Progressive Disclosure
    COLLECTING INFORMATION ONLY WHEN YOU NEED IT

    View Slide

  12. 12
    User visits social media monitoring app, Politifilter
    1
    User is prompted to login and authenticates to the Social Media Monitoring app
    2
    User searches content, filters the analysis they need
    3
    User saves report so that they can access that information again.
    4
    Common User Journey

    View Slide

  13. 13
    www.yourcompanyname.com
    13

    View Slide

  14. 14
    www.yourcompanyname.com

    View Slide

  15. 15
    Clear reason why you need my data

    View Slide

  16. 16
    Common Design Pattern
    User want’s to know about events on campus, discovers CampusEvents App
    1
    User registers for a Campus event web application
    2
    User searches events and subscribes to an up-coming event.
    3
    User is given a list of other events they may be interested in.
    4

    View Slide

  17. 17
    What information is needed?
    When?
    Why?
    IMAGE CREDIT: UI8, SAN FRANSISCO, CA

    View Slide

  18. 18
    BUT I JUST WANT TO USE WIFI...

    View Slide

  19. 19
    www.yourcompanyname.com

    View Slide

  20. 20
    Give me agency over my data

    View Slide

  21. 21
    ?
    Right to Access
    Where would you expect to request
    access or deletion of your data if
    not Account?

    View Slide

  22. 22
    The Data Liberation Front is an engineering team at Google whose singular goal is to make it easier for users to move their data in and out of Google products. DLF’s
    efforts rolled into Google current Takeout initiative. But is that enough?
    Google Takeout

    View Slide

  23. 23
    POLYMER + FIREBASE CODE LAB
    Access to info
    A lens into what data
    is being collected.
    Contextual Features
    Don’t overwhelm the user with
    information all at once.
    Privacy Promise
    Snackbars provide brief
    feedback about an
    operation through a
    message at the bottom
    of the screen.

    View Slide

  24. 24
    24
    PREFERENCES
    C.R.U.D
    ONBOARDING
    DISCOVER
    Is our privacy promise clearly
    articulated? Is there an option to
    opt out of tracking?
    Are we clearly communicating
    how the users data will be used? Are we diligently asking for
    specific information we need?
    Is there an accessible settings or
    account section giving the user
    agency over their data?
    DISCOVER
    LEARN
    USE
    GOAL
    DATA TRANSPARENCY
    CONSIDERATIONS
    USER ACTION
    STAGE

    View Slide

  25. 25
    25
    INSTALL DEPENDENCIES AND INITIALIZE
    console.firebase.google.com
    npmjs.com/package/bower
    1
    2
    3
    4
    $ npm install -g bower
    $ npm install -g firebase-tools
    $ touch public/manifest.json
    $ touch public/louisiana-notes-app.html
    $ firebase serve
    PRIVACY PROMISE SNACK BAR OPT-IN
    install the Bower package manager using
    Node.js and NPM. The Bower package
    manager will be used to install further
    dependencies for the browser
    BOWER
    Setup CLI and initialize Firebase for your
    local environment. Select the default
    options you need for your apps functions.
    FIREBASE

    View Slide

  26. 26
    26
    DECLARE APP DEPENDENCIES





    1
    2
    name="notes"
    api-key="YOUR_API_KEY_HERE"
    auth-domain="YOUR_AUTH_DOMAIN_HERE"
    database-url="YOUR_DATABASE_URL_HERE">


    3
    4
    Full source code on the last slide. For more information see
    polymer-project.org | firebase.google.com
    CONFIGURE YOUR SERVICE WORKER, FIREBASE APP, CREATE AND STYLE YOUR APP
    SNACKBAR VIEW
    Incorporate view into app
    element.

    View Slide

  27. 27
    Privacy and utility are complementary.
    POSITIVE-SUM, NOT ZERO-SUM
    Inform your stakeholders to gain user confidence.
    MAINTAIN VISIBILITY &
    TRANSPARENCY
    Privacy is a human right.
    PRIVACY AS THE DEFAULT SETTING
    Privacy, choice and access are core to
    value proposition, not add ons.
    EMBED PRIVACY INTO DESIGN
    All data is secure at reset and in motion.
    Erased when no longer required.
    ENSURE END TO END SECURITY
    Take action before the fact, not after it.
    PROACTIVE NOT REACTIVE
    It’s about the user. Not the data alone.
    RESPECT USER PRIVACY
    PRIVACY BY DESIGN PRINCIPLES

    View Slide

  28. 28
    Call to arms
    What future do you want to
    build for...
    Agency over data or the status
    quo?

    View Slide

  29. 29
    THANKS
    QUESTIONS?
    @nobleackerson @nobleackerson @stigsfoot/ Poly-Notes-with-Firebase

    View Slide