Rethinking product in a privacy by design world

Transcript

1. 1 medium.com/@nobleackerson @nobleackerson Rethinking product IN A PRIVACY BY DESIGN

   WORLD

2. 2 Hi, I’m Noble! Recovering Startup founder, GDE, Independent Software

   Engineer

3. 3 Sparrow

4. 4

5. 5 5 Why innovate around data privacy, why now? Help

   you understand the evolving data landscape Provide examples via design guidelines to support positive sum experiences Today’s Goals

6. 6 EVOLVING DATA LANDSCAPE Vulnerabilities and breaches cause Governments to

   view data as a human right. Growth In Regulations Massive amounts of our personal data is given up for convenience. Growth In Data Users don’t have to sacrifice privacy at the expense of services. Positive Sum Opportunities

7. 7 EU 379.7M Labor Market GDPR IS A GLOBAL STANDARD

8. 8 GDPR Consent Definition “ any freely given, specific, informed

   and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” GDPR consent guidance — https://ico.org.uk/about-the-ico/consultations/gdpr-consent-guidance/

9. 9 Information in profiles Allowing face recognition

10. 10 DEMAND FOR DATA PRIVACY CHANGES HOW WE BUILD Progressive

    disclosure not only limits collection g information you might not need. It also introduces decluttered interfaces and focuses your user. Only collect information when you need it Look at disclosure of what you're using your customers data for as your value proposition. An opportunity to be transparent and earn trust. Clearly communicate justification of storing data Not for the sake of compliance with regulation but understanding that giving users access to what you store provides users with additional value. Give users agency over their data

11. 11 Progressive Disclosure COLLECTING INFORMATION ONLY WHEN YOU NEED IT

12. 12 User visits social media monitoring app, Politifilter 1 User

    is prompted to login and authenticates to the Social Media Monitoring app 2 User searches content, filters the analysis they need 3 User saves report so that they can access that information again. 4 Common User Journey

13. 13 www.yourcompanyname.com 13

14. 14 www.yourcompanyname.com

15. 15 Clear reason why you need my data

16. 16 Common Design Pattern User want’s to know about events

    on campus, discovers CampusEvents App 1 User registers for a Campus event web application 2 User searches events and subscribes to an up-coming event. 3 User is given a list of other events they may be interested in. 4

17. 17 What information is needed? When? Why? IMAGE CREDIT: UI8,

    SAN FRANSISCO, CA

18. 18 BUT I JUST WANT TO USE WIFI...

19. 19 www.yourcompanyname.com

20. 20 Give me agency over my data

21. 21 ? Right to Access Where would you expect to

    request access or deletion of your data if not Account?

22. 22 The Data Liberation Front is an engineering team at

    Google whose singular goal is to make it easier for users to move their data in and out of Google products. DLF’s efforts rolled into Google current Takeout initiative. But is that enough? Google Takeout

23. 23 POLYMER + FIREBASE CODE LAB Access to info A

    lens into what data is being collected. Contextual Features Don’t overwhelm the user with information all at once. Privacy Promise Snackbars provide brief feedback about an operation through a message at the bottom of the screen.

24. 24 24 PREFERENCES C.R.U.D ONBOARDING DISCOVER Is our privacy promise

    clearly articulated? Is there an option to opt out of tracking? Are we clearly communicating how the users data will be used? Are we diligently asking for specific information we need? Is there an accessible settings or account section giving the user agency over their data? DISCOVER LEARN USE GOAL DATA TRANSPARENCY CONSIDERATIONS USER ACTION STAGE

25. 25 25 INSTALL DEPENDENCIES AND INITIALIZE console.firebase.google.com npmjs.com/package/bower 1 2

    3 4 $ npm install -g bower $ npm install -g firebase-tools $ touch public/manifest.json $ touch public/louisiana-notes-app.html $ firebase serve PRIVACY PROMISE SNACK BAR OPT-IN install the Bower package manager using Node.js and NPM. The Bower package manager will be used to install further dependencies for the browser BOWER Setup CLI and initialize Firebase for your local environment. Select the default options you need for your apps functions. FIREBASE

26. 26 26 DECLARE APP DEPENDENCIES <script src="bower_components/webcomponentsjs/webcomponents-lite.js"></script> <script src="bower_components/web-animations-js/web-animations.min.js"></script> <link

    rel="import" href="bower_components/platinum-sw/platinum-sw-elements.html"> <link rel="import" href="bower_components/polymerfire/firebase-app.html"> <link rel="import" href="louisiana-notes-app.html"> 1 2 <firebase-app name="notes" api-key="YOUR_API_KEY_HERE" auth-domain="YOUR_AUTH_DOMAIN_HERE" database-url="YOUR_DATABASE_URL_HERE"> </firebase-app> <na-privacy-snackbar></na-privacy-snackbar> 3 4 Full source code on the last slide. For more information see polymer-project.org | firebase.google.com CONFIGURE YOUR SERVICE WORKER, FIREBASE APP, CREATE AND STYLE YOUR APP SNACKBAR VIEW Incorporate view into app element.

27. 27 Privacy and utility are complementary. POSITIVE-SUM, NOT ZERO-SUM Inform

    your stakeholders to gain user confidence. MAINTAIN VISIBILITY & TRANSPARENCY Privacy is a human right. PRIVACY AS THE DEFAULT SETTING Privacy, choice and access are core to value proposition, not add ons. EMBED PRIVACY INTO DESIGN All data is secure at reset and in motion. Erased when no longer required. ENSURE END TO END SECURITY Take action before the fact, not after it. PROACTIVE NOT REACTIVE It’s about the user. Not the data alone. RESPECT USER PRIVACY PRIVACY BY DESIGN PRINCIPLES

28. 28 Call to arms What future do you want to

    build for... Agency over data or the status quo?

29. 29 THANKS QUESTIONS? @nobleackerson @nobleackerson @stigsfoot/ Poly-Notes-with-Firebase