How do you know that a product respects your privacy – other than by wading through the fine print? We’ve created a framework to measure the way people actually experience privacy in tech products.
However, even where people’s privacy is protected by policy, they may not actually experience privacy. That’s where our Privacy Experience Heuristics come in. They list aspects of the end-user experience that bring people into contact with privacy policies.
A product that performs better on the Privacy Experience Heuristics isn’t just doing a better job with privacy: it’s doing a better job in a way people will notice. Privacy Experience Heuristics takes privacy from being a technical compliance issue to becoming something people like and value about a product.
Guides and rankings in the era of privacy awareness
GDPR reflects a global shift in people’s attitudes towards their personal data online. According to a 2023 Pew Research report, 81% of Americans are concerned about how companies use their personal data. 73% of Americans say they have little to no control over the data that companies collect, and 67% say they have little to no knowledge of companies’ practices. According to a 2021 Ipsos/Google report, 80% of people in Europe are concerned about the potential misuse of personal information online. The phenomenon isn’t confined to the US and EU. A 2023 IAPP report stated that 68% of consumers globally are concerned about their online privacy.
The average consumer will likely find it difficult to figure out which products respect data privacy. Stepping into the gap are civil society organizations that rank and score products based on their privacy practices. Resources such as Privacy Not Included (Mozilla), the scorecards from Ranking Digital Rights, US organization Consumer Reports’ privacy-focused guides, and in Germany, Stiftung Warentest, aim to assist consumers in making informed decisions based on the privacy practices of products and services. These guides not only help users identify products that prioritize privacy but also put market pressure on less privacy-conscious companies to improve their practices.
Privacy experience heuristics
A list of heuristics allows us to identify strengths and areas to improve. In this case, we’re evaluating the privacy features offered to people who use a tech product. This is not an evaluation of privacy practices, nor is it a legal compliance checklist: it’s a way to measure whether people can find, understand, and use privacy features.
Third-party assessments spotlight current products that are doing privacy particularly well (and particularly badly), a major boon to readers doing comparison research before a purchase. But these rankings and assessments are not designed to be performed by the readers themselves. Another limitation of buyers’ guides: they report results, but rarely show how the product could have improved. We saw a need for a complementary tool, an open methodology that offers concrete examples of dos and don’ts: Privacy Experience Heuristics.
Heuristic evaluation and benchmarking practices are a core part of the privacy professionals’ toolbox, both on the legal and technical sides of privacy. Privacy practices are defined in requirements, internal documentation and training, and internal policies.
But most people outside the company don’t see any of this material. They only see the legal fine print – the privacy policy, the terms and conditions – and the options and text included into the product interface.
The Privacy Experience Heuristics are for you if you are:
- Working on a technical product. Use these heuristics to evaluate how people experience your privacy features. Compare yourself against competitors to see how you measure up.
- Not working on a product yourself, but interested in evaluating and comparing the privacy experience
Privacy feels smooth, supportive, and empowering
For our Privacy Experience Heuristics, we wanted to quantify the experience of using a product that respects privacy. We broke down the experience of privacy into three aspects: a privacy-respecting product should feel smooth, supportive, and empowering.
The Privacy Experience Heuristics build on Privacy by Design (PbD), a framework that defines seven broad principles to guide a privacy-friendly approach to user data. These heuristics apply Privacy by Design principles directly to the user experience. They illustrate that Privacy by Design, usually read as applying to legal and technical privacy professionals, can also be implemented in product design.
Smooth
What makes a privacy experience feel smooth?
People can just start using the product without being hassled or burdened with too many choices. They can trust that the default settings will meet a majority of their needs.
Selected heuristics:
- Users are not nudged to enter information that is not required for platform use.
- Rejecting non-essential cookies is possible with 1 click.
- Advertising is based on activity, not demographic data.
Corresponds with Privacy by Design, Principle 2: Privacy by Default.
Supportive
What makes a privacy experience feel supportive?
People are nudged towards actions that are in their interest. Personal data collection is minimized. The product warns or even forbids people from doing things that would compromise their privacy. People know there are guardrails in place to protect them, both from the company and from other people.
Selected heuristics:
- Camera and microphone access is only requested and used when relevant to what the user is doing.
- Metadata is removed from uploaded images.
- Permission to use precise location is not requested, unless users are aware of a feature that needs precise location to function.
Corresponds with Privacy by Design, Principle 3: Privacy Embedded Into Design; Principle 5, End-To-End Security; Principle 1, Proactive not reactive.
Empowering
What makes a privacy experience feel empowering?
People can control their experience, change their settings, and understand what’s going on. They can exercise their legal rights, whether that’s accessing their data or lodging a complaint.
Selected heuristics:
- Users can view how their profile looks to others.
- Users are periodically prompted to review their privacy choices.
- Users can request a copy of their data in the interface.
Corresponds with Privacy by Design, Principle 6: Visibility and Transparency; Principle 4, Full-Sum, Not Zero-Sum.
But wait…
Do people actually want more transparency and choice, or do they want smart defaults so they don’t have to think?
People need both! That’s why our list of heuristics has categories called both “smooth” and “empowering.”
Defaults should be privacy-preserving. People should opt in, not out, of sharing their data. A person who doesn’t want to dig around in their profile settings should have the most privacy-preserving experience that is practical.
It should also be easy to alter the defaults: easy to find the settings, easy to figure out what the settings mean, easy to change settings and change them back.
Are these heuristics a guide for companies to fake privacy?
No, they aren’t. The features described require appropriate policies to back them up, otherwise they (mostly) won’t work.
Here’s what the heuristics do for companies:
- Even if a company’s policies are compliant with regulations, that might not be clear to the average user. Most people don’t read the fine print of terms and conditions to learn about the privacy they are entitled to. Their rights should be expressed in the product itself, as well as in the legal and technical documentation.
- These heuristics help companies to identify and enhance privacy features that are not just compliant with regulations, but also increase competitiveness and brand value.
- By highlighting how improved privacy can serve as a competitive advantage, the heuristics engage teams not traditionally involved in privacy, like product and marketing, encouraging them to champion privacy features. Their advocacy can drive support for enhancing privacy policies across the organization.
Credits
Project Contributors: Veszna Wessenauer, Molly Wilson, Abhishek Sharma.
This blog post is based on a session at MozFest 2024, “Elevating Privacy: Centering User Experience,” presented by Veszna Wessenauer, Mascha Arnst, and Jasper Enderman.