If you’re not paying attention to privacy, you’re ignoring your users.
One quantitative measure of this growing interest is the traffic over at Duck Duck Go, the search engine that doesn’t track its users. (Here’s the video of the founder at our recent Gel conference.) Just last week Duck Duck Go broke the barrier of 3 million searches a day: see their tweet, and a Guardian article. It’s obvious why these numbers are growing. People are more than a little concerned by the news of PRISM, not to mention the recent Facebook privacy breach (announced on a Friday afternoon, how coincidental!)… and Google’s recent 7 million dollar fine for tapping into people’s personal data via their home wifi signal (more info)… and then there are the disturbing privacy risks of Google Glass, which users and journalists worldwide have responded to (while Google has continued to say, essentially, “get used to it”).
Users are getting tired of being watched without their permission. Change is in the air.
Inevitably, there are defenders of the status quo, who offer this response: “Sure, users say they want more privacy, but they don’t act like it.” Search engine blogger Danny Sullivan recently wrote as much, asserting with some chutzpah that Duck Duck Go’s growth “proves that no one cares about ‘private’ search.” Users, he argues, still overwhelmingly choose Google, even with all its massive data collection and profiling, so who cares about a startup that offers privacy? (Sort of reminds me of the time Yahoo thought itself unassailable and allowed its searches to be powered by a tiny, insignificant startup named Google.)
The smart companies out there are preparing, now, for the wave of change that’s coming. Users want control of their data, and most products make it too difficult. This is a huge opportunity: the easier a company makes it for users to accomplish their goal – in this case, gaining control over their data privacy – the better the company will do.
If this sounds a lot like the core message of Creative Good – improving the customer experience – it’s because privacy is now a customer experience issue. More specifically, everyone from product managers to CEOs should be thinking about the PXA – the “privacy experience architecture” – that their product offers. Any app, any site, any product or service that involves sharing of data, should have an embedded framework for customers to view, and control, the sharing of that data.
Many apps now have a PXA, but it’s only partially built out. Take, for example, Dropbox – a service I use and like a lot. Although it is among the best data-sharing services available today, its PXA could use improvement. Here are just a couple of small examples:
At left, icons for two Dropbox folders in the Mac OSX version. They share data in very different ways – can you tell?
These are icons for the same folders, as seen on the Dropbox website. It’s easier to tell which one shares data – but do you know exactly how it shares, with whom, under what circumstances?
I’d guess most users don’t know how to answer those questions. But users who know enough to click into the folder, then click the correct menubar icon, will see these sharing options:
The design, though clean and pleasant, leaves other questions unanswered. What happens to the data that you share in this folder: is it restricted only to the people who’ve joined? Is it shareable to people who haven’t joined? And what are those gear icons on the right? Yes, the Dropbox has explanations in the help section (here and here) – but you know the old saw: if users need to check the manual to figure it out, there’s a problem.
I point out these examples not to criticize Dropbox – it is, in its design and functionality, one of the best services for sharing data. It’s just that there is plenty of room for improvement. And if a site as good as Dropbox needs to improve its PXA, consider what that means for every other app, site, and service out there. This is a major issue.
How should a team begin to think about the PXA? Consider the users’ perspective. Here are just a few of the questions that more and more users will ask about their data:
• Who is allowed to see this thing I’m posting? Can I edit that list? (Can I find that list?)
• Who might possibly see my data, outside the invited viewers?
• If I invite someone to view something, can they invite others to see it? Is that setting easy to find, and easy to use?
• How do I rescind access – i.e., can I make my data fully private again?
• Are they actively notified of that rescinding (for example, unfriending)? Tell me where I can see it; don’t just throw it in a help file somewhere.
• If I post a file to a private, unshared folder, can I let someone see just one file in that folder? If so, can they get to other items in the folder?
• Do these bits last forever, or can they time out at some point? Before a photo self-destructs, can a user take a screenshot of the photo and save it for later, possibly wider, sharing?
• What devices will these bits show up on? Does the user have to click a sync button or do they show up automatically on every digital device they own? Can someone stop the sync from happening (i.e., if it’s a really large file and they’re not on wifi)?
In engaging those questions, the PXA design should adhere to basic guidelines like these:
• Tell users clearly and obviously what the privacy status is of their data, on a file-by-file basis.
• Make it easy to change the access.
• Distinguish privacy settings on multiple levels of the interface – not just in a help file (“this is how links work”) or in the design of a single icon.
• Make it easy for users to see what the experience is like for someone who’s not invited. (Don’t force them to log out and try the link from an anonymous account.)
Some companies are already working to craft a better PXA. Duck Duck Go is certainly one of them (see the video); another is the startup Wickr (see NPR story), which sends encrypted, self-destructing data; and there are other startups emerging in the space as well. But this isn’t just a startup issue.