1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

User Interfaces and the Privacy Experience

Print Friendly

The old style privacy policy brought up by clicking on a hyper link usually found in a footer of a web page or grouped with other “legal notices” is manifestly unworkable in the mobile environment.  A contribution to re-thinking the delivery of privacy information and control over personal information has recently been released by the Ontario Information and Privacy Commissioner, Anne Cavoukian, and Yahoo!’s Senior Director, International Privacy and Policy.  Their paper, entitled “Privacy by Design and User Interfaces: Emerging Design Criteria – Keep it User-Centric“, discuss how the design of user interfaces may increase the “privacy experience” of mobile technologies.

Here are some of the points made in the paper:

  •  Context. User interfaces should take into account the limits and the uses of the devices.  Small screens mean that users should not have to resize or endless scroll to access and understand privacy policies.  User interfaces should provide the context for the value proposition to the user for the collection of the personal information.  If the photo just taken is going to be shared on another platform, notify the user.  If geo-location data is being collected, why is that beneficial for the user?
  • Awareness.  Although terms of use (which may include acceptance of privacy policies) are likely here to stay, user interfaces should be designed to permit interactive delivery of privacy information “at the time, in the place and in the manner that is meaningful for users.”  Users should be offered privacy choices as they take actions within a website or application, which would assist users in understanding the range of their choices and the implications of those choices.
  • Discoverability.  User interfaces should be interactive and contain navigational aids. The functionality of websites and applications should be harnessed to deliver information in a way that is important as is already done for advertising and other important content.
  • Comprehension.  Layered privacy notices that deliver subsets of policy information and navigate to information that is important to the user should be considered. In addition, organizations should be considering “Privacy Centres” which bring together information on privacy practices and the tools to manage privacy setting.