In the media

UX design is key to creating privacy controls that unlock value

By Elisabeth Mackay, Elizabeth Garside


27 July 2022

Consumer data is central to online organizations’ ability to personalize experiences and services to enhance customer value. Customers, however, are concerned about the security and privacy implications of handing over personal data. Privacy has become an expectation for them, and they’re shunning businesses that appear to get it wrong.

This article was first published in Infosecurity

The data gathering journey, particularly the permissions element, should be an opportunity for businesses to increase customer trust and unlock customer value. However, it’s often less coherent and transparent than would be desired by consumers and regulators, and that can disenfranchise customers.

Three-quarters of people agree with default settings in apps and online services. Organisations should carefully consider the potential influence design choices have on customer privacy permission journeys. Designing an empowering customer journey will take an innovative approach that brings together diverse skills across privacy, compliance and web design. Getting this right will help organisations unlock value from their data.

Customer experience and compliance shouldn’t be in competition

Often organizations think of privacy as a two-dimensional spectrum, with compliance at one end and customer experience at the other. Fear of non-compliance can lead them to fall into two traps:

  1. Throwing the book at it. Rigorously following the letter of the law doesn’t mean automatic compliance. If the customer needs privacy or legal expertise to decode the meaning of words or experiences information overload, they can’t make an informed choice.
  2. Following the herd. Just because competitors are doing something doesn’t mean it’s compliant or great for customers. If brands use copy or features common in the market without considering the impact on the user experience , they could hinder informed consent. But compliance and customer experience are not mutually exclusive. It’s possible to achieve both without sacrificing either – if companies are willing to start doing things differently and innovate.

Don’t be afraid to innovate

Firstly, it’s vital to emphasize the customer value exchange instead of using the default copy around privacy and permissions. Easy-to-understand language is a priority, and simplicity is key, for example, using a friendlier tone over corporate speak. Just be careful it doesn’t obscure important messages.

Secondly, the most used privacy solutions, such as the ubiquitous cookie pop-up, often hinder consent and control. Customers can experience ‘consent fatigue,’ so don’t engage in any meaningful way.

Companies can use simple UX features, such as layering or toggles, to make the privacy experience more customer friendly. Several companies have recently launched online account preference centers, which are a user-friendly way to bring together privacy management features with other settings. Another innovative way of presenting information may be to include videos within the privacy policy page to explain different terminology and permissions more visually.

Unlock the value of privacy through testing and user research

User testing helps you understand how customers interact with the permission experience, letting you iterate to unlock value.

You can do this qualitatively, for example, through a simple questionnaire about how people want to see permissions. However, customers often interact with permissions tools differently than they thought they would. For example, customers may think they want additional privacy controls but in practice choose the quickest route to get past the controls.

To mitigate this, use A/B testing to evaluate how users interact with privacy controls in the real world.

And don’t forget to continually assess compliance as the designs transform iteratively.

Make privacy everyone’s business

When UX designers or compliance experts consider business goals, such as increasing customer sign-ups or achieving regulatory compliance, in isolation, the customer experience suffers. For example, focusing on registrations can lead to ‘dark patterns’ – design features that nudge people towards more privacy-invasive options.

Regulators increasingly recognize the importance of avoiding such techniques. While deliberately tricking or misleading customers is unethical, designers sometimes unwittingly implement dark patterns. For example:

  • Toggles can help customers select an option or express consent, but the default settings can also manipulate choices.
  • A layered approach to providing information can avoid overwhelming the user, but it could also hide important details.
  • A cross in the corner of a cookie pop-up offers easy navigation, but it could leave the customer in the dark about which cookies are active.

The solution to optimizing the privacy experience for customers is to make privacy everyone’s business; it takes a cross-functional team of designers, privacy experts and business leaders. Their focus should be on the customer experience.

A clear customer journey for privacy controls will unlock the value of data

As people become increasingly concerned with data privacy and organizations increasingly rely on customer data to thrive, it’s vital to provide clear journeys for customers to choose how their data is used. This will only happen with innovative solutions rigorously tested and continuously developed by cross-functional teams of UX designers and privacy experts.

Explore more

Contact the team

We look forward to hearing from you.

Get actionable insight straight to your inbox via our monthly newsletter.