Privacy and the User Experience

Nov 9 2010 by Alexander Dawson | 12 Comments

Privacy and the User Experience

The privacy issue is an often-neglected aspect of designing user experiences. All too often in today’s information-driven society, we who work on the web sacrifice privacy and submit our users to violation or intrusion. In this article, we’ll discuss certain privacy-related concerns — in particular, how asking for too much information can degrade the overall user experience.

Our Thirst for Information

Why is privacy such a hot topic? Look at social networks such as Facebook (whose privacy settings are notoriously complex and ambiguous): the amount of user data that is either being made available publicly, sold without the user’s knowledge or is visible because of a security breach is increasing. We as site owners and site builders are responsible for the transactions and activities that occur on our sites. We’re the "guardians" of our users, and respecting their privacy is important.

Many people use PayPal to ensure that any breach of their website does not compromise their users' data.Many people use PayPal to ensure that any breach of their website doesn’t compromise their users’ data.

The predominant concern about privacy is that websites often ask for more information than they need. How many times have you been forced to sign up for an account just to access certain information? How many times have you been asked for personal details when the transactions don’t require it? Websites of all scales and sizes are guilty of this, and it’s time to address it.

Twitter doesn't make its users submit a ton of information. Excellent work, guys!Twitter doesn’t make its users submit a ton of information. Excellent work, guys!

In addition to the concerns about the amount of information being harvested by websites, there are concerns about storage and how websites deal with information once they get it. A user’s experience of a business and its services will only be as pleasant as the business is trustworthy. Treat visitors with respect and remove barriers to access (such as multiple data requests and spam), and you’ll improve usability — and empower your audience in the process.

The Value of Knowledge

We, as users of websites, typically "sell" our personal information to whoever asks for it, whenever they ask. What’s your shipping address? We’ll also grab your IP address while we’re at it (We’ll do it secretly after you submit this web form). What’s your date of birth? How much do you make a year?

One could argue that we, as a society, are devaluing identity. Knowledge is power, and anyone who knows details about someone else — details from which they could benefit or profit from — has a leg up on the competition.

We certainly shouldn’t manipulate our users or cash in on their data without their explicit consent and knowledge (e.g. Check this box if you’re OK with us selling your data to anyone; we’ll make $7.99 from selling your data). Quite the contrary: visitors will value our website if we ensure that their information is secure. Trustworthiness is rare and, for that reason, a valuable asset.

Tracking visitors' habits is a debatable practice, but it can help us enhance the experience.Tracking visitors’ habits is a debatable practice, but it can help us enhance the experience.

While the data that we harvest from users allows us to target them much more purposefully and give them a better user experience, we can still reap long-term value despite restricting ourselves to minimal data (i.e. personal details). Analytic tools, detection scripts and the logging of IP addresses all hold great benefit to site owners, but they must respect the privacy of users if they want to maintain that experience.

We’re discussing value and trust here, and you’re probably wondering how this relates to user experience (UX). The answer is simple: trust and confidence are essential components of the experience that users have on your website and with your brand. Trust and confidence are critical to turning one-time visitors into long-term customers. If your business lacks the trust and confidence of users, then they will be reluctant to use your website.

Progressive Disclosure

If privacy problems can be so detrimental, what can we do about them? Presumably, you want to offer visitors a hassle-free experience, one in which they feel safe. A simple way to satisfy privacy concerns and remove barriers to access is by following the principle of progressive disclosure; that is, asking for and using information only when absolutely necessary.

The basic goal of progressive disclosure is to ask for the minimum amount of information. As users interact with the site and encounter something that requires them to divulge more information, that’s the only time the site should ask for it. Users should have the choice not to provide the requested information (and thus may not use that feature of the site).

Take for example, Amazon.com. First-time visitors can browse the entire site without giving out any information. (A bit of an awkward example, just because Amazon.com drops cookies to track users that aren’t signed in — but that’s a conversation for another day.) If the visitor finds an item she likes and would like to put it on her wish list to bookmark for later, that’s the only time Amazon.com will ask her to sign up for an Amazon.com account. When a new customer signs up, all they need to provide is an email address.

The new or existing customer signup form on Amazon.com.The new or existing customer signup form on Amazon.com.

Finally, some months later, the user comes back to Amazon.com, ready to buy the item she placed on her wish list — this is the point where Amazon.com will ask for her shipping address and payment information.

The key concept to remember in the Amazon.com example is the progressive disclosure model for acquiring user data: A website should not ask for all the data up front. Let users progressively disclose their information as they use the site.

If a visitor is registering an account on your forum, don’t ask for their phone number or home address. If they’re paying for goods online, you don’t need to know their sex, tax bracket or marital status. Online stores commonly make the mistake of asking for credit card details even when the visitor is just window-shopping. People want to fill their cart with items before checking out and entering their credit card information.

Be sensible about when you ask for information: request it progressively, and only when it becomes necessary.

In addition to restricting your private information requests, consider how you present the requests you make, which could lower barriers. People waste a lot of time fumbling through complex forms that annoy them to no end; our job as web designers is to make such tasks simple. If you need users to fill out a huge form, break it down into progressive (and thus less daunting) goals to improve readability and reduce anxiety.

Breaking Down Barriers

The key to success is removing a website’s barriers to access — all barriers, whether related to accessibility, usability or function. Make your website glide, not grind. Two core principles come into play here; principles by which we can satisfy our own thirst for data while still being responsive to our users’ needs. The principles also suggest methods for helping visitors find what they’re looking for on our websites.

The first principle is more choice, fewer options. While you’ll want to avoid extremes, minimalism and reductionism are powerful in their ability to give shape to information and to remove excess from a visitor’s line of sight, thus improving the company-customer relationship. Offer clear choices and remove ambiguous input fields, and you’ll increase the likelihood of getting responses.

The second principle is education. The need to be transparent and sensible with users has never been greater. Privacy laws exist so that websites take steps to protect the safety of visitors and promote awareness of how user data is handled (data protection laws serve the same purpose in some countries). Posting clearly written and comprehensible (i.e. not too technical) policies in a visible place on your website can put visitors at ease, as can explaining the measures you’ve put in place to enact those policies.

Educate users about what they'll be "giving up," and help them avoid nasty surprises.Educate users about what they’ll be "giving up," and help them avoid nasty surprises.

It never ceases to amaze me how we web designers — who would never trust a web host that doesn’t explain how it stores our sensitive data (user records, registration information, etc.) — are so quick to ask our own users to hand everything over with a mere "Trust me!"

Invisible Data-Mining

The last topic we should discuss is the issue of invisible data-mining (which includes recording IP addresses, using cookies, storing sessions, even using analytics software). Invisible data-mining might seem harmless enough to us professionals, but that doesn’t allay the concerns of users.

Invisible Data-MiningSpam is a serious issue; intruding on an inbox won’t win the person over.

Invisible data-mining encroaches on ethically questionable territory. I don’t want to preach about what one should or shouldn’t do with respect to procuring and using data; education and awareness solve most problems. In the end, though, more websites and designers should allow anonymous browsing (where sensible) and make cookies and usage-tracking optional: leave it up to the visitor.

Many people will immediately retort, "The data is harmless" or "They can easily delete the cookies." The point is that, while such tools can improve a website’s UX through site improvements resulting from analysis of site activity and traffic, they shouldn’t be used against the visitor’s wishes, and the onus shouldn’t be on users to opt out (as is the case with spam).

Value Your Users’ Data and Privacy

My purpose was to highlight the importance of trust, which gets compromised when user privacy is handled poorly. Know your visitors’ expectations of privacy, as well as the most current methods of handling data and the lawful ways in which data can be collected and used. You might help to dispel some of the anxiety and contention that currently afflicts users and governments. The future of the web almost certainly depends on our methods of dealing with privacy, so taking the issue seriously right now is crucial.

"User experience" is a funny term, and it can be looked at in a number of ways. The lesson to remember, though, is "Value your users." If an element doesn’t enrich the experience or encourage users to continue, your efforts will have been wasted. If your website breeds distrust, then you will certainly lose customers and possibly erode the public’s regard of the web as a safe place to store data. As web professionals, we must value our users, recognize their worth and treat them with respect.

Related Content

About the Author

Alexander Dawson is a freelance web designer, author and recreational software developer specializing in web standards, accessibility and UX design. As well as running a business called HiTechy and writing, he spends time on Twitter, SitePoint’s forums and other places, helping those in need.

12 Comments

Chuck Snyder

November 9th, 2010

I agree, too many web sites require too much information about myself, or set way too high password/login requirements for the type of data they are serving.

For myself, if I decide the site doesn’t need my information, I put in bogus entries. Wronge age, wrong address, wrong phone numbers.

I meet their requirements, but don’t give any personal information.

Dainis Graveris

November 9th, 2010

I actually know forums, and websites, that ask too much information that is really out of context of what they have for their users. I remember reading the post title of what I was looking for, but before I can gain access to that post I need to “register,” well, technically a survey marauding as “register”. Can you imagine a health-related website asking, before you can join them, how many cars do you own? This has become too common that people have developed a sensation of “weak security” towards websites that only ask for few information. “Really, only those questions?”

Many nice points there, great post for educating people in the industry.

Manuel Ignacio López Quintero

November 9th, 2010

The issue of privacy is very swampy ground. Be cautious and try not to violate data protection.

Great article Alex, I hope you still writing in Six revisions!

Dreb

November 9th, 2010

Very helpful and full of information. I’ve learned about “Progressive Disclosure” that is amazingly useful to lighten up the user’s experience. I also found sites that requires too much information but the transaction you’re going to have there uses only few of those information. How i wish everyone knows about this so there will be “peace” and “harmony” in the world wide web.

Rigo Wenning

November 10th, 2010

A very nice article on the things a web developer can do. Note well that W3C had a series of Workshops this year as we try to understand the ramifications and possible solutions to preserve privacy on the web. See http://www.w3.org/2010/api-privacy-ws/ and http://www.w3.org/2010/policy-ws/

Additionally, there will be a joint Privacy Workshop with the Internet Architecture Board on 8-9 December in Boston:
http://www.iab.org/about/workshops/privacy/

Jacob Gube

November 10th, 2010

@Rigo Wenning: Rigo, thank you for sharing those links to the workshops.

Alexander Dawson

November 10th, 2010

Thanks for your comments everyone!

@Rigo Wenning: Thanks for the feedback and the links. I think what we need to see are more developers being transparent about data collection and perhaps a simpler method for end users to be made aware of instances when their data is being collected (and more to the point, able to block such collection on-demand). It’ll have to be a two way street with designers requesting less and user-agents being smarter about permissions (or notification) but the web certainly could do with being a bit less data obtrusive!

Siddharth Menon

November 10th, 2010

@Alexander Dawson Well written article … I specially like this part ” It never ceases to amaze me how we web designers — who would never trust a web host that doesn’t explain how it stores our sensitive data”

juan iconshock

November 10th, 2010

Nice read as usual guys… well, there’s something curious about “privacy” in this social era… nowadays, even when all discussions about privacy are served almost everyday, is easier to find everyone’s information just a couple of clicks away… and I think, in some cases, final users really like this ! (well, they want to share their latest photos at the beach :) !!…)
Just taking the example you gave us: Facebook… with those ambigous options about privacy. I know a lot of people who don’t care about this “privacy” ambigous options issue, FB has 500M users and is still growing…

Well, just my 2 cents, anyway, there’s a lot of discussion behind it… keep the good work !

mspownall

November 11th, 2010

Great article Alex.

Thought and consideration to form elements is often overlooked by designers and clients. Not only does it tackle issues over privacy, but restricting the size of the form to a minimum requirement will in most cases improve form completion rates to.

Bill

November 11th, 2010

Great article! I think you hit the nail on the head when you say “leave it up to the visitor.” The big concern with most privacy related incidents is that people want to have control over how much of their private information is shared publicly. Some people don’t mind telling all, some of whom make a very good living off of it. Others prefer not to. I think that soon there will be some very attractive alternatives to the Facebooks of the world, alternatives that provide similar value without disrespecting the desires of users.

Stacy

November 14th, 2010

Great article!

I just started a master’s program in Interaction Design & Info Architecture and we have been speaking in great lengths about this exact topic.

Leave a Comment

Subscribe to the comments on this article.