How will privacy-by-design principles impact web development and user experience?

Websites are also often the first and only point of contact between an organization and its prospects and customers, who are also typically the largest category of affected people.

The website therefore sets the tone for the brand and its attitude towards privacy principles.

With that in mind, it will quickly become important to understand what this will mean for web design.

This article gives a brief overview of the issues that businesses and web designers will need to think about.

Introducing PbD

Much more than an empty phrase buried in a long legal document, privacy by design (PbD) was a concept pioneered by respected Canadian privacy regulator Ann Cavoukian in the 1990s. .

It provides a framework of seven principles to guide the development of new systems and processes for handling personal information.

In short, following these principles means building privacy into the design of a system as a default setting, ensuring that personal data is kept safe and destroyed when no longer needed, providing users with transparency and choice significant with regard to the use of their data. , and avoiding unnecessary trade-offs between privacy and other interests.

More details are available here.

Looking at these principles, it’s easy to see that the vast majority of websites would fail even the most lenient test of their application.

More than that, when recently presented with the legally mandated requirement for partial implementation of these principles, many website owners showed strong resistance.

I’m of course talking about the ePrivacy Directive, aka cookie law. The consent requirement for the use of cookies embodies the PbD principles of privacy by default, transparency and meaningful choice.

More than four years after it first took effect, although more and more responsible companies are moving towards greater privacy choices, the law is little more than praise from the mouths of millions. other sites.

More than that, it’s frequently derided by web professionals, many of whom have as little understanding of the law as they accuse lawmakers of having the technology.

The impact on website design

A privacy-by-design approach to web design and development must consider the two major modes by which visitor privacy is affected:

  • Voluntary personal data.
  • Automated collection of personal data.

The voluntary data part is relatively easy, and many websites handle it reasonably well, although there are a few things to watch out for.

It’s the automated bit that presents more challenges. We will watch both.

Voluntary data

The most obvious source of voluntary data is when visitors submit their information via web forms. Although at first glance this is a simple case of obtaining consent through a privacy policy and a checkbox, there are a few things to consider.

The site should be clear about all the potential uses of the data, not just the uses that the subject expects or for which he provides his contact details.

Where one of these uses could be in addition to the main reason, the principle of “privacy by default” would require that the data subject consent to these additional uses, and not only to all future uses, but to each use specific.

Even where voluntary consent has been obtained, there should also be an easily accessible option/control mechanism to opt out again at any time.

What happens to submitted form data is another critical design issue. Is it emailed, sent to a CRM, stored in the site database? It is common for all three to occur, resulting in multiple copies of the data.

But if you send the data to another system, leaving it in the web database is an unnecessary security vulnerability, which many sites are exposed to.

If you do not use the data operationally on your site (for example to log in), regularly erase the data submitted via the forms.

However, not all voluntary data is entered directly through web forms.

Can people set a language preference on your site? Do some interactions result in personalization of content? This could be considered voluntary personal data.

How are people informed about this? How is the information kept, how long? These are all valid considerations for PbD.

Data Collected Automatically

This is usually the largest volume of data generated from your website. This happens largely through the use of cookies and other mechanisms that are set and read by the various applications your website uses.

In Europe, there are specific rules regarding visitor consent and the use of cookies. We won’t go into detail about those requirements here, except to point out that by applying privacy-by-design to your use of cookies, you’ll likely also be largely compliant with the cookie rules.

Of course, not all cookies contain or can be considered personal data. However, the broad scope of the definition of personal data under the GDPR means that many types of cookies are likely to fall directly and clearly within the scope of the new rules.

In particular, cookies that act as unique device or user identifiers – such as those used for online tracking and user login, are likely to be considered personal data under the GDPR. of the EU.

This will therefore imply the need to evaluate all the elements of your website that install cookies, identifying if these contain personal data.

The next step would be to determine if there are privacy-friendly alternatives, or if not, how to implement user controls. This has particular implications for technologies that set third-party cookies.

In particular, it would no longer be possible to argue that “we are not responsible for third-party cookies”.

PbD requires site owners to shift the focus from cookies per se to a decision to use the underlying technology. No website owner can reasonably say “we are not responsible for the technology we add to our website”.

A PbD approach to site design therefore requires that each element of a site’s technology infrastructure be assessed for its impact on privacy, and requires the provision of appropriate default settings, notices, and controls.

PbD principles suggest that you can’t just add a standard Facebook Like button to your default pages.

You’ll need to ask users to opt-in to these features, while making sure they’re aware of the privacy implications.

Satirical site The Daily Mash has an ironic approach to cookie law compliance

This also applies to a wide range of technologies and services provided by third parties in the form of scripts and code embedded in the pages.

Analytics, videos, music, chat rooms and of course advertising – all of these page elements are usually served from separate host domains that are more or less invisible to the average visitor.

All of the most common examples of these services involve some level of personal data collection.

The obligation to follow the principles of PbD implies taking into account their impact throughout the development process.

This is not an easy task as many technologies designed to be integrated with other sites are not clear about their data collection practices.

The impact on the user interface

PbD requires a thorough examination of a website’s architecture and its privacy implications. It also requires mechanisms for visitors to make realistic privacy choices.

This of course means that there is a need for interfaces to support such choices. And that can be one of the biggest challenges for website design.

The kind of notices we’ve seen stem from attempts to comply with cookie law won’t easily suffice – they’re neither granular enough nor varied enough.

What will be needed are more dynamic interfaces, showing and hiding content and functionality based on the choices made.

Such interfaces are not uncommon – the best web design already configures content and services around users, that’s what “personalization” is.

However, interface customization is generally unclear to the user, especially when and why it occurs. Privacy by design means not only making the fact of personalization explicit, but also providing explicit choices to visitors about whether or not it should take place.

Along with this, designers will also need to consider whether or not they want to provide access to content and services to people who make privacy choices that go against the economics of the services provided.

For example, if a visitor goes to a free information site, which is paid for with privacy-intrusive advertising, but chooses not to have advertising, the designers will have to decide whether they should not have access to content.

In conclusion…

The aim of this article has been to raise some of the issues that the web design profession will face once the new European data protection rules are finalized.

Of course, these are not just decisions for “designers” in the traditional sense; these are also examples of some fundamental questions for the digital strategy.

The new law means that there will be no escaping such questions when it comes to new web construction. So the time is also fast approaching when some answers will be needed.

James S. Joseph