Browsing the internet involves more of our personal information than ever before. From cookies and consent forms to scripts and automatic collection, we leave a trail of personal data behind our every click. As a result, data security and privacy concerns have filtered into every facet of the site-building process, from development to design.
For purist designers, this presents a problem. While we have a responsibility to protect the data we collect by providing a secure website, a security-focused site is often inherently in conflict with a functional, personalized user experience. The more information we can collect from a user, the better we can tailor their experience; but this data has to be obtained in a functional and unobtrusive way, and must be protected thereafter.
With the advent of Europe’s General Data Protection Regulation (GDPR), ‘privacy by default principle’ is now a legal requirement. Websites are now obligated to build consumer privacy principles into all of their projects and document these design processes along the way.
In tackling this, it’s crucial that web design and development work hand in hand. The goal must be to determine how to collect and use data to provide the most personal experience while simultaneously protecting the user – all within the same design. By building data security into a website’s foundation, we can create systems that are at once practical and secure, and anticipate threats to data privacy before they happen.
In this article, we’ll cover this process and outline some actionable tips you can take to implement it in your design projects.
What Should We Aim Towards?
When deciding on the most effective way to collect and utilize user data in a privacy-conscious manner, designers should consider the following fundamental principles:
Privacy by Default. An individual should not be required to take any conscious action to protect their online privacy. Users must be aware of why their information is being requested and how it will be used to improve their experience. Only the data that is necessary should be collected, and should not be used, stored, or disclosed without prior consent.
Pre-emptive. Privacy must be integrated into the architecture of the website from the beginning rather than included as an afterthought. By adopting these practices early, it becomes a core component and prevents poor practice later down the line.
Transparency. Standards of data security and user privacy should remain visible and accessible for both users and providers at all times. This should take the form of open management options and clear user notices.
Security. All data collected must be secured and protected end-to-end, from the moment it is obtained until it is finally erased.
Respect for the User. All systems should be user-centric. In exchange for their data, designers must provide value in the form of a friendly, navigable, and secure website. Users must feel comfortable in their ability to add and remove their information as desired.
Implementing Privacy Principles
There are a number of simple ways to implement these concepts into your design work.
Broadly minimizing the amount of data you collect from users is an integral part of the ‘privacy by default’ principle. This way, a large portion of personal information is protected with no explicit or deliberate action on behalf of the user.
For a long time, web design has operated under a ‘just-in-case’ philosophy. With this attitude, we ask for more than what is explicitly necessary in case it proves useful in the future. Though you ultimately gain a trove of valuable data, each request for information likely decreases the conversion rate of your forms and the satisfaction of your users. Storing and analysing this data also increases the risk and impact of a breach later down the line.
It’s important to only collect the data that is explicitly relevant and necessary for the services you offer. If you don’t require a full address or contact number, don’t include this as an option in your form’s design. For the data you must collect, try and reduce how closely it can be linked to the user’s real identity. Through pseudonyms or anonymous IDs, you can protect the direct identifiability of a user’s data when it’s eventually processed or analysed.
Implement Clear Data Sharing Notices
Typically, your website will collect two types of personal data – that which is volunteered and that which is collected automatically.
The largest volume of data you collect will be obtained automatically. This will usually include tracking scripts or cookies. In this scenario, you should display a UI element that actively informs the consumer of your data usage and gives them the option to accept, refuse, or opt-out. This is usually achieved through a banner or pop-up window.
Here’s an example from the BBC:
The second scenario involves data that has been manually volunteered, usually through a form on your website. Here, your notices should explain the various ways this data might be used. This could be for targeted advertising, improving user experience, or sharing with external parties. You can also describe what happens to the data once it is collected, for example where and for how long it is stored.
From a design perspective, these notices can be implemented in a number of ways. As well as just-in-time notices and banners, users might benefit from accessible hyperlinks to more comprehensive explanations or collapsible information on the page itself.
Just-in-time notices are a top-level layer of information designed to display a small message at the moment a user is about to fill a form. If you’re collecting email addresses, a just-in-time notice could be shown to explain why the email address is necessary and how it will be used. Here’s an example:
This gives you the opportunity to inform users about the data you’re about to collect, how this will benefit their experience, and how it will be managed.
All individual components of your design project and data collection strategy should be visible, with a focus on transparency. This is a simple way to provide information on how an individual’s data will be utilized.
Obtain Free and Specific Consent
Fully integrated ‘privacy-by-default’ web design will naturally encourage its users to play an active role in managing their own data. This means prompting users to give clear and specific consent for any instance of data collection, storage, or disclosure.
In terms of design, this rules out the use of pre-ticked checkboxes or automatic opt-ins. This way, users cannot unwittingly agree to terms and conditions, emails, or optional extras they’re not happy with.
Equally, consent for one activity cannot be automatically connected to another; for example, including a message under a Download button that states “By downloading, you agree to receive our promotional newsletter”.
Incorporating these principles ensures that your users are never misled or manipulated into giving consent and are fully aware of the activities they have agreed to.
Managing Your Own Security
If you’re working remotely, on a large public network, or on a website that handles a large volume of user data, it’s equally as important to manage your own security as it is that of the site you’re working for. Incorporating a privacy-focused design is no use if your users’ data is vulnerable elsewhere.
Ensure you reinforce the site’s access control by creating passwords and usernames that are unique and challenging for others to guess. Adhere to standard security practices, such as limiting the number of login attempts possible in a specific time-frame. Eliminate form auto-fills in case any pre-authorized devices are stolen.
Tightening your network security is paramount, whether you’re working independently or in a large office. Any colleague might be inadvertently creating open access routes to your web servers, and the risks of public networks cannot be understated. Ensure there are protocols in place for updating passwords frequently, automatically ending expired sessions, and regularly scanning devices for malware. If you’re working remotely, use a reliable VPN to encrypt your connection.
Malicious entities can find their way in regardless of how rigorously the system is checked. This is especially true when there are regular uploads of large files. If this happens, a hacker will have almost unlimited access to the data on the website. To combat this, store your files away from the root directory and use scripts to access them where necessary.
Implementing these principles into your design process allows you to improve your work, protect and satisfy your users, and ensure you’re compliant with the latest legislation.
As designers and developers have on caught on to the value of user data for site refinement, conversion optimization, and even third-party sales, sites have begun to push the boundaries of their remit in attempts to manipulate users into divulging as much information as possible. Though largely well-intentioned, this philosophy has birthed a suspicious and distrustful relationship between users and the services they turn to.
Adopting an open, transparent, and integrated approach to data security in design can not only improve the success of our services commercially, but improve their moral integrity, and help us move towards a healthier digital culture of trust and mutual respect.