Privacy and UX - Final part
Balancing User Experience and Data Protection in the Digital Age
The last episode!
If you miss the other parts:
And the part 2:
https://privalogy.substack.com/p/privacy-and-ux-part-2
Data Collection in Forms: Aligning with LGPD Principles
Itโs evident that the form in Figure 3 collects personal data but fails to specify the purpose of each field. Adding a generic phrase indicating that by submitting the form, the user agrees to a policy (typically located elsewhere) is insufficient, non-specific, and may constitute illegal data processing under Brazil's LGPD. While itโs not mandatory to explain the purpose of every field, it is crucial to provide clarity for those fields whose necessity might be questioned by the data subject in the context of the business.
Contextualized Data Collection
For instance, in a user registration form for system access, requesting an email and password for identification is standard practice. This does not require further explanation, as it is a clear and logical necessity for the service. However, if the form requests CPF (Brazilian ID number), which has no apparent purpose for โlogin,โ an explanation must be provided about why the CPF is needed in that context.
Improved Form Design
In Figure 4, an example of necessary changes to a form is provided. While the graphic design of the wireframe is not the focus here (๐), the example highlights some key improvements:
Purpose Transparency:
The form clearly explains why certain personal data is being collected, especially for fields that might not seem essential to the service.Optional Data Fields:
It allows optional data collection, with transparency about the consequencesโfor instance, a note that the user will not receive a customized service if certain optional fields are left blank.Clarity for Sensitive Data:
The form explains why age data is necessary, such as verifying that the service is only intended for adults. In this case, collecting the exact date of birth would only be necessary if the service plans to send birthday messages or gifts, which should be clearly stated.
The Principle of Necessity
An important principle applied in this example is the principle of necessity, as stated in Article 6, Clause III of the LGPD:
"Limiting data processing to the minimum necessary to achieve its purposes, ensuring the data is relevant, proportional, and not excessive in relation to the intended purpose."
Users expect interfaces to collect only the minimum personal data required for the service. Excessive data collection for future marketing campaigns, segmentation, or sharing with third parties is no longer permissible (nor was it truly "permitted" before). This represents a colossal shift for websites and systems that historically relied on collecting as much data as possible โjust in case.โ (LGPD, Article 7, Clause X, ยง5).
Five Steps for Data Collection Compliance
When designing forms, regulatory analysis reveals the need to follow at least five essential steps to ensure compliant data collection. These steps, outlined in Table 3, guide organizations in aligning their forms with LGPD principles while respecting user rights and expectations.
This approach fosters trust, transparency, and adherence to legal requirements, creating a better balance between user experience and data privacy.
Just-in-Time Data Collection: A Practical Recommendation
One of the key recommendations Claire Barrett highlights in her article [8] is to focus on "just-in-time" data collection. This approach involves explaining why specific data is needed, as well as how it will and will not be usedโbut only when the application or website actually requires it.
This method ensures that users are not overwhelmed with information at unnecessary moments and aligns with best practices for data transparency and user experience. For example, as shown in Figure 5, a user might encounter a clear and concise explanation about why their personal data is being requested at the precise moment it becomes relevant.
Why Just-in-Time Collection Matters
Enhances User Trust:
By providing contextual information only when needed, users are more likely to understand and trust the process. Transparency fosters confidence, particularly when data is collected for legitimate and specific purposes.Reduces Cognitive Overload:
Presenting too much information upfront can confuse or overwhelm users. Just-in-time explanations simplify the interaction and make it more intuitive.Aligns with Privacy Laws:
The approach complies with regulations like the LGPD and GDPR, which emphasize purpose limitation, transparency, and data minimization.Improves User Experience (UX):
Users are more likely to provide their data willingly when they understand its purpose and value at the moment it is requested.
Practical Example:
Imagine an e-commerce website asking for a user's phone number during the checkout process. Instead of collecting this data in the initial registration, a just-in-time approach would explain:
"We need your phone number to send shipping updates. Your number will not be shared or used for marketing purposes without your consent."
This kind of transparency not only ensures compliance with legal requirements but also builds a relationship of trust with the user, ultimately benefiting both parties. Just-in-time data collection is a simple yet powerful way to make data practices more user-centric.
Many Android and iOS apps demand access to location (GPS), photos, and even the camera during installationโrequests that most users are unlikely to consent to willingly or without question. A more effective way to gain permission is by employing the "just-in-time" data collection strategy, which involves explaining the necessity of data at the moment of collection. This allows users to provide consent only when they fully understand the purpose of the request.
For instance, instead of requesting access to GPS during installation, an app could prompt users at the exact moment the location feature is required, such as while finding nearby restaurants or calculating delivery times. This approach fosters trust, improves user experience, and ensures compliance with regulations like LGPD and GDPR.
Privacy Policies: Transparency or Overload?
Privacy policies are a critical component of implementing privacy programs based on "privacy by design" principles. These documents aim to provide visibility and transparency about how personal data is processed by a website, service, or company.
However, a study by TechCrunch in its publication, "Examination Of Privacy Policies Shows A Few Troubling Trends," highlights a significant issue: the average length of privacy policies and terms of use on websites is second only to the U.S. Constitution. This explains why most users do not read them. As a result, the act of accepting terms and conditions often becomes a meaningless click, offering no real value to the user or the company.
Why Privacy Policies Fail
Complexity and Length:
Excessively long and complex policies discourage users from engaging with them, reducing transparency instead of promoting it.Lack of Relevance:
Users are rarely presented with specific and relevant sections of a policy. Instead, theyโre expected to read an entire document, often filled with legal jargon.
A Path Forward
Combining just-in-time consent with concise, purpose-driven sections of a privacy policy can improve both transparency and user trust. For example:
During GPS data collection, the app could display a short excerpt explaining why the location is needed and referencing the relevant section of the privacy policy.
Privacy policies could be redesigned into modular formats, allowing users to access specific information when needed rather than sifting through an exhaustive document.
By making privacy policies more digestible and aligning them with contextual consent strategies, companies can better comply with regulations while fostering a positive and transparent relationship with their users. In the end, less is moreโshorter, clearer, and more accessible policies serve everyone better.
The Problem with โI Acceptโ: Simplifying Legal Documents with Legal Design
A study conducted by Stanford University [9] revealed that 97% of users, when confronted with lengthy and complex contracts or documents, click "I accept" without reading. This means that the vast majority of users are entirely unaware of the terms, conditions, and data processing policies to which they are agreeing.
This poses a significant issueโnot only for users but also for companies. While simplifying language is important, privacy policies and terms of use remain legal and governance documents, which require careful drafting to avoid causing more harm than good to the company. Poorly designed policies can lead to misunderstandings, distrust, or even legal repercussions.
Legal Design: A User-Friendly Approach
To make policies more accessible and user-friendly, companies can adopt the concept of โLegal Designโ, which essentially applies design thinking to legal frameworks. According to Professor Hagan of Stanford University, legal design is:
"The way we evaluate and create legal business documents to be simple, functional, attractive, and user-friendly."
Legal Design prioritizes usability without compromising legal accuracy. This approach allows companies to communicate complex legal terms in a way that users can understand while maintaining compliance and legal security.
Example of Legal Design in Action
One notable example is the portal Juro [11], which presents its terms of use in a visually engaging and easy-to-read format without sacrificing legal robustness. As shown in Figure 7, the document incorporates:
Clear headings and subheadings to help users navigate the content.
Icons and visuals that explain concepts at a glance.
Simplified language to ensure comprehension for a non-legal audience.
Interactive features that allow users to focus on specific sections relevant to their concerns.
The Path Forward
Adopting Legal Design principles is a win-win for both companies and users. For users, it enhances trust and transparency by making policies comprehensible and accessible. For companies, it ensures that legal documents fulfill their intended purposeโcommunicating obligations and rights clearlyโwhile minimizing the risk of disputes arising from misunderstandings.
In the digital era, where privacy is increasingly scrutinized, Legal Design represents a vital step toward bridging the gap between legal complexity and user experience. By prioritizing clarity, functionality, and usability, companies can turn daunting privacy policies into tools for building trust.
The Problem with Consent: "I Accept" and Its Challenges
According to the article โReading Online Privacy Policies Could Cost $365 Billion a Yearโ by Alecia McDonald and Lorrie Faith Cranor from Carnegie Mellon University, the average person would need 244 hours per year (about 40 minutes a day) to read all the privacy policies of the websites they use.
As the authors note:
"Some companies believe their users should read the privacy policies, and if they donโt, it shows a lack of concern for privacy. Instead, we argue that websites need to do a better job of communicating their practices effectively, including reducing the time required to read policies. If companies canโt achieve this, regulations may be needed to ensure basic privacy protections."
This perspective aligns with the GDPR and LGPD, which emphasize transparency and informed consent. Consent, as defined in the LGPD (Art. 5, Clause XII), must be a free, informed, and unambiguous manifestation of the data subjectโs agreement to the processing of their personal data for a specific purpose. This transparency is critical, as noted by Doneda:
"The effects of consent are not always clear to the user, making its requirement for personal data processing an ineffective procedure."
Opt-In vs. Opt-Out Models of Consent
Consent can be provided through two primary models:
Opt-In: Requires active user participation to agree to data processing.
Opt-Out: Automatically assumes consent unless the user actively withdraws it.
The opt-in model is generally preferred, as it ensures explicit and informed consent, offering greater legal validity for data processing activities (Mendes, 2014). Importantly, users must also retain full control over their data, including the ability to review, alter, and delete their information at any time.
A notable example of non-compliance occurred in 2019 when ClickQuickNow, a Polish company, was fined โฌ47,000 for failing to provide proper means for users to withdraw consent on its website.
Privacy by Design: Proactive Data Protection
Privacy by Design (PbD) is a proactive approach that ensures user privacy throughout the lifecycle of an application, service, or business process. This principle emphasizes:
Default Privacy Settings: Products must launch with the most secure privacy configurations by default, ensuring minimal data collection.
User Control: Users should have the flexibility to adjust settings, provide data selectively, and still access the product or service.
Data Minimization: Only collect the data necessary for a specific purpose, avoiding excessive collection for potential future use.
For example, websites must disable cookies by default unless users explicitly activate them. Similarly, all personal data provided by the user should only be retained for as long as necessary to deliver the product or service.
Cookie Management: The Banner Approach
Cookies are small files stored on a userโs device to allow websites to recognize returning visitors. Introduced in 1994 by Lou Montulli, cookies are now integral to the internet but also present privacy concerns.
According to the ePrivacy Directive, cookies used for marketing, analytics, or user profiling require explicit user consent. This consent should be managed via a cookie banner, which provides:
Transparency: Explains the purpose of each cookie.
Control: Allows users to accept, decline, or revoke permissions easily.
Clarity: Differentiates necessary cookies (e.g., session cookies) from those used for targeted advertising.
For companies processing cookies beyond essential functions, a cookie banner, as shown in Figures 8 and 9, is not just a best practice but a legal requirement. These banners enhance user trust and ensure compliance with regulations such as GDPR, LGPD, and ePrivacy.
Final Thoughts
The evolution of privacy frameworks like GDPR, LGPD, and ePrivacy reflects a growing emphasis on user control and transparency in data practices. Whether through just-in-time consent, privacy by design, or effective cookie management, businesses must proactively align their operations with these principlesโnot only to comply with the law but also to foster trust and loyalty in an increasingly privacy-conscious digital world.
If you like this privacy series, let me know :)
Andrade, D. C. M., & Amado, M. G. S. (2019). The lack of personal data protection in the cybernetic field and the Brazilian legislative limbo. Revista do Mestrado em Direito da Universidade Catรณlica de Brasรญlia: Escola de Direito, Brasรญlia.
Assembleia Geral da ONU. (1948, December 10). Universal Declaration of Human Rights. Paris: United Nations General Assembly. Retrieved from https://www.un.org/en/about-us/universal-declaration-of-human-rights
Beyleveld, D., & Brownsword, R. (2007). Consent in the law: Legal theory today. Portland: Hart Publishing.
Botha, J., Glober, M. M., Hahn, J., & Eloff, M. M. (2017). A high-level comparison between the South African Protection of Personal Information Act and international data protection laws. Proceedings of the 12th International Conference on Cyber Warfare and Security (ICCWS), Dayton.
Brasil. (2011, November 18). Lei nยบ 12.527, de 18 de novembro de 2011. Diรกrio Oficial da Uniรฃo. Retrieved from http://www.planalto.gov.br/ccivil_03/_ato2011-2014/2011/lei/l12527.htm
Brasil. (2016, May 11). Decreto nยบ 8.771, de 11 de maio de 2016. Diรกrio Oficial da Uniรฃo. Retrieved from http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2016/decreto/D8771.htm
Correia, P. M. A. R., & de Jesus, I. O. A. (2013). The place of the concept of privacy in an increasingly Orwellian society. Revista Direito, Estado e Sociedade, Rio de Janeiro.
Doneda, D. (2006). From privacy to personal data protection. Rio de Janeiro: Renovar.
Doneda, D. (2003). A code for personal data protection in Italy. Revista Trimestral de Direito Civil, Rio de Janeiro.
Duarte, J., & Barros, A. (2005). Methods and techniques of research in communication. Sรฃo Paulo: Editora Atlas S.A.
Mendes, L. S. (2014). Privacy, data protection, and consumer defense: General lines of a new fundamental right. Sรฃo Paulo: Saraiva.
Meyer, P. (1987). Ethics in journalism. Rio de Janeiro: Ed. Forense Universitรกria.
Nielsen, J. (2000). Designing web usability: The practice of simplicity. San Francisco: New Riders Publishing.
Nielsen, J., & Mack, R. L. (1994). Usability inspection methods. New York: John Wiley & Sons.
Nielsen, J., & Molich, R. (1990). Heuristic evaluation of user interfaces. Communications of the ACM. Retrieved from http://www.acm.org/dl
Norman, D. (2006). The design of everyday things. Rio de Janeiro: Rocco.
Rodotรก, S. (2008). Life in a surveillance society: Privacy today. Rio de Janeiro: Renovar. (Translated by D. Doneda & L. Doneda).