'

Privacy By Designer

Понравилась презентация – покажи это...





Слайд 0

Privacy by Designer www.keek.be PRACTICAL CONSIDERATIONS ON UX DESIGN FOR TRUST Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 1

“In God we trust all others bring data.” www.keek.be - William Edwards Deming Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 2

SHAPED BY MOBILE, SOCIAL MEDIA, DATA, SENSORS AND LOCATION-BASED SERVICES We all live in the Age of Context www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 3

RELEVANT GLANCEABLE PERSONAL are you engaging at the right moment? can you deliver value in milliseconds? do you approach people in the right manner? EXPERIENCES FOR THE ‘MOST PERSONAL DEVICE EVER’ ARE.. Users expect Personalistation & Personal www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 4

No other Apple device has ever been so connected to the wearer. It is important to be mindful of this connection. Apple Watch Human Interface Design Guidelines, 2015 www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 5

Machine-to-human relationships are now about human-to-human values H2H M2H UNDERSTANDING TRUST www.keek.be PERSONALISATION PRIVACY Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 6

CONCERN ABOUT PRIVACY JUMPED 5 POINTS BETWEEN 2014 AND 2015. The Privacy Challenge www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent 2nd Annual Poll on How Personal Technology is Changing our Lives January 2015, Microsoft @vintfalken


Слайд 7

91% of adults ‘agree’ or ‘strongly agree’ that consumers have lost control over how personal information is collected and used by companies. Pew Research Privacy Panel Survey, January 2014 PRIVACY CHALLENGE USER  POINT  OF  VIEW Loss of control www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 8

People are fearful of sharing their data largely because companies and government have not been good at clearly explaining how they use it. Data Dialog, Demos 2012 PRIVACY CHALLENGE USER  POINT  OF  VIEW Lack of Transparency www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 9

54% believe it would be “somewhat” or “very” difficult to find tools and strategies that would help them be more private online and in using their cell phones  13% unaware about search engines that do not keep track of a user’s search history 31% unaware email encryption programs such as PGP exist 31% unaware of privacy-enhancing browser plug-ins 39% unaware about anonymity software such as Tor Pew Research, 2015 PRIVACY CHALLENGE USER  POINT  OF  VIEW Lack of Knowledge (aka Privacy and PETs are ‘too difficult’) www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 10

Clearing cookies or browser history: 59% Refusing to provide information about themselves that wasn’t relevant to the transaction: 57% Set their browser to disable or turn off cookies: 34% Deleted or edited something they posted in the past: 29% Used a temporary username or email address: 25% Giving inaccurate or misleading information about themselves: 24% Decided not to use a website because they asked for their real name: 23% Used a public computer to browse anonymously: 12% Asked someone to remove something that was posted about themselves online: 11% ON THE BRIGHT SIDE LESS TECHNICAL WAYS OF OBTING OUT OF DATA COLLECTION Everyday privacy measures that do catch on www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 11

the Facebook paradox • 91% of adults feel consumers have lost control over how personal information is collected and used by companies. • 58% of the entire adult population (and 71% of internet users) is on Facebook. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 12

The truth is that collecting information about people allows you to make significantly better products and the more information you collect, the better products you can build . Dustin Curtis, “Privacy VS. User Experience” (2014) #FALSE – HOW DO YOU DEFINE A BETTER PRODUCT? CONTEXT? DATA QUALITY? Privacy VS. User Experience www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 13

BUSINESS VALUE GREAT UX personalisation PRIVACY CONSUMER VALUE BUSINESSES CAN DELIVER A GRAND USER EXPERIENCE AND TREMENDOUS VALUE ONLY IF THEY SAFEGUARD THEIR USERS’ PRIVACY AND SECURITY Privacy is a fundamental component of the product experience www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 14

useful desirable usable valuable accessible findable CREDIBILITY 2004 the information you present to users CREDIBILITY 2015 taking responsibility to keep personal data safe credible User Experience Honeycomb (Peter Morville) BEING CREDIBLE HAS ALWAYS BEEN IMPORTANT FOR A GOOD USER EXPERIENCE Being credible www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 15

A. We need to deliver great, personal experiences. B. We need to deliver trustworthy products. DELIVER BOTH PERSONALISATION AND TRUST We owe it to both our users and the people who hire us to actively think about privacy, and to implement privacy in the flows and designs we deliver. Privacy by designer www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 16

What is Privacy? LAWS AND SUCH Personal Data • The Universal Declaration of Human Rights (Art 12) • Europe: Directive 95/46/EC • Belgium: Privacy Act (1992, 1998 & KBs) • Telecommunication law • … PRIVACY IS BROAD www.keek.be PRIVACY IS A RIGHT European Privacy Watchdogs & Facebook … “If data is the new oil, privacy is the GDPR New EU legislation new green.” in the works PRIVACY IS NOT DEAD Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 17

Any information PERSONAL DATA IS ANY INFORMATION (RELATING TO)* AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON * OFTEN DEPENDS ON CONTEXT •  Object data vs personal data (eg license plate) •  Unique biometric data is always personal data (eg fingerpint, DNA) DATA SUBJECT PERSONAL DATA RELATES TO This is not limited to data regarding a an individual’s privacy, also relating to a person's professional or public life. Eg. name, a picture, a telephone number (professional number too), a code, a bank account number, an e-mail address, a fingerprint, … . www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 18

value of knowing cost of identifying IDENTIFIABILITY = WHEN VALUE > COST Identifiable evolves www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 19

AN IP ADDRESS ON ITSELF WILL UNDER THE GDPR NO LONGER BE ‘PERSONAL DATA’ BY DEFAULT (UNLESS YOU ARE AN ISP) IP address www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 20

Counter measures Not personal information when measures are taken which reasonably rule out identification of a person •  Anonymisation •  Key-coded data (clinical research) •  Data masking/obfuscation (for development) •  Granularity www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 21

Beware: location Special data which under the GDPR will require extra safety measures (as is data on children) avoid when possible coarse location geohashes www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 22

Stay clear: sensitive data Prohibited to collect, register or ask to disclose. (exceptions apply, but then additional safeguards are required) •  race •  political opinions •  religious or philosophical beliefs •  trade-union membership •  health •  sex life •  prosecutions or criminal or administrative convictions www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 23

What about republication? Photographs and personal information published online may only be re-used if given consent. •  different context •  different purpose => context & purpose apply to recycling as well (In case of scraping, copyright and database law are relevant too.) www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 24

Your responsibilities as Controller + BEFORE PROCESSING OF DATA: NOTIFICATION •  •  •  Ensure the quality of the data The data being processed have to be exact and, if necessary, kept up-todate Ensure the confidentiality of the data Responsibility to inform and make sure that the individuals working under his authority only have access to and make use of the data they need to perform their duties Ensure the protection of the data From unwanted internal or external curiosity, as well as from unauthorised processing operations. Security measures can be organizational (restriction of the number of individuals having access to the data, use of access codes, locking offices with computers and data files, etc.) and technical. (!) The more sensitive the data and the higher the risks for the data subject are, the more precautions have to be taken. (see ‘information security’ on privacycommission.be) •  www.keek.be Erasure of data Personal data must not be kept in a form allowing for identification of the data subjects any longer than necessary for the purpose aimed at. Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 25

In case of breach crisis communications (works for downtime communication too) CONSIDER A BREACH LIKELY – AND PREPARE ACCORDINGLY •  Do not play the victim •  Be accountable •  Take ownership •  Express regaret 1. What happened? (tell what you know at that time) 2. What is being done *NOW*? (investigate, take systems offline, ..) 3. How does this affect your customers? (both short- and long term) 4. What are you doing to minimize risk? What can your customers do? 5. How do people get more information or updates? (folluw up) 6. What are you doing prevent this from happening again? www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 26

Design for explicit OPT-IN & COOKIELAW IF YOU AGREE, PLEASE CHECK THIS BOX: NO EXPLICIT YES EXPLICIT By signing this contract, you agree we have the right to collect and pass on all your information. In case you do not want your bank to pass on your credit information to third partners and other divisions, please write ‘I do not agree’ on the contract and hand it over to the person behind the till. NOT EXPLICIT (hidden opt-out) www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 27

Design for informed NO SURPRISES www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 28

Design for choice CONSENT Design personalized experiences for when you have data. Today will be sunny Weather for Olen, Belgium where we know you live. Design good alternatives for not having the data. Check out the weather! Antwerpen In your designs and flows, take into account both having and not having the data. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 29

Privacy as a Trading Function? Customer Data: Designing for Transparancy and Trust – by Timothy Morey, Theodore Forbath, And Allison Schoop, May 2015 (Harvard Business Review) www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 30

Design for trust CLEAR & CONSISTENT, SO PEOPLE CAN TRUST YOU TO POINT OUT PRIVACY RELATED FEATURES & SETTINGS. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 31

The EU prosed icons: privacy-bydesign taken too literal (how’s that for creepiness factor?) www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 32

Design for because EXPLAIN YOUR MAGIC When users know of the existence of a certain algorithm, their satisfaction with the product increases over time , probably as they start to understand its workings better. Yet when they discovered an algorithm they were previously unaware of, users felt betrayed. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 33

Design for because EXPLAIN YOUR MAGIC When users know of the existence of a certain algorithm, their CASE SCENARIO WORSTsatisfaction with the product increases over time , “In probably as they start to be that whenever a software developer in Menlo Park the extreme case, it may understand its workings better. adjusts a parameter, someone somewhere wrongly starts to believe themselves Yet when they discovered an to be unloved. ” were previously algorithm they – Eslami et all. unaware of, users felt betrayed. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 34

Because allows people to correct you when you are wrong. Something we best figure out before algorithms get to act on our behalf. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 35

If we are going to allow algorithms and expert rules to steer our behaviour, we must know they understand that correctly. Allow for: -  Correction -  Reset Design for transparency Show people their data selfs www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 36

Reflect all data collected in functionality www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 37

Design for forming secure habits BURNER ACCOUNTS Kinja introduced these for anonymous commenting. They made private keys understandable through metaphor. “…if you lose the burner key initially issued we will not be able to retrieve this information for you or reset the account. Save your key.” www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 38

REWARD SECURE BEHAVIOUR Users that enable two-step security on their accounts will now receive a 10% discount off their monthly bill Mailchimp bill. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 39

Design to encourage privacy ACCESS DURATION People forget to ‘revoke’ things. Supply limited time access options: WeChat: location discoverable for 10 minutes (default) LinkedIn: access duration settings (weeks -> months -> years) www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 40

Design for an exit MAKE IT EASY TO LEAVE BUT CONVINCE THEM TO STAY Think about WHY people are leaving, and offer alternatives. “snooze” services less-email-option reset profile/account .. (and remember data portability!) www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 41

Do you want to know if your friends are (action/mood/..) ? Do you want your friends to know if you are (action/ mood/..) ? OK Don’t allow Design with peer-to-peer privacy in mind. Ask the right question: not do you want to see, but are you willing for others to see.. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 42

Build it so a user always has the option to tell you to go bugger off. STEP 1: ASK YOUR USER – PRIVACY DOES NOT BENEFIT FROM A “DO FIRST ASK FORGIVENESS LATER” STRATEGY When in doubt… www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 43

PERSONAL DATA Less is more: in quantity and detail, but also in time STEP 2: USE COMMON SENSE AND AS LITTLE DATA AS POSSIBLE When in doubt… www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 44

i! Belgian Privacy Commission www.privacycommission.be STEP 3: ASK THE EXPERTS Article 29 Working Party Opinions & recommendations When in doubt… www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 45

We influence what is acceptable. So let’s make good, proportional stuff. www.keek.be Privacy-by-designer: Practical Considerations on UX Design for Trust by Ann Wuyts at PHP.ghent @vintfalken


Слайд 46


×

HTML:





Ссылка: