advertisement
advertisement

Apple gets it. Privacy has a user experience problem

Apple’s new app-data-tracking interface reveals an important problem: that understanding and managing data privacy is still not user friendly.

Apple gets it. Privacy has a user experience problem
In this still from the 2020 Apple Worldwide Developers Conference (WWDC) keynote video, Apple’s Erik Neuenschwander speaks at Apple Park in Cupertino, California. WWDC. [Photo: Apple Inc.]

Mixed into this week’s shiny news from Apple’s Worldwide Developers Conference is an important data privacy update—a new Apple feature that reveals to consumers what personal data their apps are tracking. Though the feature is limited because it is self-reported by app developers, Apple is right to design an interface that makes data tracking easy to understand.

advertisement
advertisement

The wider industry needs to keep pace with Apple’s push on privacy. Doing so starts with every business finally admitting two truths: First, the global business approach to data privacy is broken, and second, consumers deserve a universally better experience.

The outbreak of COVID-19 has thrust the issue of data privacy front and center. Stuck at home, people are moving more and more of their lives online, and most are unwilling to give up their rights to enhance their physical safety. Now, more than ever, businesses need to build trust on data privacy. Proof of heightened privacy concerns can be found as companies such as Zoom experience consumer backlash for their failures to live up to today’s privacy expectations. And users have been even more shocked to find that moving to a competitor doesn’t guarantee a better privacy experience. Even before the pandemic threw data privacy into the limelight, Alphabet’s Sidewalk Labs, Superhuman, Clearview AI, and Triplebyte all faced public criticism and consequences for violating consumer trust.

With user interest in data privacy reaching new heights, companies need to understand that privacy is not solely a legal, policy, or compliance issue. Today, it’s also a user experience problem.

The privacy bare minimum

There’s no doubt that data privacy regulations are important and accelerating around the world. In 2018, both California and Brazil signed data privacy bills into law. However, if companies are more concerned about regulation, compliance, and fines than about the user experiences of exercising data rights, they’re doing it wrong.

Why is it that business leaders are obsessed with Net Promoter Scores and user-centricity on everything from onboarding to payment, but not for something as fundamental as data privacy? The answer is that executives have been fed a false narrative. Most business management advice on data privacy presents limited options: Establish a manual process that is friction-heavy; invest in cumbersome compliance technology that helps meet the minimum standard of the law; or ignore the rules and risk penalties.

In many ways, “delete my data” has become the new customer refund.

These are all dangerous propositions for any company that aims to be user-centric. All of those choices ignore the type of experience that customers deserve when it comes to their data. In many ways, “delete my data” has become the new customer refund—a way for customers to express their displeasure at a company by taking back control over the data they’ve provided. Remember the #DeleteUber campaign? Angry at what was seen as an opportunistic move on Uber’s part, half a million users sought to delete their accounts. When they found they couldn’t delete their data along with the app, that frustration compounded their existing anger at the company. Beyond specific controversies, data rights are gaining steam as users look for companies that demonstrate respect for their data. And as we saw this week, big players such as Apple have recognized this and aligned both their product updates and their brand with privacy.

advertisement

A nightmare journey

The typical user journey for someone reclaiming or managing their data is a nightmare. The experience goes something like this: a user (who is aware of her data rights) searches for a company’s privacy policy online. She finds an email address on a website and writes in requesting data access. The company’s legal team receives the request, coordinates via email with the user to verify their identity, and then kicks off an internal data gathering process to execute the task. In a manual process, product, IT, customer support, marketing, and sales managers are tasked with manually logging into their respective tools, looking up the user, and either deleting or exporting data from each system. The whole process can take days to weeks, if it’s available to users at all.

This process is prone to user frustration, customer data breaches, and internal bottlenecks. It’s so arduous for companies to execute that many adopt the “strategy” of obscuring the process so users don’t make data privacy requests at all. It’s hard to imagine another scenario in today’s business world where this would be acceptable. What if whenever someone wanted to withdraw money from their bank, they had to email a generic handle found on a webpage to request their money, wait weeks while the bank verified their identity, and then wait for weeks more while managers scrapped around in bank vaults to manually piece together their savings? Somehow, on data privacy, we’ve gotten used to this as the status quo.

It was like data was flowing into companies on a 12-lane superhighway but flowing back out to users on a dirt road.

I realized how painful this process was as an undergrad after I decided to try to find my personal data online. I reached out to over 21 companies, including Google, Facebook, Twitter, Under Armour, Reddit, and Spotify. I sat on the phone with customer service teams and legal directors and even tried to scrape the data myself by building third-party apps on company platforms. Though the data represented my life story, it was impossible for me to read it. The asymmetry was staggering. It was like data was flowing into companies on a 12-lane superhighway but flowing back out to users on a dirt road.

Since then, as the CEO of the first-ever data privacy infrastructure technology company, I’ve studied the user experience of data privacy at over 120 companies. Most companies—more than 60% of those I’ve studied—are using the privacy flow outlined above, and it’s as common to see it at a startup as at a Fortune 100 company.

Putting users first

The future of data privacy is meeting customer needs on data access and deletion at the click of a button. That’s possible now through smart engineering solutions, but realizing that vision of the future also requires businesses to recognize, and prioritize, the fact that consumers want a better experience.

In the future, the companies that thrive will be those that recognize the strategic opportunity data privacy presents. It’s time to lean in on the vision that gives users instant control over their data. Put another way, it’s time to stop treating data privacy like a cumbersome workflow problem and instead embrace the opportunity of championing user data rights instead.

advertisement

So where to start? The first step is to take your own customer privacy challenge. See how your current data privacy process feels from the user’s perspective. Is your privacy policy a wall of legal language, or is it actionable? Does it make users feel overwhelmed, or empowered? Does the process involve ownership and transparency? Compliance is only a foundational start. The real question is: Does your process cultivate user trust? Trust and data are interlinked. And privacy laws at their core champion a powerful idea—make sure that users have control of what is theirs.


Ben Brook is the CEO of Transcend, the first-ever data privacy infrastructure technology company. Transcend is backed by Accel and Index Ventures.

advertisement
advertisement