Gone are the days when data privacy was considered an afterthought or a checklist for avoiding fines and scandals. We’re entering the age of Privacy UX, and solutions must be built with privacy in mind.
As regulators continue introducing new data privacy laws and the general public becomes increasingly concerned about the use of their personal data, organizations processing data are being held to higher standards and are expected to create user experiences with privacy in mind.
A 2021, U.S.-based survey conducted by consulting firm KPMG shows that, out of 2,000 participating adults and 250 business leaders:
- 64% consider that companies are not doing enough to protect consumer data
- 30% aren’t willing to share their personal data for any reason
- 40% don’t trust companies to use their personal data ethically
- 13% don’t trust their own employer to use their personal data ethically
We believe one of the answers to these alarming trends and this state of distrust is the rise of Privacy User Experience (Privacy UX). This article will take you through the essentials of Privacy UX: what it is, what it isn’t, what it means for you as a business, and how you can get started.
What is Privacy UX? (and what it isn't)
Privacy User Experience, or Privacy UX, is a concept of online experience delivery that puts privacy front and center for both organizations and the people they engage with online. Here’s how our CEO describes it in his own words:
"Businesses understand that people want privacy but struggle to prioritize privacy effectively.
This is what Privacy UX is all about: putting privacy front and center as part of the online experience at a time when data is absolutely everywhere. Creating privacy-first experiences is no longer a nice-to-have, but a prerogative for organizations around the world because people demand it, rightfully so.
Privacy UX enables organizations to be transparent about data collection and purposes, while providing a seamless experience to their customers.”
- Romain Gauthier, CEO at Didomi
Several factors make data privacy a challenge for everyone involved. From the multiplication of legal requirements to the increasing complexity of choices people are subjected to, all the way to the omnipresence of dark patterns and manipulative behavior (more on that later).
Faced with this complexity, many organizations do the bare minimum to comply with applicable laws and hope for the best. This increases their risk of being fined and, perhaps even worse, damaging their reputation and losing the trust of their customers.
But what is the alternative? Go so far into compliance that you create an atmosphere of fine print and red tape?
That's where Privacy UX comes in.
Privacy UX helps organizations turn today’s challenges into opportunities by making data privacy something desirable, easy to understand, and appreciated by users. By putting privacy at the very core of the user experience, organizations can benefit in a number of ways:
- Earning credibility and trust with their users
- Being transparent about data collection practices
- Providing a seamless experience that respects user choices throughout all of their interactions (marketing, advertising, purchase experience, CRM, etc.)
- Building rich, higher-quality datasets that continuously improve the user experience and generate repeat business and loyalty
Here's a checklist for you to keep, with some of what Privacy UX is, and what it isn't:
Let’s take a closer look at some of the most important concepts of Privacy UX.
The key concepts of Privacy UX
Privacy UX involves several different elements. While you might be familiar with most of these, remember that data privacy is constantly evolving. The following list serves as a bookmark for you to refer to in your Privacy UX journey.
Consent banners
Consent banners (also known as consent notices or privacy notices) are the most visible online element of data privacy today.
For those living in Europe, they have become a daily fixture of online life - sometimes leading to a phenomenon known as consent fatigue. For those in the United States and elsewhere, they are becoming increasingly common as new regulations are introduced.
While consent banners come in many shapes and forms, they all serve a similar purpose: to collect, store, and leverage user consent, in accordance with regulations such as the GDPR, a process made possible by a Consent Management Platform (CMP).
Going further: At Didomi, we've helped thousands of organizations manage consent over the past few years, and have compiled millions of data points to come up with a comprehensive picture of how banners influence consent collection in Europe.
Check out our whitepaper to learn more:
For many organizations, Privacy UX starts and finishes with consent banners. In reality, they represent only one aspect (albeit critical) of a comprehensive Privacy UX strategy.
Website governance
Beyond the consent banner, in every website lives an entire privacy ecosystem that can make or break the experience of online users. Being aware of what goes on on your website is critical to your Privacy UX strategy, in terms of experience but also to ensure compliance with applicable data privacy regulations.
In recent years, we've seen organizations get in trouble and debates take place around reducing one's vendor list. Monitoring tracker and vendor activity is complex and requires specialist knowledge that might be difficult to develop without help.
Some of the things that organizations must put in place (and that Didomi can help with) include:
- Automated vendor and tracker scanning;
- Compliance with industry standards such as the TCF V2.2;
- Easy-to-manage, ongoing assessment of website compliance;
- Expert assistance on how to improve the Privacy UX.
Data Subject Rights (DSR/DSAR) management
Now a standard inclusion in many data privacy regulations around the world, Data Subject Access Requests (DSARs) give people the ability to get in touch with organizations in order to access, delete, and rectify their data, as well as to opt in or out of the processing of their personal information.
For companies, these requests can be difficult to handle, but are necessary not only for compliance but also to provide a thorough Privacy UX, and reassure users that their rights are respected, and their choices heard.
To learn more, download our guide about Privacy Requests (DSAR):
Privacy policies
Generally speaking, most privacy policies are a good example of what poor privacy user experience looks like. Have you ever read a privacy policy in full? Unless you’re a professional lawyer (and even then), chances are the answer is no.
In a research from the New York Times, we learn that it would take hours for people even to read, let alone comprehend, most privacy policies out there. This has been recognized by important figures in the data privacy and business world, including the Chair of the Federal Trade Commission during the 2022 IAPP Global Privacy Summit:
"We need to reassess the frameworks we presently use to assess unlawful conduct. Specifically, I am concerned that present market realities may render the “notice and consent” paradigm outdated and insufficient. Many have noted the ways that this framework seems to fall short, given both the overwhelming nature of privacy policies—and the fact that they may very well be beside the point.
When faced with technologies that are increasingly critical for navigating modern life, users often lack a real set of alternatives and cannot reasonably forego using these tools.”
- Lina M. Khan, Chair of the Federal Trade Commission (FTC), 2022
Zero-party data management
The future of Privacy UX goes beyond consent and towards a greater level of granularity for people.
Organizations that decide to offer more choices to their users take a step in the right direction and will reap the rewards. These choices will help create tailor-made marketing campaigns that cater to individual tastes and preferences, building trust with the brand which, in turn, will turn into engagement and, eventually, revenue.
At Didomi, we are convinced that offering more choices and establishing trust will benefit everyone down the line, and have been investing in zero-party data management for that reason.
Dark and bright patterns
Finally, we can’t talk about Privacy UX without mentioning dark patterns. These deceitful design elements seek to manipulate users into making uninformed choices and have been central to the debates surrounding the border between straight compliance and offering a comprehensive user experience.
We have covered dark patterns extensively on our blog, both as a general concept and catering specifically to consent banners:
Their opposites are the so-called “bright patterns,” a concept coined by the French Data Protection Agency, the CNIL, in a recent study. These bright patterns exemplify the best data privacy practices that empower users to make the right choices.
Those are only some of the most common Privacy UX concepts and terms, but they will serve as a great starting point to explore the topic and engage in privacy conversations happening online.
What does Privacy UX mean for organizations?
The rise of Privacy UX has brought a paradigm shift in how organizations approach data privacy.
A common misconception is that the main source of pain caused by privacy is strictly external, caused by regulators and complex regulations. While it is no doubt true that the data privacy and compliance landscape is harder than ever to navigate, Estelle Hary, co-founder at Design Friction and designer at the CNIL, offered an alternative point of view during our webinar on Privacy UX:
"I wouldn’t say the law is the problem there because it is only saying that you have to be transparent and to give information, etc., and gives quite some freedom about how you can implement it. Most of the time, issues are linked to how complex the services and the systems underneath are.”
- Estelle Hary, co-founder at Design Friction and designer at the CNIL
In essence, the CNIL designer expresses a key notion of Privacy UX: the goal is to reshape the entire user experience at its core, and not simply to avoid hefty data privacy fines.
This is echoed by Luiza Jarovsky, a leading expert in data privacy who advocates for privacy by design and has extensively researched dark patterns in data collection.
In an article of her newsletter The Privacy Whisperer, she mentions “privacy culture,” and the difference between organizations that still treat data privacy as a checklist, and those that actively seek to create a nurturing, transparent privacy culture:
"For a trained eye, through the way a company structures its privacy communication and interactions, it is possible to see which companies let the legal department juggle privacy efforts/investments to the minimum possible to avoid fines and brand harm and which companies see privacy as part of their culture (and make additional efforts to spread it beyond the legal department).”
- Luiza Jarovsky, CEO at Implement Privacy and creator of The Privacy Whisperer (“Privacy UX and privacy culture,” The Privacy Whisperer, 2023)
As Privacy UX continues to gain relevance and online customers, and people grow increasingly wary of companies’ data privacy practices, privacy is fast becoming a business advantage, something we’ve been advocating for years, backed by data from leading research organizations such as McKinsey, Gartner, and more.
Now for the million-dollar question: how can you get started?
How can Didomi help you get started with Privacy UX
To help you get started with Privacy UX, Didomi has recently unveiled our new Global Privacy UX Solutions, an evolution in our offering to help organizations create and deliver the right Privacy UX to their audience.
Our solutions focus on 3 core use cases:
- Multi-regulation consent management: manage consent for privacy regulations around the world, streamlined across multiple user touchpoints.
- Privacy governance: monitor vendor and tracker activity across hundreds of websites, effortlessly and automatically staying compliant and reducing risk.
- User privacy journeys: reach out to customers beyond cookies, with the flexibility to compliantly manage user choices and requests at all stages of their journey.
These use cases are supercharged by 3 value-added capabilities:
- Integrations and connectors: reliable, tested integrations for sharing user choices and consented data across the tool stack
- Security and access management: gold-standard measures for secure Privacy UX delivery, including ISO-27001 certification and dedicated user permissions.
- Premium services: industry specialists in consent and privacy at your service, from Day One and throughout the entire customer journey.
This complete set of solutions will be instrumental in transforming your data privacy approach, helping you to create a comprehensive Privacy UX strategy that moves away from a pure compliance standpoint and takes a proactive, tailored approach that will delight your customers and site users.
To learn more about the Didomi Global Privacy UX Solutions and discuss your own Privacy UX challenges, schedule a moment with our team:
{{talk-to-an-expert}}
Frequently Asked Questions (FAQ)
What is Privacy UX?
Privacy User Experience (Privacy UX) is a concept focusing on delivering online experiences with privacy as a core element, ensuring transparency about data collection and providing a seamless experience for customers.
Why is Privacy UX important for organizations?
Privacy UX is crucial as it helps organizations earn users' trust and credibility by being transparent about data collection practices. It facilitates seamless interactions while respecting users' privacy choices, ultimately building higher-quality datasets that improve user experience and foster customer loyalty.
What elements are involved in Privacy UX?
Key elements of Privacy UX include consent banners, understanding of dark and bright patterns, management of consent fatigue, preference management, Data Subject Access Requests (DSARs) management, website governance, and creating user-friendly privacy policies.
How does Privacy UX benefit organizations?
By integrating privacy at the core of user experience, organizations can gain credibility and trust, be transparent about data collection, provide a seamless experience respecting user choices, and build rich datasets that enhance user experience and loyalty.
What are the challenges in implementing Privacy UX?
Challenges include complying with multiple legal requirements, avoiding dark patterns, managing the increasing complexity of user choices, and avoiding the minimum compliance mentality that may lead to fines and a damaged reputation.
How does Didomi support Privacy UX implementation?
Didomi unveiled Global Privacy UX Solutions to assist organizations in creating the right Privacy UX for their audiences. The solutions focus on multi-regulation consent management, privacy governance, and user privacy journeys, with integrations, security measures, and premium services to support the entire process.