Privacy user experience – or privacy UX - is a design methodology focused on developing digital products and experiences that prioritize and empower user privacy. Its objectives include:

• Educating consumers about how and why organizations collect consumers’ personal information (PI), and 
  
• Providing opt-in or opt-out consent mechanisms for consumers to choose what type of, and how much personal information to share with businesses to obtain their services.
  

Consumers may only be willing to share personal information if businesses are transparent about their data handling practices.

Most commercial businesses collect and process some form of personal data from consumers. In the financial services sector, much of the information collected about individuals is sensitive, including details about their financial health and spending habits. The collection and use of such data is regulated across the financial sector at the federal level.  

The recent emergence of state privacy laws has raised the bar for businesses of all types to regulate personal data elements that weren’t previously considered sensitive (such as the geolocation of consumers browsing the internet).  Starting with the California Privacy Rights Act, these new laws define rules for businesses to communicate to consumers about their rights and risks, and to provide consumers with options to opt-in or opt-out of personal data sharing.  In addition to meeting compliance mandates, businesses benefit from digital strategies that include privacy-aware design cues to build brand loyalty and consumer trust.  In this article, we intend to convey how focusing on privacy UX impacts key stakeholder groups, including: 

• Privacy and compliance officers
  
• Marketing teams
  
• Customers (or end-users)
  
  

Privacy and compliance officers

Privacy and compliance officers are accountable for tracking, communicating, and ensuring compliance with relevant regulatory requirements for data privacy and protection on behalf of the business.  These individuals lead the development of data policies and communicate those policies across the organization and to consumers. Privacy and compliance officers sponsor initiatives to implement procedures and controls to ensure their business complies with legal obligations and meets the expectations and preference decisions made by consumers. 

Privacy and compliance officers should be concerned with the following questions around privacy UX:

• Do consumers have a mechanism to opt out of the sale/sharing of personal information? (Such mechanisms include cookie banners, privacy notices, and directions in privacy notices on how to opt out through third parties.) 
  
• Does the company honor the choices made by the consumer in the provided mechanism? (For example, not collecting and sharing personal information with third parties through cookies when a consumer has opted out of cookies.)
• Do all consumers have easy access to a digestible privacy notice from the company? Is the notice regularly updated to reflect new regulatory requirements?
  
• Do the organization's processes align with what is communicated to the consumer?
  
  

Marketing teams

Marketing teams rely heavily on personal data from and about consumers. When customers voluntarily provide their personal information, marketers can increase user engagement via customized services and targeted ads. 

Businesses, however, should design marketing campaigns that adhere to increased regulatory scrutiny and consumer awareness of privacy issues. Consented data allows marketers to unlock personalized campaigns driven by higher quality data points direct from consumers. For marketers, privacy UX should:

• Encourage consumers to provide consent for a variety of data uses through transparency, trusted practices, and a well-designed UX approach. For example, a business could ask for additional customer data in order to provide them with a personalized experience and also assure customers their data won’t be used for other purposes.
  
• Increase transparency and trust when it comes to expanded use of data.
  
• Reduce the risk associated with not meeting regulatory requirements. 
  

The marketing team asks the following questions around privacy UX:

• Is consent granted for a personalized experience for different geographies and lines of business? 
  
• Are users allowed to choose how much and what types of personal data to share? (For example, by opting in or out of several types of cookies).
  
• How can the firm maximize data collection to bring customized services while making sure that customer expectations and regulatory requirements are met?
  
  

Customers

Finally, customers (or end users) typically want more transparency – and more control—when it comes to how their data is collected and used. They want to know that a business collecting their personal information has plans in place to protect that data.  Over the past few years, users have shown more interest in data privacy. A March 2023 survey by Razorfish1, a digital advertising and marketing firm, shows that:

• Only one in four consumers believe their data is private.
  
• 64 percent of users say that collecting data without user permission would cause them to lose trust in a company. 
  

The survey results indicate that customers don’t trust businesses to properly handle their data in a private and secure manner. The survey results indicate the necessity for clear and transparent privacy UX practices so customers can be better informed and willing to share their data in exchange for a personalized experience. 

Another concern is how easy companies make it for end-users to give consent for data collection and how easy they make it to exercise data privacy rights. End-users have the following questions around privacy UX:

• Is the privacy notice easy to access and easy to read?
  
• Does the company use any dark patterns to deceive the consumer into sharing more information (i.e. hiding consent language in long, hard to read privacy notices, using deliberately misleading language in cookie banners so that users are unsure if they are opting in or opting out of, nonsymmetrical choices)?
  
• Is the organization transparent about how and why it collects, handles, shares, and protects personal information?
  
• Is the webpage easily accessible and are mechanisms for exercising privacy rights easy to find and use?
  
• Do the organization's processes/practices align with what is communicated to the consumer?
  
  

Conclusion

Capco has observed that when an organization’s marketing leaders partner with Privacy Officers to drive digital transformation initiatives, they are more likely to meet customer onboarding, retention, and satisfaction objectives and grow stronger customer relationships using privacy UX as a catalyst. This can be partially attributed to the privacy-aware design patterns which engender customer trust.  Companies must balance the business requirements of internal stakeholders with consumer expectations around digital experience to develop a privacy-aware digital transformation that meets the needs of all key stakeholders. 

Capco partners with financial services firms to design and build security and privacy solutions aligned to each firm’s unique business conditions and regulatory obligations.  Whether your organization needs tactical advice to overhaul your privacy UX practices, or a long-term strategy and technological implementation to manage data use and protection across the enterprise, Capco specializes in solving for business, data, and security imperatives across financial services domains.

References

¹https://www.razorfish.com/articles/perspectives/the-data-privacy-paradox/