BE TRANSPARENT

Give users the ability to make informed choices.

The first step in establishing and maintaining a trust-based relationship with your users is giving them the information they need to make informed decisions. Doing so not only helps prevent surprises that can lead to backlash, it can also build loyalty among your current users and help you recruit new ones.

CLEARLY EXPLAIN WHAT DATA YOU COLLECT AND HOW YOU USE IT.
Many privacy fiascos are triggered when users are unpleasantly surprised to learn how a service actually works and how their personal data has been or could be collected and used. You can help avoid surprises that will lead to user backlash by making your privacy practices accessible and easy to understand. Having short-form privacy policies for mobile, Frequently Asked Questions pages, and visual ways of communicating like videos and graphs can also help your users understand your privacy practices.
Case Study

Spotify was widely criticized for the difficult-to-decipher language in an update to its privacy policy released in mid-2015.

Spotify was widely criticized for the difficult-to-decipher language in an update to its privacy policy released in mid-2015. Many users were confused by the policy and believed that Spotify wanted to track users “like a jealous ex.” Spotify’s CEO issued a public apology and rewrote the policy to be clearer, but the public relations damage from the “ridiculous” policy was done.

Case Study

Search engine DuckDuckGo reaped the benefits of having clear and privacy-friendly policies written in understandable English.

Its privacy policy starts with a clear statement that “DuckDuckGo does not collect or share personal information,” followed by an explanation about why users “should care.” This policy has been highlighted by the press, helping the company experience a 600 percent increase in traffic in the wake of the 2013 NSA revelations.

Case Study

Lookout, a mobile privacy and security startup, attracted lots of positive attention for building a tool to help mobile apps produce short-form privacy policies.

Lookout, a mobile privacy and security startup, attracted lots of positive attention for building a tool to help mobile apps produce short-form privacy policies. The company decided to build and release the tool after receiving positive feedback for its own mobile-friendly policy. Lookout was lauded for taking “major steps to empower consumers” that “could change the game on mobile app transparency.”

CLEARLY EXPLAIN HOW INFORMATION IS SHARED WITH OTHERS.
Because many users are particularly concerned about how and whether their data is shared with third parties, making sure that your users understand your data-sharing practices is essential to earn their trust and avoid misunderstandings or backlash. Make it easy for users to understand who can view or access their information, how it can be used, and how your company ensures that it is not misused.
Case Study

Lenovo was lambasted in the press after security researchers revealed that the PC-maker was selling computers secretly preinstalled with “nefarious” adware that not only collected information about users’ online activity but also made encrypted web sessions vulnerable to attacks.

Lenovo was lambasted in the press after security researchers revealed that the PC-maker was selling computers secretly preinstalled with “nefarious” adware that not only collected information about users’ online activity but also made encrypted web sessions vulnerable to attacks. The adware, from a company called Superfish, posed a sufficiently serious threat that the Department of Homeland Security warned Lenovo customers to remove it immediately. Lenovo’s actions not only damaged its reputation, but also exposed it to a class action lawsuit for “compromising user security and privacy.”

80% of survey respondents wanted more regulations to prevent organizations from re-purposing personal data for third party use (2014).

FOLLOW YOUR PRIVACY POLICY.
Your privacy policy is a contract with your users. Failing to live up to your privacy promises may not only anger users but also result in fines and lawsuits. Make sure that your privacy policy is accurate and that everyone who has access to personal data understands and complies with it.
Case Study

Snapchat was punished by the FTC for misrepresenting its security and privacy practices, including its fundamental promise that photos and videos “disappear forever” after being viewed.

Snapchat was punished by the FTC for misrepresenting its security and privacy practices, including its fundamental promise that photos and videos “disappear forever” after being viewed. The FTC also accused Snapchat of collecting user geolocation data and data from user address books despite promising not do so in its privacy policy. As part of its settlement with the FTC, Snapchat was forced to agree to independent oversight of its privacy program for 20 years.

Case Study

RadioShack was widely condemned when it announced plans to sell tens of millions of customers’ data in bankruptcy proceedings even though it had promised not to sell or share any of that information in its privacy policy.

RadioShack was widely condemned when it announced plans to sell tens of millions of customers’ data in bankruptcy proceedings even though it had promised not to sell or share any of that information in its privacy policy. The sale was put on hold after the Texas and Tennessee Attorneys General filed suit and the FTC requested that RadioShack restrict the use of any data sold given the “potential deceptive nature of the transfer.” The press chimed in, calling the company’s behavior “obnoxious.” The company ultimately was forced to destroy most of the data at issue and require the purchaser to comply with Radio Shack’s prior privacy promises.

NOTIFY USERS ABOUT ANY CHANGES BEFORE THEY TAKE EFFECT.
It is more likely that users will embrace new or improved functionality or changes to your privacy practices if they are not surprised. Prominently disclosing meaningful changes in the way your product or service collects data, giving users the opportunity to provide input and express concerns, and obtaining opt-in consent can help prevent controversies for your company.
Case Study

In early 2011, online marketplace Etsy suffered a “social media DIY-saster” after making shoppers’ feedback posts, purchases, and, in some cases, real names publicly visible and searchable without adequately notifying users.

In early 2011, online marketplace Etsy suffered a “social media DIY-saster” after making shoppers’ feedback posts, purchases, and, in some cases, real names publicly visible and searchable without adequately notifying users. Because the company announced the change only on a forum rarely used by buyers, it was accused of refusing to take its users’ privacy concerns seriously, leading the incident to be described as “Etsy’s privacy Valdez.” The online marketplace has since changed its default privacy settings, apologized for its behavior, and acknowledged that it will have to “work hard to regain your trust.” For many users, however, this may have been the “last straw.”

It would take an average American up to 293 hours per year just to skim the privacy policy of every site she visited (2012).

Share This: