PARTNER WITH YOUR USERS

Put users in control and stand up for their rights.

Even if you plan to offer your product “for free” and generate revenue from advertising or other means, it is in your best interest to treat your users as partners: recognizing and respecting their expectations, giving them the tools to make their own decisions about their personal information, and standing up for them when they are unable to defend themselves. By doing so, you may not only avoid the consequences when users are unpleasantly surprised about how their data are used, you may find that users who trust you are more willing to pay for or engage with your service.

“[W]hen privacy information is made more salient and accessible, some consumers are willing to pay a premium to purchase from privacy protective websites." - Carnegie Mellon study on privacy practices (2011)

ALLOW USERS TO CONTROL HOW THEIR DATA ARE COLLECTED, USED, AND SHARED.

Although your service may require certain data to function properly, giving users the ability to choose how and whether any other information is collected, used, or shared can increase trust and even use of your service by providing users with the ability to choose the context in which they participate. You can increase user control by providing easy-to-use tools that allow users to understand and select their privacy preferences and by respecting “Do Not Track” browser settings and similar mechanisms that allow your users to communicate their wishes.

Case Study

Cambridge Apocalyptica: Facebook’s Platform-App Privacy Disaster

Facebook was thrown into full-blown crisis after reports that Cambridge Analytica, a shadowy voter-profiling company, used information from tens of millions of Facebook users’ profiles as part of its

Facebook was thrown into full-blown crisis after reports that Cambridge Analytica, a shadowy voter-profiling company, used information from tens of millions of Facebook users’ profiles as part of its work for the Trump campaign during the 2016 election. At issue was Facebook’s failure to give users control over their private data shared through a Facebook-platform app, a risk that the ACLU of Northern California has long called out as a serious privacy concern. Facebook’s stock immediately declined sharply on the news, state and federal law enforcement announced investigations, a Congressional inquiry sought every excruciating detail, and users clamored to #DeleteFacebook. When CEO Mark Zuckerberg emerged publicly with yet another promise to change, the damage—to users, the brand, and the bottom line—was already done. Facebook’s stock plummeted in the following quarter, losing more than 120 billion dollars in market value and suffering the biggest one-day loss in stock market history – as its “years of privacy controversies finally caught up with it.” After a four-year legal fight, Facebook was forced to pay $725 million to settle a data privacy class action stemming from the Cambridge Analytica crisis.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Case Study

Google Faces Record Fines for Bypassing Privacy Settings

In 2012, Google agreed to pay a record $22.5 million FTC fine and was hit with multiple lawsuits for violating its own statements and bypassing privacy settings on Apple’s Safari web browser.

In 2012, Google agreed to pay a record $22.5 million FTC fine and was hit with multiple lawsuits for violating its own statements and bypassing privacy settings on Apple’s Safari web browser. Although Google had told Safari users that they could use the browser’s privacy settings to prevent tracking, the company also deployed code that enabled its own software to bypass these settings. Critics noted that the incident “represents another PR blow” for Google and called for the company to “make a pro-privacy offering to restore your users’ trust.

93% of U.S. consumers believe companies should always ask for permission before using personal information, and 72% want the right to opt out of online tracking (2008).

ALLOW USERS TO REVIEW, CORRECT, AND EXPORT THEIR OWN DATA.
Allowing users to review and maintain their own records (with appropriate logging and oversight) and export their own data can give them a better understanding of the privacy consequences of their actions. Making it clear that users can modify or export their data and use it as they see fit may encourage users to feel more comfortable with your service and boost your company’s reputation in the process. In addition, users are often in the best position to fix mistakes in your data and thus increase its business and market value.

88% of U.S. consumers said they would prefer to determine how their data can be used. (2015)

Case Study

Google Praised for Letting Users Order Data “Takeout”

Google has been widely praised for allowing users to export data from Google services for their own purposes. The service, known as Google Takeout, provides users with a centralized place to export their data from over twenty supported services, including Gmail, Drive, YouTube, and Hangouts.

Google has been widely praised for allowing users to export data from Google services for their own purposes. The service, known as Google Takeout, provides users with a centralized place to export their data from over twenty supported services, including Gmail, Drive, YouTube, and Hangouts. Reporters noted how the export feature both “makes perfect sense from a business perspective” and was “a positive step that’ll be beneficial to [Google’s] users.”

ALLOW USERS TO DELETE CONTENT OR TERMINATE THEIR ACCOUNT.
Users may be more likely to share content on your site if they know they can change their mind and delete it later. And while you may hope that none of your users decides to leave your service, if a user wants to leave, she should be able to completely delete her record. Negative publicity from denying users the right to terminate their accounts may far outweigh any marginal benefit from retaining their information.
Case Study

Ashley Madison Angers Users When “Full Delete” Revealed to Be a Fantasy

The racy online service Ashley Madison received strong public criticism and was dragged into court after a breach revealed the service retained information about users who had paid the company an additional fee to delete their accounts.

The racy online service Ashley Madison received strong public criticism and was dragged into court after a breach revealed the service retained information about users who had paid the company an additional fee to delete their accounts. Even though Ashley Madison claimed that its $19 “Full Delete” service removed “all information relating to a user’s profile and communications activity,” a data breach later revealed that it retained a large amount of user information, including the user’s birthdate, GPS coordinates, gender, ethnicity, “turn-ons,” and more. As a result, Ashley Madison has been accused of misrepresenting the feature in multiple lawsuits and the media.

Share This: