Nathan Good and Nick Doty, If privacy is the answer, who are the users?

By privacylaw | Posted on

Nathan Good and Nick Doty, If privacy is the answer, who are the users?

PLSC 2013

Workshop draft abstract:

When designers create a product or design, they first seek to understand who will use the product and what their needs are.  Without this understanding, it is difficult for designers to use their tools effectively.  When designing with privacy in mind, designers face particularly challenging questions.  What are users’ privacy goals?  How can designers describe them?  How can they incorporate them in actual products or designs? And who are they designing the privacy protections for? Are they to address policy concerns, or are they to address latent consumer concerns?

Today we have many companies who have created products to address audiences privacy concerns, as well as a history of larger companies reacting to privacy concerns and implementing privacy and usability designs into their products.  Despite this, there is still a pressing concern that the additional privacy measures are inadequate for users and are doing little to address consumers concerns about privacy.

There is also a great deal of interest on the policy side about creating privacy safeguards for consumers, as well as companies and government agencies that are enacting new privacy standards. Protecting the backend of computer systems is one approach (data encryption, etc), while usability design has been cited as an area of increasing interest in protecting the “front end” of systems and facilitating choice and transparency for consumers. For usability designers, addressing the question of audience and goals gives them concrete steps to use to implement products, as well as help delineate what is outside of the scope of designers concerns and possibly addressed through policy and other means.  As a result, user goals and stated policy goals with respect to privacy are sometimes in conflict. Consequently, usability professionals in practice are confronted with a unique set of challenges when attempting to design with privacy in mind. Cookie management, for example, is an area that is difficult to design for, as there exists a wide gap in consumers basic understanding and concerns and the evolving policy demands for consumer control. This paper argues that a clearer understanding of audience would help delineate what is the role of the designer and what is the role of policy and backend protections.

This paper examines existing and evolving design practices and products that are designed to protect a user’s privacy as well as products that have privacy implications. This paper categorizes the use cases and privacy concerns, and attempts to derive a delineation of where design has succeed and can succeed, and where it struggles. Additionally, it examines the limits of use cases with respect to privacy, and suggests alternatives and new directions for policy makers and designers with respect to designing consumer facing solutions for privacy concerns.