Strata + Hadoop World, 2015
 Store copies of my digital assets and keep it
in sync across all end points and contexts
 Know where I am (and have been) on the
internet and in the real world. Understand
my mood and context to better align services
 Understand what I want and need and
proactively present it to me
4. BE ME
 Act on my behalf based on learned and
explicit rules
Meanwhile, at the Apple Watch
announcement, 19× Personal.

are you engaging at
the right moment?

can you deliver value
in milliseconds? 

do you approach people
in the right manner?
No other Apple device has ever been so
connected to the wearer. It is important
to be mindful of this connection .

Apple Watch Human Interface Design Guidelines, 2015
2nd Annual Poll on How Personal Technology is Changing our Lives - January 2015, Microsoft	

Concern about privacy jumped 5 points between 2014 and 2015.
91% of adults ‘agree’
or ‘strongly agree’
that consumers have
lost control over how
personal information
is collected and used
by companies.

Pew Research Privacy Panel Survey,
January 2014
People are fearful of
sharing their data
largely because
companies and
government have not
been good at clearly
explaining how they
use it.

The Data Dialog, Demos 2012
In the future
your insurance
company will
know when you
are having sex.

Kashmir Hill, Fusion.net - 2015
38% of those who say not
concerned about privacy
online say they do mind
companies using information
about them

71% of those who are happy
to share personal
information with companies
and brands that they like are
concerned about how
information collected about
them is being used by

Personalisations vs Privacy, Ipsos MORI, 2014
91% of adults feel consumers
have lost control over how
personal information is collected
and used by companies.

58% of the entire adult
population (and 71% of internet
users) is on Facebook.
Having knowledge of the customer is the
only durable competitive advantage for

Bruce Kasanoff, the author of Smart Customers, Stupid Companies
Increased knowledge of the consumer and
the fine-tuning of offers that are perceived
as personal and highly relevant should lead
to an increase in spend. 

Gartner on the monetization of contextualization
insights in own behaviourcustomer insights
peer comparisonoptimising processes & products
personalisation (right message)
relevance (right person, right moment)
accountability (on ADDD)data driven decisions
magic moon
standard moon
no moon
value on the consumer side
should be equal or more
The truth is that collecting
information about people
allows you to make
significantly better products
and the more information 
you collect, the better 
products you can build . 

Dustin Curtis,
“Privacy VS. User Experience” (2014)

(or at least a very one-sighted truth)
Whether or not better products can be made by
collecting more user data is a matter of…

•  Context
•  Opinion
•  Causation/correlation
•  Data quality (accurate? relevant? complete?) 
•  Define: better product
Niveau 1
Niveau 2
Niveau 3
aggressive driver
waking up
city worker
arriving at home, work, the gym, ...
noisy environment*
in a meeting
in company*
couch potato
N2 moments
N3 profiles
N1 events
watching tv
suddenly stopped
UX &
have in
to do both
Privacy &
UX right
Personal data 
is any information
relating to an individual,
whether it relates to his or 
her private, professional
or public life.
(it is however, an essential requirement)
“Security is a very important topic, but it’s primarily a
technical topic, and to a large extent it’s a very well-
understood one. If you pay attention to security, it is possible
to get it right, whereas privacy is something that’s much more
fluid and is much more about social norms, expectations, 
implicit contracts between consumers and providers.”

Pilgrim Baert – co-founder of AlertMe
UX design has been
extended to address
all aspects of a
product or service as
perceived by its
users – that includes
the control they have
of their personal dta,
their privacy.

User Experience Honeycomb (Peter Morville)

the information you
present to users
taking responsibility to
keep personal data safe
We owe it to both our users and the people who hire us
to actively think about privacy, and to implement privacy 
in the flows and designs we deliver. 
We need to deliver 
trustworthy products.
We need to deliver 
great, personal experiences.
1. You need to fully understand the end goal
(by asking the right questions) 
 Why are we doing this? 
What do you want to achieve?
What is required to achieve this? 
What is the best way?
 Who is impacted by this?
What do they expect?
2. There are rules, guidelines, toolkits. 
(which continuously evolve)
•  Apple, Android, .. design guidelines
•  Interaction patterns
•  Best (and worst) practice examples
•  Models & frameworks
•  User research methods
•  Emerging trends
•  … 
TOOLKITS: omnigraffle, illustrator, fireworks,
pen & paper, …
•  Existing & upcoming EU Law (GDPR)
•  Local privacy act & royal decrees
•  Local telecommunications law
•  Privacy watchdog recommendations
•  ToS of the platform (iOS, Android)
•  Internal policies
•  … 
TOOLKITS: information classification, risk
assessments, privacy policies, PIA framework, …
2. There are rules, guidelines, toolkits. 
(which continuously evolve)
General Data Protection Regulation
any organization processing personal
data of EU residents



DPA & possibly consumer

Users/month threshold or location data

3. Less is More. 
(value & proportionality)


fewer data
 less detailed
shorter period in time
de-idenfity asap
Less is more, not just in quantity but also in identifiability & time
value of 
cost of


Why an IP an sich will no longer be personal data… 
(unless you are an ISP)
avoid when possible
coarse location
beware location
GDPR: this is ‘special data’ → extra safety measures
4. You can not do it alone. 
(it is multi-disciplinary and cross-departmental)

Privacy requires a clear mandate to get things done.
Everybody accepts it is
important – but not a single
department has it as a priority.
Have privacy as part as the
project plan and estimates as
soon as possible.
A continuous need to explain the
significance of privacy in the overall
product & company picture
Have privacy as a deliverable,
avoids the delays & soring costs of
adding it after the facts.
Privacy is not only a fundamental right,
it can also be a competitive advantage .

Neelie Kroes

Conform to EU legislation? 
Ready for the world market, then.
People can trust you with their digital
identities → sets you apart from competition
5. The devil is the details. 
(and the cost of mistakes is high)
•  up to 1,000,000 EUR fine or
up to 2% of the annual
worldwide turnover in case
of an enterprise, whichever
is greater (Draft GDPR, art 79)
•  customers leaving
•  customer complaints
•  customers leaving
UX Privacy
Most of these were
hacked (security), but
as soon as personal
data leaks: 

Privacy & trust
disaster too.
6. Practice Honest Communication. 
(from the start)
Consider a breach likely – and prepare
VISA’s ‘Responding to a Data Breach
– Communications Guidelines for Merchants‘ guidelines.

do not play the victim
 express regret
take ownership
be accountable
1. What happened? (tell what you know at that time)
crisis communications
(works for downtime communication too)
2. What is being done *NOW*? (investigate, take systems offline, ..)
3. How does this affect your customers? (both short- and long term)
4. What are you doing to minimize risk? What can your customers do?
5. How do people get more information or updates?
(folluw up) 6. What are you doing prevent this from happening again?
Privacy does not benefit from a “do
first, ask forgiveness later” strategy.

(avoid: “Hey, we just lost all this data of yours you did not we had in the first place.”)
which data you gather & what for
set correct expectations
informed explicit consent

(avoid: “Hey, we just lost all this data of yours you did not we had in the first place.”)
clear affirmative action
use plain language
1.  You need to fully understand the end goal – Ask the right questions
2.  There are rules, guidelines and toolkits – Rules & tools evolve. Fast.
3.  Less is more – Value & proportionality
4.  You can’t do it alone. – Multi-disciplinary and cross-departmental
5.  The devil is in the details – and the cost of mistakes high
6.  Honest communications – from the start
As designers, then what can we easily do
that improves both UX and privacy?
10 examples to get it right
1. Design for Explicit: Opt-In
By signing this contract, you
agree we have the right to collect
and pass on all your information.
In case you do not want your bank
to pass on your credit information
to third partners and other
divisions, please write ‘I do not
agree’ on the contract and hand it
over to the person behind the till.
(hidden opt-out)
2. Design for
Informed: No
3. Design for Choice: Consent
In your designs and flows, take into account both having
and not having the data. 
Design personalized experiences
for when you have data.
Design good alternatives for not
having the data.
Today will be sunny
Weather for Olen, Belgium where we
know you live.
Check out the weather!
Privacy as a trading function
In-App Usage
Browsing History
The more permissions are required, more added value is expected from the mobile app.
Clear & consistent, so
people can trust you to
point out privacy related
features & settings.
4. Design
for Trust
TrustUX: balancing personalisation and privacy to create understanding and trust (Strata+Hadoop World)
5. Design for Because..
Explain your magic.

When users know of the
existence of a certain
algorithm, their
satisfaction with the
product increases over
time , probably as they
start to understand its
workings better. Yet when
they discovered an
algorithm they were
previously unaware of,
users felt betrayed.
Worst case scenario

“In the extreme case, it
may be that whenever a
software developer in
Menlo Park adjusts a
parameter, someone
somewhere wrongly starts
to believe themselves to be
unloved. ” 

– Eslami et all.
Because... allows people to correct you when wrong.

Something we best figure out before algorithms get to act on
our behalf.
6. Design for Transparency
Show people their data

If we are going to allow
algorithms and expert
rules to steer our
behaviour, we must know
they understand that

Allow for: 
-  Correction
-  Reset
7. Design for forming secure habits
“Burner accounts”

Kinja introduced these for
anonymous commenting.
They made private keys
understandable through

“…if you lose the burner
key initially issued we will
not be able to retrieve this
information for you or reset
the account. Save your
Reward secure

Users that enable two-step
security on their accounts
will now receive a 10%
discount off their monthly
bill Mailchimp bill.
8. Design to encourage privacy
Access duration

People forget to ‘revoke’
things. Supply limited time
access options: 

-  WeChat: discoverable
for 10 minutes (default)
-  LinkedIn: access
duration settings
(weeks → months →
9. Design for an Exit
Offer Alternatives

Make it easy to leave, but
think about WHY people
are leaving, and offer

-  “snooze” services
-  less-email-option
-  reset profile/account
-  ..
10. Design with P2P privacy in mind
Do you want to know
if your friends are
(action/mood/..) ?

Do you want your friends
to know if you are
(action/mood/..) ?

Don’t allow
We influence what is acceptable.
Snowden Challenge at SXSW
Combine exceptional ux with privacy at INCEPTION, not
“ Combine exceptional UX with privacy at 
inception, not afterwards.”

Edward Snowden’s Challenge to Startups at SXSW
As the need for permanent access to data increases,
so does the need for ethics & morality.
Weak AI
(expert systems)
Strong AI
Machine Learning
Deep Learning
Recommender Systems
Transition period (Danger Zone)

Privacy is about more than data.
Privacy does not benefit
from a “do first, ask forgiveness later” strategy.
It’s their data. Not yours.
(Safeguarding it is a joint effort, though).

It is their choice. 
Design the best possible experience, regardless the choice.
ann wuyts
customer experience & UX
Strata + Hadoop World, 2015
Thank you.

