UX Scotland - Privacy UX - June 2023.pdf
hello758250
42 views
63 slides
May 14, 2024
Slide 1 of 63
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
About This Presentation
In the last few years, the topic of personal data privacy has been gathering more attention in both, private and professional circles. This largely stems from the growing awareness of data protection laws, big data scandals (such as Cambridge Analytica) and lawsuits against companies who failed to f...
Slide Content
Privacy UX
UX Scotland | June 2023
Privacy as human and user experience
Gintare Venzlauskaite
[email protected]
UX Scotland | June 2023
Privacy as human and user experience
Gintare Venzlauskaite
[email protected]
2
A bit about me
►UX Consultant at User Vision
►Teacher in Higher Education
•Research methods
•Critical thinking skills
•History of the Soviet Union
►Social & Political science researcher
•Forced migration, diaspora
•Collective memory, cultural trauma
•Data brokers, anonymity, and digital privacy
►Privacy enthusiast (but not an expert!)
A bit about me
►UX Consultant at User Vision
►Teacher in Higher Education
•Research methods
•Critical thinking skills
•History of the Soviet Union
►Social & Political science researcher
•Forced migration, diaspora
•Collective memory, cultural trauma
•Data brokers, anonymity, and digital privacy
►Privacy enthusiast (but not an expert!)
3
What I am going to talk about
►Why privacy matters
►What are current concerns revolving around digital privacy
►How response to privacy concerns is evolving
►What design and UX has to do with digital privacy
►Principles of Privacy UX
►How to practice privacy personally and professionally
►What’s in the horizon for digital privacy
What I am going to talk about
►Why privacy matters
►What are current concerns revolving around digital privacy
►How response to privacy concerns is evolving
►What design and UX has to do with digital privacy
►Principles of Privacy UX
►How to practice privacy personally and professionally
►What’s in the horizon for digital privacy
4
What is privacy?
And why should we care?
What is privacy?
And why should we care?
5
Definitions
Privacy [prahy-vuh-see; British also priv-uh-see]
►Someone’s right to keep their personal matters and relationships secret (Cambridge dictionary).
►The right to be let alone, or freedom from interference or intrusion (IAPP).
Informational privacy
►The right to have some control over how your personal information is collected and used and under
what circumstances (IAPP; Law insider).
Right to privacy
►Privacy is among human rights enshrined in the Universal Declaration of Human Rights, the European
Convention of Human Rights, and the European Charter of Fundamental Rights (European Data
Protection Supervisor).
Definitions
Privacy [prahy-vuh-see; British also priv-uh-see]
►Someone’s right to keep their personal matters and relationships secret (Cambridge dictionary).
►The right to be let alone, or freedom from interference or intrusion (IAPP).
Informational privacy
►The right to have some control over how your personal information is collected and used and under
what circumstances (IAPP; Law insider).
Right to privacy
►Privacy is among human rights enshrined in the Universal Declaration of Human Rights, the European
Convention of Human Rights, and the European Charter of Fundamental Rights (European Data
Protection Supervisor).
6
Your relationship with digital privacy
Please scan this QR code to enter Mentimeter questionnaire
Your relationship with digital privacy
Please scan this QR code to enter Mentimeter questionnaire
7
Even when you think you’ve done it all, they still get you…
Sitcom ‘Frasier’
Even when you think you’ve done it all, they still get you…
Sitcom ‘Frasier’
8
Users as data generators
How much data do we generate?
►According to DOMO (2020), an average
internet user generates 1.7 MB of data per
second
How do we generate data?
►The data trail is accumulated by interactions
with digital technologies that we use, wear,
register for, check-in at, etc.
Users as data generators
How much data do we generate?
►According to DOMO (2020), an average
internet user generates 1.7 MB of data per
second
How do we generate data?
►The data trail is accumulated by interactions
with digital technologies that we use, wear,
register for, check-in at, etc.
9
Users as data generators
What happens to our data?
►Data can be harvested through tracking, scraping,
proxies; then mined and aggregated
►It benefits us – efficiency, convenience, discounts,
accuracy, scientific development
So what?
►It makes us data subjects whose information is collected
and used for profit
►This data is monetised by first parties and may be also sold
to third parties, e.g., to data brokers – companies who
then sell it on to other market actors
►It makes us vulnerable. The real-life short- and long-term
implications are difficult to anticipate, grasp, or control
Users as data generators
What happens to our data?
►Data can be harvested through tracking, scraping,
proxies; then mined and aggregated
►It benefits us – efficiency, convenience, discounts,
accuracy, scientific development
So what?
►It makes us data subjects whose information is collected
and used for profit
►This data is monetised by first parties and may be also sold
to third parties, e.g., to data brokers – companies who
then sell it on to other market actors
►It makes us vulnerable. The real-life short- and long-term
implications are difficult to anticipate, grasp, or control
10
Carissa Véliz on dangers of data economy
https://www.youtube.com/watch?v=luCXlPYrTP4
Carissa Véliz on dangers of data economy
https://www.youtube.com/watch?v=luCXlPYrTP4
11
Digital privacy as human experience
Real-life consequences of data economy
►Individual (e.g., abused vulnerabilities, prevention of opportunities, physical and digital harassment,
identity theft)
►Socio-political impact (e.g., targeted political advertising, social polarization)
►National security (e.g., cyber attacks, surveillance)
Digital privacy as human experience
Real-life consequences of data economy
►Individual (e.g., abused vulnerabilities, prevention of opportunities, physical and digital harassment,
identity theft)
►Socio-political impact (e.g., targeted political advertising, social polarization)
►National security (e.g., cyber attacks, surveillance)
12
Privacy concerns, awareness and regulations are on the rise
LegislationResearchProducts and Services
►GDPR
►UK Data Protection Act
►US state privacy laws
►71% of countries with some
kind of legislation around
data protection and/or
privacy
►Academic literature
►Journalism
►Guidelines and
advice for users
►Browsers
►Automatic opt-out engines
►Removal of data from
commercial and data broker
databases
►Tracker/cookie blockers
►Data breach alerts
►Product reviews
Privacy concerns, awareness and regulations are on the rise
LegislationResearchProducts and Services
►GDPR
►UK Data Protection Act
►US state privacy laws
►71% of countries with some
kind of legislation around
data protection and/or
privacy
►Academic literature
►Journalism
►Guidelines and
advice for users
►Browsers
►Automatic opt-out engines
►Removal of data from
commercial and data broker
databases
►Tracker/cookie blockers
►Data breach alerts
►Product reviews
13
►$275mil.
collecting
personal
information
from children
under 13
►$245mil.
deployment of
deceptive
design for
making
unintended
purchases
►€746 mil.
tracking
without
consent
►$30 mil.
Alexa/Ring
invasion of
privacy
Recent fines related to privacy violation
Sources: Termly; TechCrunch; US Federal Trade Commission
►€159 mil. not
giving users
easy way to
refuse cookies
on Google and
Youtube
►$50 mil. for
poorly
structured
privacy
consent
agreements
►$7.8 mil.
sharing users’
sensitive data
with outside
companies
►£12.7 mil.
illegally
processing
data of
children under
13 without
checking for
parental
consent
►€345mil. For
breaking EU
data law on
children’s
accounts
►€60 mil. not giving users
easy way to refuse
cookies on Facebook
►€225 mil. unclear privacy
policies and lack of
transparency
►€405 mil. mishandling
teenagers’ data on
Instagram
►€390 mil. forcing consent
►€265 for exposure to data
scraping
► € 1.2 bil. for unlawful
transfer of data of EU
citizens to the US
►$275mil.
collecting
personal
information
from children
under 13
►$245mil.
deployment of
deceptive
design for
making
unintended
purchases
►€746 mil.
tracking
without
consent
►$30 mil.
Alexa/Ring
invasion of
privacy
Recent fines related to privacy violation
Sources: Termly; TechCrunch; US Federal Trade Commission
►€159 mil. not
giving users
easy way to
refuse cookies
on Google and
Youtube
►$50 mil. for
poorly
structured
privacy
consent
agreements
►$7.8 mil.
sharing users’
sensitive data
with outside
companies
►£12.7 mil.
illegally
processing
data of
children under
13 without
checking for
parental
consent
►€345mil. For
breaking EU
data law on
children’s
accounts
►€60 mil. not giving users
easy way to refuse
cookies on Facebook
►€225 mil. unclear privacy
policies and lack of
transparency
►€405 mil. mishandling
teenagers’ data on
►€390 mil. forcing consent
►€265 for exposure to data
scraping
► € 1.2 bil. for unlawful
transfer of data of EU
citizens to the US
14
Data privacy concerns on popular TV
Last week tonight with John Oliver on Data brokers
Parks and Recreation on cookiesDocumentary exploring social media through the case of
Cambridge Analytica
The final season of TV series ‘Succession’
dropping a few references to data economy,
lack of people’s understanding of how it
works, and business overtures to bypass
governmental regulation
Black Mirror, season 6 (2023)
on implications of sneaky T&Cs
Data privacy concerns on popular TV
Last week tonight with John Oliver on Data brokers
Parks and Recreation on cookiesDocumentary exploring social media through the case of
Cambridge Analytica
The final season of TV series ‘Succession’
dropping a few references to data economy,
lack of people’s understanding of how it
works, and business overtures to bypass
governmental regulation
Black Mirror, season 6 (2023)
on implications of sneaky T&Cs
15
Question time
So, shouldn’t users know better?
What are your thoughts?
Question time
So, shouldn’t users know better?
What are your thoughts?
16
It is hard to know what you don’t know
The internet and technology has not been kind on
our privacy
►Tech companies are never explicit or specific of if and
how our personal and behavioural data will be used
►Companies update their privacy notices all the time
►Data economy prompts practices aimed at collecting
more data.
►Limitations of knowledge causes digital resignation
►Putting much of responsibility on individuals is unfair
(Daniel Solove)
It is hard to know what you don’t know
The internet and technology has not been kind on
our privacy
►Tech companies are never explicit or specific of if and
how our personal and behavioural data will be used
►Companies update their privacy notices all the time
►Data economy prompts practices aimed at collecting
more data.
►Limitations of knowledge causes digital resignation
►Putting much of responsibility on individuals is unfair
(Daniel Solove)
17
It is hard to know what you don’t know
Design is part of the problem
►Design contributes to maximising data collection
►Difficult language, lack of visibility, ambiguous choices, deceptive
patterns or lack of user-focused controls are all utilised and in turn
is part of the problem
UX design paradox
►The UX field prides itself in its human-centred philosophy and
commitment to serve user needs through an optimal experience
►If UX designers are involved in compromising privacy-related
design, that’s problematic
►Balancing between business needs and user needs in data-driven
world can lead well-meaning teams into the grey area of deceptive
design practices
It is hard to know what you don’t know
Design is part of the problem
►Design contributes to maximising data collection
►Difficult language, lack of visibility, ambiguous choices, deceptive
patterns or lack of user-focused controls are all utilised and in turn
is part of the problem
UX design paradox
►The UX field prides itself in its human-centred philosophy and
commitment to serve user needs through an optimal experience
►If UX designers are involved in compromising privacy-related
design, that’s problematic
►Balancing between business needs and user needs in data-driven
world can lead well-meaning teams into the grey area of deceptive
design practices
18
What is Privacy UX?
And how is it doing?
What is Privacy UX?
And how is it doing?
19
Question time
Do you ever take note of privacy-related
interfaces and designs?
Feel free to give examples.
What do think makes a design privacy-
unfriendly?
Feel free to give examples.
Question time
Do you ever take note of privacy-related
interfaces and designs?
Feel free to give examples.
What do think makes a design privacy-
unfriendly?
Feel free to give examples.
20
Privacy UX
Privacy UX generally refers to:
►Approach promoting privacy by design and default
►Practices bridging data privacy protection regulations and their
translation into user-friendly interfaces, journeys and content
►Application of UX principles in the user-facing versions of
products and services relevant to privacy by:
•being transparent
•tailoring explanations
•providing options
•enabling user to make meaningfully informed decisions about what
they share/provide/act upon
►Acknowledgement that privacy is an important element of user
experience (as broadly understood) and should not be exploited
by way of deceptive design practices
Privacy UX
Privacy UX generally refers to:
►Approach promoting privacy by design and default
►Practices bridging data privacy protection regulations and their
translation into user-friendly interfaces, journeys and content
►Application of UX principles in the user-facing versions of
products and services relevant to privacy by:
•being transparent
•tailoring explanations
•providing options
•enabling user to make meaningfully informed decisions about what
they share/provide/act upon
►Acknowledgement that privacy is an important element of user
experience (as broadly understood) and should not be exploited
by way of deceptive design practices
21
Deceptive patterns
Definition
►Deceptive patterns (also known as
“dark patterns”) are tricks used in
websites and apps that make you do
things that you didn't mean to, like
buying or signing up for something
(deceptive.design).
Deceptive patterns relevant to
privacy
►Preselection
►Forced action
►Privacy zuckering
►Confirm-shaming
►Hard to cancel
►Visual interference
►Decisional interference
►Hindering
Deceptive patterns
Definition
►Deceptive patterns (also known as
“dark patterns”) are tricks used in
websites and apps that make you do
things that you didn't mean to, like
buying or signing up for something
(deceptive.design).
Deceptive patterns relevant to
privacy
►Preselection
►Forced action
►Privacy zuckering
►Confirm-shaming
►Hard to cancel
►Visual interference
►Decisional interference
►Hindering
22
Deceptive patterns relevant to privacy
Preselection
Employing the defaults, options that
are already chosen for you.
Most often refers to preselected
boxes or steps this way manipulating
people’s awareness; if users don’t
notice it, their choice and autonomy is
undermined (Deceptive design)
Deceptive patterns relevant to privacy
Preselection
Employing the defaults, options that
are already chosen for you.
Most often refers to preselected
boxes or steps this way manipulating
people’s awareness; if users don’t
notice it, their choice and autonomy is
undermined (Deceptive design)
23
Deceptive patterns relevant to privacy
Forced action
A transactional pressure to choose an option that is
better for the provider in return for something that
user want
It can also come in form of a ”bundled consent”
whereby agreeing or providing something
mandatory, the user is also agreeing to something
else (Deceptive patterns).
Source: Luiza Jarovsky @Privacy Whisperer
Deceptive patterns relevant to privacy
Forced action
A transactional pressure to choose an option that is
better for the provider in return for something that
user want
It can also come in form of a ”bundled consent”
whereby agreeing or providing something
mandatory, the user is also agreeing to something
else (Deceptive patterns).
Source: Luiza Jarovsky @Privacy Whisperer
24
Deceptive patterns relevant to privacy
Privacy zuckering
Linked to forced action, this refers to tricking users
into sharing more personal information than
intended (e.g., photos, address, phone number,
contacts, preferences, date of birth)
Source: Uxcel
Deceptive patterns relevant to privacy
Privacy zuckering
Linked to forced action, this refers to tricking users
into sharing more personal information than
intended (e.g., photos, address, phone number,
contacts, preferences, date of birth)
Source: Uxcel
25
Deceptive patterns relevant to privacy
Confirm shaming
Influencing user’s decision making by
triggering uncomfortable emotions around
choice that would be more beneficial for
them (Deceptive patterns).
Source: The Mobiversal blog
Deceptive patterns relevant to privacy
Confirm shaming
Influencing user’s decision making by
triggering uncomfortable emotions around
choice that would be more beneficial for
them (Deceptive patterns).
Source: The Mobiversal blog
26
Deceptive patterns relevant to privacy
Hard to cancel or opt-out
(roach motel)
Typically, easy to subscribe or sign up with a
service but very difficult to cancel.
This can cause user resignation and leaving
them with staying with the service longer
than intended (Deceptive patterns).
Source: noyb.eu
Deceptive patterns relevant to privacy
Hard to cancel or opt-out
(roach motel)
Typically, easy to subscribe or sign up with a
service but very difficult to cancel.
This can cause user resignation and leaving
them with staying with the service longer
than intended (Deceptive patterns).
Source: noyb.eu
27
Deceptive patterns relevant to privacy
Visual interference
Purposefully hiding, disguising or obscuring
choices by way of lower contrast, smaller
text or general prominence of associated
design components (Deceptive patterns).
On cookie banners
►Introduced to provide users with the opportunity to give
consent on tracking and for companies to get their consent
►criticised for becoming a pain point, a barrier between site
visitors and the content they are interested in
►have bad reputation for deceptive design practices
►good example of user versus human experience dilemma
(quick acceptance removes the barrier but contributes to
long-term harm)
Deceptive patterns relevant to privacy
Visual interference
Purposefully hiding, disguising or obscuring
choices by way of lower contrast, smaller
text or general prominence of associated
design components (Deceptive patterns).
On cookie banners
►Introduced to provide users with the opportunity to give
consent on tracking and for companies to get their consent
►criticised for becoming a pain point, a barrier between site
visitors and the content they are interested in
►have bad reputation for deceptive design practices
►good example of user versus human experience dilemma
(quick acceptance removes the barrier but contributes to
long-term harm)
28
Deceptive patterns relevant to privacy
Decisional interference
Limited or absent choices or alternatives that
otherwise would be preferable to an individual
(Privacy Wiki).
Deceptive patterns relevant to privacy
Decisional interference
Limited or absent choices or alternatives that
otherwise would be preferable to an individual
(Privacy Wiki).
29
Deceptive patterns
Demo of 12 minutes of unchecking
legitimate interest boxes on a cookie
banner (I gave up and left the website)
Hindering
Delaying, hiding or making it difficult for the user to adopt
privacy-protective actions (difficult rejection, complex
settings, hiding opt-out, deletion, or revoking of consent,
privacy-negligent defaults).
Deceptive patterns
Demo of 12 minutes of unchecking
legitimate interest boxes on a cookie
banner (I gave up and left the website)
Hindering
Delaying, hiding or making it difficult for the user to adopt
privacy-protective actions (difficult rejection, complex
settings, hiding opt-out, deletion, or revoking of consent,
privacy-negligent defaults).
30
Deceptive patterns relevant to
privacy
Hindering is common in privacy settings
►There is rarely on place where you can control all
privacy-related settings
►While Meta now refreshed their privacy controls, it is
still challenging to navigate and manage them with
ease
Example of adjusting audience-based ad settings
on Facebook. It is possible to refuse to be shown
adds from particular advertisers, but I need to opt-
out one advertiser at a time instead of being able to
disallowing targeting from all.
Deceptive patterns relevant to
privacy
Hindering is common in privacy settings
►There is rarely on place where you can control all
privacy-related settings
►While Meta now refreshed their privacy controls, it is
still challenging to navigate and manage them with
ease
Example of adjusting audience-based ad settings
on Facebook. It is possible to refuse to be shown
adds from particular advertisers, but I need to opt-
out one advertiser at a time instead of being able to
disallowing targeting from all.
31
Similarly, imagine you
discovered that there is a
way of severing ties with
advertisers that share my
activity happening outside
Facebook with Facebook to
target-advertise me.
There is not ‘select all’ or
‘disconnect’ option.
Similarly, imagine you
discovered that there is a
way of severing ties with
advertisers that share my
activity happening outside
Facebook with Facebook to
target-advertise me.
There is not ‘select all’ or
‘disconnect’ option.
32
Compliant does not mean user- or human-friendly
The above examples show that laws and regulations are not
enough (at least not in their current form)
►Just because a company complies it does not mean that it will
do so with the best user’s interest at heart
►Your data and privacy protection legally depends on where
you live
►It is hard to check if company honours your choices
►For big companies, paying the penalty bill may be seen as
lesser price to pay than profits they get from commodifying
people’s data
The business are doing their
best to make money, which
means that loopholes are likely
to be exploited including in the
form of deceptive design.
— Harry Brignull
— Richie Koch, Proton blog
Compliant does not mean user- or human-friendly
The above examples show that laws and regulations are not
enough (at least not in their current form)
►Just because a company complies it does not mean that it will
do so with the best user’s interest at heart
►Your data and privacy protection legally depends on where
you live
►It is hard to check if company honours your choices
►For big companies, paying the penalty bill may be seen as
lesser price to pay than profits they get from commodifying
people’s data
The business are doing their
best to make money, which
means that loopholes are likely
to be exploited including in the
form of deceptive design.
— Harry Brignull
— Richie Koch, Proton blog
33
Examples of better cookie banners
Examples of better cookie banners
34
Question time
So, shouldn’t designers know better?
What do you think are the challenges of UX professionals when it
comes to creating with privacy in mind?
Have you ever received any training around data
privacy (either in education and/or your organisation)?
Feel free to give examples.
Question time
So, shouldn’t designers know better?
What do you think are the challenges of UX professionals when it
comes to creating with privacy in mind?
Have you ever received any training around data
privacy (either in education and/or your organisation)?
Feel free to give examples.
35
Challenges of practicing Privacy UX
What limits designers
►Lack of privacy-forward requirements and
direction from upper echelons of the
organisation/company
►Lack of voice in decision making
►Lack of awareness of the relevant regulations
►Lack of education and training
►Lack of collaboration with other privacy
stakeholders (lawyers, engineers)
►Lack of guidelines and standardized practices
►User-unfriendly legal documents
Challenges of practicing Privacy UX
What limits designers
►Lack of privacy-forward requirements and
direction from upper echelons of the
organisation/company
►Lack of voice in decision making
►Lack of awareness of the relevant regulations
►Lack of education and training
►Lack of collaboration with other privacy
stakeholders (lawyers, engineers)
►Lack of guidelines and standardized practices
►User-unfriendly legal documents
36
Your priva-Cs. How to practice privacy UX
ChoiceClarityControl
ConsciousnessCuriosityChampioning
Adopted from IAPP; Fairpatterns. ICO, Alexandra Schmidt’s book ‘Deliberate intervention […]’
Cautioning
ComplianceCollaboration
Contributing
Your priva-Cs. How to practice privacy UX
ChoiceClarityControl
ConsciousnessCuriosityChampioning
Adopted from IAPP; Fairpatterns. ICO, Alexandra Schmidt’s book ‘Deliberate intervention […]’
Cautioning
ComplianceCollaboration
Contributing
37
Your priva-Cs. How to practice privacy UX (in words)
On professional level:
►Be aware of data privacy regulations and your organisation’s policies
►Be curious about privacy-forward solutions, privacy-friendly businesses, guidelines, practices, tips, advice
►Be a champion in your personal and professional circles – if you know something, spread the word
►Caution the team when you anticipate a potentially harmful (or unlawful) design practice. Seek support or report malpractice to your
country’s watchdog.
►Contribute to development and sharing of good practice
►Seek collaboration with other teams (engineers, legal, etc.)
On practical level, when it comes to hands on work:
►It is important to provide users with choice and inform them they have a choice (e.g., to opt-out) in a meaningful way
►The options need to be presented in a balanced and fair manner (avoidant of framing one choice over other)
►Users should be able find, understand and control their privacy settings. These controls should be granular, and easy to manage.
►Being able to revoke consent or opt-ins should be ensured
►The privacy-related interfaces and content should be clearly formulated
►The websites/apps should inform the users about purposes and choices in clear fashion
►Transparency about how and why the data is collected, or what the value of the transaction is
►Test with users to make sure privacy-related interfaces and/or content is easy to find, follow, understand, and interact with.
Adopted from IAPP; Fairpatterns; ICO; Alexandra Schmidt’s book ‘Deliberate intervention […]’
Your priva-Cs. How to practice privacy UX (in words)
On professional level:
►Be aware of data privacy regulations and your organisation’s policies
►Be curious about privacy-forward solutions, privacy-friendly businesses, guidelines, practices, tips, advice
►Be a champion in your personal and professional circles – if you know something, spread the word
►Caution the team when you anticipate a potentially harmful (or unlawful) design practice. Seek support or report malpractice to your
country’s watchdog.
►Contribute to development and sharing of good practice
►Seek collaboration with other teams (engineers, legal, etc.)
On practical level, when it comes to hands on work:
►It is important to provide users with choice and inform them they have a choice (e.g., to opt-out) in a meaningful way
►The options need to be presented in a balanced and fair manner (avoidant of framing one choice over other)
►Users should be able find, understand and control their privacy settings. These controls should be granular, and easy to manage.
►Being able to revoke consent or opt-ins should be ensured
►The privacy-related interfaces and content should be clearly formulated
►The websites/apps should inform the users about purposes and choices in clear fashion
►Transparency about how and why the data is collected, or what the value of the transaction is
►Test with users to make sure privacy-related interfaces and/or content is easy to find, follow, understand, and interact with.
Adopted from IAPP; Fairpatterns; ICO; Alexandra Schmidt’s book ‘Deliberate intervention […]’
38
Personal, collective and professional responsibility
I am tired of people focusing too much on the consequences and saying ‘well, if I am not
sure I am going succeed, then I am just gonna not care’. That’s too complacent.
Sometimes we just have to do the right thing, whether we win or lose – it is the right thing
to do.
— Carissa Véliz
While policy evaluation is an existing, robust approach to assessing policy impact, designers and other
technologists outside of government who understand user experiences are, in fact, well-positioned to
opine on policies that make a difference. That’s partly because they are on the front line of harms that
emerge from new tech, able to perceive them quickly, and can examine them at their own speed.
— Alexandra Schmidt
Personal, collective and professional responsibility
I am tired of people focusing too much on the consequences and saying ‘well, if I am not
sure I am going succeed, then I am just gonna not care’. That’s too complacent.
Sometimes we just have to do the right thing, whether we win or lose – it is the right thing
to do.
— Carissa Véliz
While policy evaluation is an existing, robust approach to assessing policy impact, designers and other
technologists outside of government who understand user experiences are, in fact, well-positioned to
opine on policies that make a difference. That’s partly because they are on the front line of harms that
emerge from new tech, able to perceive them quickly, and can examine them at their own speed.
— Alexandra Schmidt
39
Where is privacy going?
Hopes and worries
Where is privacy going?
Hopes and worries
40
Question time
What is your knowledge about changes in data privacy
landscape?
Regulations? Tools? Projects? Approaches? Innovations?
Are you hopeful or doubtful?
Is privacy too hard to do?
Question time
What is your knowledge about changes in data privacy
landscape?
Regulations? Tools? Projects? Approaches? Innovations?
Are you hopeful or doubtful?
Is privacy too hard to do?
41
Developments in sight signal hope
Growing consumer awareness
►ICO survey in 2022 showed 90% of the respondents’
concern about organisations using their personal
information without their permission.
►KMPG in 2021 revealed that 86% of respondents
reported growing concerns about their data privacy.
►63%of consumers worldwide think companies aren't
honest about how they use their personal information,
and nearly48%have stopped purchasing from
companies because of privacy worries.(Tableau)
Developments in sight signal hope
Growing consumer awareness
►ICO survey in 2022 showed 90% of the respondents’
concern about organisations using their personal
information without their permission.
►KMPG in 2021 revealed that 86% of respondents
reported growing concerns about their data privacy.
►63%of consumers worldwide think companies aren't
honest about how they use their personal information,
and nearly48%have stopped purchasing from
companies because of privacy worries.(Tableau)
42
Developments in sight signal hope
Emerging laws and regulations
►Steady and continuous growth in global privacy laws –
by 10% every year.
•There are at least 157 countries with some kind of data
privacy law. That is 50% more than 10 years ago
•In the US, the number of state privacy laws is also
growing
•The further development of regulations on deceptive
patterns (India banned them in 2023)
►The EU’s AI Convention
(Source: IAPP)
Developments in sight signal hope
Emerging laws and regulations
►Steady and continuous growth in global privacy laws –
by 10% every year.
•There are at least 157 countries with some kind of data
privacy law. That is 50% more than 10 years ago
•In the US, the number of state privacy laws is also
growing
•The further development of regulations on deceptive
patterns (India banned them in 2023)
►The EU’s AI Convention
(Source: IAPP)
43
Developments in sight signal hope
Growing business awareness
►We see more pleads for commitment to privacy
►Privacy is increasingly seen as the next
component of ESG framework to gaining and
maintaining consumer trust and loyalty (Brian
Lesser)
►Companies witness an average return on
investment of1.8%from their privacy-related
expenditures, and92%acknowledge they have a
moral obligation to use consumer data honestly
and transparently (Cisco)
Businesses now understand that if
they want to keep the customers
they have and attract new
opportunities, they’re going to
have to sell privacy as part of what
they are offering
— Ann Cavoukian
Developments in sight signal hope
Growing business awareness
►We see more pleads for commitment to privacy
►Privacy is increasingly seen as the next
component of ESG framework to gaining and
maintaining consumer trust and loyalty (Brian
Lesser)
►Companies witness an average return on
investment of1.8%from their privacy-related
expenditures, and92%acknowledge they have a
moral obligation to use consumer data honestly
and transparently (Cisco)
Businesses now understand that if
they want to keep the customers
they have and attract new
opportunities, they’re going to
have to sell privacy as part of what
they are offering
— Ann Cavoukian
44
Developments in sight signal hope
Adoption of standards and initiatives for guidelines
►ISO adopted Privacy by design standard (ISO31700 in Feb
2023)
►Draft report with opinions and advice on cookie banners (EU)
►Good practice initiative for cookie banner consent
management (Germany)
►Privacy-enhancing design heuristics
►New rules for apps to boost consumer security and privacy
(UK)
►ICO and CMA joint position paper on harmful design in digital
markets and stakeholder workshop for design guidelines
Developments in sight signal hope
Adoption of standards and initiatives for guidelines
►ISO adopted Privacy by design standard (ISO31700 in Feb
2023)
►Draft report with opinions and advice on cookie banners (EU)
►Good practice initiative for cookie banner consent
management (Germany)
►Privacy-enhancing design heuristics
►New rules for apps to boost consumer security and privacy
(UK)
►ICO and CMA joint position paper on harmful design in digital
markets and stakeholder workshop for design guidelines
45
Developments in sight signal hope
Demand for privacy professionals
►Privacy engineering field is growing
►The effort to define the field as well as the role
and concepts for privacy by design
►More courses, programmes, literature focusing
on how to protect personal data in digital
environment
Developments in sight signal hope
Demand for privacy professionals
►Privacy engineering field is growing
►The effort to define the field as well as the role
and concepts for privacy by design
►More courses, programmes, literature focusing
on how to protect personal data in digital
environment
46
Developments in sight signal hope
Communities and services of
practice
►We see more initiatives, individuals, and
communities dedicated to advocating for
privacy
►More examples of privacy-by-design
services, off-the-shelf solutions, and
consulting firms providing fairer privacy
design advice, assessment, and products
Developments in sight signal hope
Communities and services of
practice
►We see more initiatives, individuals, and
communities dedicated to advocating for
privacy
►More examples of privacy-by-design
services, off-the-shelf solutions, and
consulting firms providing fairer privacy
design advice, assessment, and products
47
Developments in sight signal hope
Solutions and products for consumers
that:
►Opt-out consent to collect data and target
you for you
►Removes data from commercial databases
on your behalf
►Requests data brokers to delete your data
►Blocks trackers/cookies
►Let you know when your data has been
compromised
►Reviews products and websites for privacy
Examples of privacy-forward products
Developments in sight signal hope
Solutions and products for consumers
that:
►Opt-out consent to collect data and target
you for you
►Removes data from commercial databases
on your behalf
►Requests data brokers to delete your data
►Blocks trackers/cookies
►Let you know when your data has been
compromised
►Reviews products and websites for privacy
Examples of privacy-forward products
48
Developments in sight signal hope
Privacy technologies
►The number of privacy tech companies
increased by 777% since 2017. From 44 in
2017 to almost 370 in 2022 (IAPP)
►Growing trend of real-world application of
Privacy-enhancing technologies (synthetic
data, homomorphic encryption, federated
learning, data minimisation)
Developments in sight signal hope
Privacy technologies
►The number of privacy tech companies
increased by 777% since 2017. From 44 in
2017 to almost 370 in 2022 (IAPP)
►Growing trend of real-world application of
Privacy-enhancing technologies (synthetic
data, homomorphic encryption, federated
learning, data minimisation)
49
Developments in sight signal hope
Shift in approach to personal data
and privacy
►Belief that technology is not only part of the
problem but also part of the solution (Jaap
Henk-Hoepman)
►Ideas around your data working for you, not
against you (Prifina)
Developments in sight signal hope
Shift in approach to personal data
and privacy
►Belief that technology is not only part of the
problem but also part of the solution (Jaap
Henk-Hoepman)
►Ideas around your data working for you, not
against you (Prifina)
50
... But it is still an uphill battle
Surveillance goes on
►Every day, we keep feeding companies with our
data, and the tracking, profiling, and behavioural
data exploitation goes on
►We keep seeing (and fall victims for) unsavoury,
privacy-undermining practices and data breaches
►Companies say they embrace privacy but there is
also lot of privacy washing and privacy-branding
with continuous profiling of personal data by
organisations of all sizes
... But it is still an uphill battle
Surveillance goes on
►Every day, we keep feeding companies with our
data, and the tracking, profiling, and behavioural
data exploitation goes on
►We keep seeing (and fall victims for) unsavoury,
privacy-undermining practices and data breaches
►Companies say they embrace privacy but there is
also lot of privacy washing and privacy-branding
with continuous profiling of personal data by
organisations of all sizes
51
... But it is still an uphill battle
Limited control and scrutiny
►No global data privacy standards
►Gaps and flaws in existing laws
►The approach from regulators is largely reactive
rather than proactive
►Too much industry appeasement and reservations
about disrupting business models (Wolfie Christl)
►Limited resources in watching what companies are
doing
... But it is still an uphill battle
Limited control and scrutiny
►No global data privacy standards
►Gaps and flaws in existing laws
►The approach from regulators is largely reactive
rather than proactive
►Too much industry appeasement and reservations
about disrupting business models (Wolfie Christl)
►Limited resources in watching what companies are
doing
52
... But it is still an uphill battle
Pushback and/or manoeuvring from the big tech
... But it is still an uphill battle
Pushback and/or manoeuvring from the big tech
53
... But it is still an uphill battle
Regulation vs innovation
►View that regulation is slowing down and
curbing innovation
►Ground-breaking developments in
technology distracts from difficult debates
►Limited public knowledge about other
areas of privacy, e.g., cognitive, biometric
... But it is still an uphill battle
Regulation vs innovation
►View that regulation is slowing down and
curbing innovation
►Ground-breaking developments in
technology distracts from difficult debates
►Limited public knowledge about other
areas of privacy, e.g., cognitive, biometric
54
Final thoughts
Let’s conclude
Final thoughts
Let’s conclude
55
The key takeaways
Privacy…
►matters and it is a part of our human and
user experience
►has been undermined by the development
of digital technology
►is everyone’s business to care about and
advocate for
►is becoming important value and
component of business strategy
►should not be sacrificed for the sake of
aggressive innovation
►is a part of user experience, therefore
should be part of responsible UX design
Do the best you can until
you know better.
When you know better, do
better.
— Maya Angelou
The key takeaways
Privacy…
►matters and it is a part of our human and
user experience
►has been undermined by the development
of digital technology
►is everyone’s business to care about and
advocate for
►is becoming important value and
component of business strategy
►should not be sacrificed for the sake of
aggressive innovation
►is a part of user experience, therefore
should be part of responsible UX design
Do the best you can until
you know better.
When you know better, do
better.
— Maya Angelou
56
Any final thoughts or questions from you?
Any final thoughts or questions from you?
57
Before we part our ways, personal tips
Ask yourself:
►What information I am comfortable giving
(even the most basic information can be
sensitive, and not all information must be
accurate)
►How can I reduce exposure to my personal
data
►The usage of apps on your phone – are you
using everything?
►Does the website/app needs as much
information as it is asking?
►Does the website/app provide privacy controls
they are committed to by law? (e.g., consent,
right to be forgotten, right to delete or correct
personal information); should I report them to
local data privacy watchdog?
Beware of:
►Default settings - you maybe sharing more (and
publicly) than intended
►Deceptive design (aka dark patterns)
►Tracking
►Apps that require a login – if you don’t log out, they may
be running in the background and collecting your data
For families and parents/guardians:
►Be proactive of family privacy settings on your devices
►Check parental controls and privacy settings for
children (Parent Club has a great set of information and
resources about online safety)
►Pause before “sharenting”
►Look for privacy guides for parents
Before we part our ways, personal tips
Ask yourself:
►What information I am comfortable giving
(even the most basic information can be
sensitive, and not all information must be
accurate)
►How can I reduce exposure to my personal
data
►The usage of apps on your phone – are you
using everything?
►Does the website/app needs as much
information as it is asking?
►Does the website/app provide privacy controls
they are committed to by law? (e.g., consent,
right to be forgotten, right to delete or correct
personal information); should I report them to
local data privacy watchdog?
Beware of:
►Default settings - you maybe sharing more (and
publicly) than intended
►Deceptive design (aka dark patterns)
►Tracking
►Apps that require a login – if you don’t log out, they may
be running in the background and collecting your data
For families and parents/guardians:
►Be proactive of family privacy settings on your devices
►Check parental controls and privacy settings for
children (Parent Club has a great set of information and
resources about online safety)
►Pause before “sharenting”
►Look for privacy guides for parents
58
Who to follow?
Harry BrignullCarissa VélizMarie Potel-SavilleLuiza JarovskyMichelle Finneran Dennedy
Robert BatemanDaniel SoloveJeff JockischDebbie ReynoldsArianna Rossi
There are many people to follow, but here is a few (in no particular order)
Who to follow?
Harry BrignullCarissa VélizMarie Potel-SavilleLuiza JarovskyMichelle Finneran Dennedy
Robert BatemanDaniel SoloveJeff JockischDebbie ReynoldsArianna Rossi
There are many people to follow, but here is a few (in no particular order)
59
References
In case you need to get to the source:
►‘Building Trust Through Data Privacy and Protection’ (a video discussion), January, 2023:
https://event.webcasts.com/starthere.jsp?ei=1548275&tp_key=57b7e0432e
►‘Draft Report of the work undertaken by the Cookie Banner Taskforce’, European Data Protection Board, January, 2023:
https://edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf
►‘Exposing Big Tech, Privacy Threats & The Future of Artificial Intelligence’ (video discussion with Carissa Véliz), Through
Conversations Podcast, March 2024: https://www.youtube.com/watch?v=HHwGat02v3Q
►‘Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and
Unwanted Charges’, Federal Trade Commission,December 19, 2022: https://www.ftc.gov/news-events/news/press-
releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations
►‘Harmful design in digital markets: How Online Choice Architecture practices can undermine consumer choice and control over
personal information’ A joint position by the Information Commissioner’s Office and the Competition and Markets Authority:
https://www.drcf.org.uk/__data/assets/pdf_file/0024/266226/Harmful-Design-in-Digital-Markets-ICO-CMA-joint-position-paper.pdf
►‘How concerned are Europeans about their personal data online?’ (2020), European Union Agency for Fundamental Rights (FRA):
https://fra.europa.eu/en/news/2020/how-concerned-are-europeans-about-their-personal-data-online
►‘ISO set to adopt privacy-by-design standard’, IAPP: 13 January, 2023: https://iapp.org/news/a/iso-set-to-adopt-privacy-by-design-
standard/
►‘OIPC – Privacy by Design Resources’, IAPP: https://iapp.org/resources/article/oipc-privacy-by-design-resources/
►‘Privacy in Practice 2023’, ISACA (The Information Systems Audit and Control Association):
https://www.isaca.org/resources/reports/privacy-in-practice-2023-report
References
In case you need to get to the source:
►‘Building Trust Through Data Privacy and Protection’ (a video discussion), January, 2023:
https://event.webcasts.com/starthere.jsp?ei=1548275&tp_key=57b7e0432e
►‘Draft Report of the work undertaken by the Cookie Banner Taskforce’, European Data Protection Board, January, 2023:
https://edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf
►‘Exposing Big Tech, Privacy Threats & The Future of Artificial Intelligence’ (video discussion with Carissa Véliz), Through
Conversations Podcast, March 2024: https://www.youtube.com/watch?v=HHwGat02v3Q
►‘Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and
Unwanted Charges’, Federal Trade Commission,December 19, 2022: https://www.ftc.gov/news-events/news/press-
releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations
►‘Harmful design in digital markets: How Online Choice Architecture practices can undermine consumer choice and control over
personal information’ A joint position by the Information Commissioner’s Office and the Competition and Markets Authority:
https://www.drcf.org.uk/__data/assets/pdf_file/0024/266226/Harmful-Design-in-Digital-Markets-ICO-CMA-joint-position-paper.pdf
►‘How concerned are Europeans about their personal data online?’ (2020), European Union Agency for Fundamental Rights (FRA):
https://fra.europa.eu/en/news/2020/how-concerned-are-europeans-about-their-personal-data-online
►‘ISO set to adopt privacy-by-design standard’, IAPP: 13 January, 2023: https://iapp.org/news/a/iso-set-to-adopt-privacy-by-design-
standard/
►‘OIPC – Privacy by Design Resources’, IAPP: https://iapp.org/resources/article/oipc-privacy-by-design-resources/
►‘Privacy in Practice 2023’, ISACA (The Information Systems Audit and Control Association):
https://www.isaca.org/resources/reports/privacy-in-practice-2023-report
60
References (cont’d)
►‘Privacy-washing: What Is It And How To Stop It From Happening To Your Company’, California Lawyers Association:
https://calawyers.org/business-law/privacy-washing-what-is-it-and-how-to-stop-it-from-happening-to-your-company/
►‘The State of Data Privacy in 2023’ (video conference), Yes We Trust, 19 January, 2023: https://app.livestorm.co/didomi/the-state-of-
data-privacy-around-the-world-in-2023/live?s=ef20f40e-608d-49e2-bebf-820190c983bc
►‘Three years of GDRP: the biggest fines so far’, BBC News, 24 May, 2021: https://www.bbc.co.uk/news/technology-57011639
►Anant, V., Donchak, L., Kaplan, J., Soller, H. ‘The consumer-data opportunity and the privacy imperative’, McKinsey & Company, 27
April 2022: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-consumer-data-opportunity-and-the-
privacy-imperative
►Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M. and Turner, E. (2019) ‘Americans and Privacy: Concerned, Confused and
Feeling Lack of Control Over Their Personal Information’, Pew Research Center:
https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-
their-personal-information/
►Baines, J. ‘ICO warns of fines for companies who do not get cookie banners right’, in Mishcon de Reya, 15 June 2023:
https://www.mishcon.com/news/ico-warns-of-fines-for-companies-who-do-not-get-cookie-banners-right
►Beens, R. E. G. ‘The Role of Digital Privacy in Brand Trust’, Forbes, 8 January, 2021:
https://www.forbes.com/sites/forbestechcouncil/2021/01/08/the-role-of-digital-privacy-in-brand-trust/
►Brignull, H., ‘Dark Patterns overview’ (video), Vimeo: https://vimeo.com/776232138
►Brignull, H. (2023) ’Deceptive Patterns. Exposing the tricks tech companies use to control you’, Testimonium Ltd.
►Christl, W. (2022) Digital Profiling in The Online Gambling Industry. A report on marketing and risk surveillance by the UK gambling
firm Sky Betting and Gaming, TransUnion, Adobe Google, Facebook, Microsoft and other data companies:
https://cdn.sanity.io/files/btrsclf0/production/e23ea75fe93f775d9f9ed795427f4b5ed8d67016.pdf
►Deceptive Design: https://www.deceptive.design/
References (cont’d)
►‘Privacy-washing: What Is It And How To Stop It From Happening To Your Company’, California Lawyers Association:
https://calawyers.org/business-law/privacy-washing-what-is-it-and-how-to-stop-it-from-happening-to-your-company/
►‘The State of Data Privacy in 2023’ (video conference), Yes We Trust, 19 January, 2023: https://app.livestorm.co/didomi/the-state-of-
data-privacy-around-the-world-in-2023/live?s=ef20f40e-608d-49e2-bebf-820190c983bc
►‘Three years of GDRP: the biggest fines so far’, BBC News, 24 May, 2021: https://www.bbc.co.uk/news/technology-57011639
►Anant, V., Donchak, L., Kaplan, J., Soller, H. ‘The consumer-data opportunity and the privacy imperative’, McKinsey & Company, 27
April 2022: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-consumer-data-opportunity-and-the-
privacy-imperative
►Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M. and Turner, E. (2019) ‘Americans and Privacy: Concerned, Confused and
Feeling Lack of Control Over Their Personal Information’, Pew Research Center:
https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-
their-personal-information/
►Baines, J. ‘ICO warns of fines for companies who do not get cookie banners right’, in Mishcon de Reya, 15 June 2023:
https://www.mishcon.com/news/ico-warns-of-fines-for-companies-who-do-not-get-cookie-banners-right
►Beens, R. E. G. ‘The Role of Digital Privacy in Brand Trust’, Forbes, 8 January, 2021:
https://www.forbes.com/sites/forbestechcouncil/2021/01/08/the-role-of-digital-privacy-in-brand-trust/
►Brignull, H., ‘Dark Patterns overview’ (video), Vimeo: https://vimeo.com/776232138
►Brignull, H. (2023) ’Deceptive Patterns. Exposing the tricks tech companies use to control you’, Testimonium Ltd.
►Christl, W. (2022) Digital Profiling in The Online Gambling Industry. A report on marketing and risk surveillance by the UK gambling
firm Sky Betting and Gaming, TransUnion, Adobe Google, Facebook, Microsoft and other data companies:
https://cdn.sanity.io/files/btrsclf0/production/e23ea75fe93f775d9f9ed795427f4b5ed8d67016.pdf
►Deceptive Design: https://www.deceptive.design/
61
References (cont’d)
►Jarovsky, L. ‘Understand Privacy-Enhancing Design and How it Can Be a Game Changer for Data Protection’, Linkedin, 15 June, 2022:
https://www.linkedin.com/pulse/understand-privacy-enhancing-design-how-can-game-changer-
jarovsky/?trackingId=F5E466iUQsK29mvK3wXYGw%3D%3D
►FairPatterns by “amurabi: https://fairpatterns.com/
►Hoepman, J. H. Privacy is Hard and Seven Other Myths. Achieving Privacy Through Careful Design, The MIT Press, Cambridge
Massachusetts, London England.
►Ketch, J. J. ‘Data privacy truly matters to your customers. It’s time to make it a core business value’, Venture Beat, 31 August, 2022:
https://venturebeat.com/security/data-privacy-truly-matters-to-your-customers-its-time-to-make-it-a-core-business-value/
►Koch, R. ’Big tech has already made enough money to pay all its 2023 fines’, in Proton blog, 8 January 2024:
https://proton.me/blog/big-tech-2023-fines-vs-revenue
►Komnenic, M., ’51 Biggest GDPR Fines & Penalties So Far’, Termly, March 31 2022: https://termly.io/resources/articles/biggest-gdpr-
fines/
►Lance, W. (2021) ‘Data privacy is a growing concern for more consumers’, Tech Republic:
https://www.techrepublic.com/article/data-privacy-is-a-growing-concern-for-more-consumers/
►Lomas, N. ‘Facebook data-scraping breach triggers GDPR enforcement lawsuit in Ireland’, Tech Crunch, 10 January, 2023:
https://techcrunch.com/2023/01/10/digital-rights-ireland-gdpr-lawsuit-facebook-data-scraping-breach/
►Lupiáñez-Villanueva, F., Boluda, A., Bogliacino, F., Liva, G., Lechardoy, T. R., Ballell, H. (2022) ‘Behavioural study on unfair commercial
practices in the digital environment: dark patterns and manipulative personalisation. Final Report’, Directorate-General for Justice
and Consumers. EU Consumer-Programme: https://op.europa.eu/en/publication-detail/-/publication/606365bc-d58b-11ec-a95f-
01aa75ed71a1/language-en/format-PDF/source-257599418
►NelissenL., & Funk, M. (2022). Rationalizing dark patterns: Examining the process of designing privacy UX through speculative
enactments.International Journal of Design, 16(1), 77-94.https://doi.org/10.57698/v16i1.05
References (cont’d)
►Jarovsky, L. ‘Understand Privacy-Enhancing Design and How it Can Be a Game Changer for Data Protection’, Linkedin, 15 June, 2022:
https://www.linkedin.com/pulse/understand-privacy-enhancing-design-how-can-game-changer-
jarovsky/?trackingId=F5E466iUQsK29mvK3wXYGw%3D%3D
►FairPatterns by “amurabi: https://fairpatterns.com/
►Hoepman, J. H. Privacy is Hard and Seven Other Myths. Achieving Privacy Through Careful Design, The MIT Press, Cambridge
Massachusetts, London England.
►Ketch, J. J. ‘Data privacy truly matters to your customers. It’s time to make it a core business value’, Venture Beat, 31 August, 2022:
https://venturebeat.com/security/data-privacy-truly-matters-to-your-customers-its-time-to-make-it-a-core-business-value/
►Koch, R. ’Big tech has already made enough money to pay all its 2023 fines’, in Proton blog, 8 January 2024:
https://proton.me/blog/big-tech-2023-fines-vs-revenue
►Komnenic, M., ’51 Biggest GDPR Fines & Penalties So Far’, Termly, March 31 2022: https://termly.io/resources/articles/biggest-gdpr-
fines/
►Lance, W. (2021) ‘Data privacy is a growing concern for more consumers’, Tech Republic:
https://www.techrepublic.com/article/data-privacy-is-a-growing-concern-for-more-consumers/
►Lomas, N. ‘Facebook data-scraping breach triggers GDPR enforcement lawsuit in Ireland’, Tech Crunch, 10 January, 2023:
https://techcrunch.com/2023/01/10/digital-rights-ireland-gdpr-lawsuit-facebook-data-scraping-breach/
►Lupiáñez-Villanueva, F., Boluda, A., Bogliacino, F., Liva, G., Lechardoy, T. R., Ballell, H. (2022) ‘Behavioural study on unfair commercial
practices in the digital environment: dark patterns and manipulative personalisation. Final Report’, Directorate-General for Justice
and Consumers. EU Consumer-Programme: https://op.europa.eu/en/publication-detail/-/publication/606365bc-d58b-11ec-a95f-
01aa75ed71a1/language-en/format-PDF/source-257599418
►NelissenL., & Funk, M. (2022). Rationalizing dark patterns: Examining the process of designing privacy UX through speculative
enactments.International Journal of Design, 16(1), 77-94.https://doi.org/10.57698/v16i1.05
62
References (cont’d)
►Parent club – Online safety: https://www.parentclub.scot/topics/online-safety
►Prifina. The User-held Data Company: https://www.prifina.com/
►Solove, D. J. ‘The Limitations of Privacy Rights’ (2022). 98 Notre Dame Law Review:
https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2856&context=faculty_publications
►Schmidt, A. (2022) ‘Deliberate intervention. Using Policy and Design to Blunt the Harms of New Technology’, Two Waves Books.
►Véliz, C. ‘The Case for Ending Data Economy’, TEDx: https://www.youtube.com/watch?v=luCXlPYrTP4&t=1s
►Vigneshwaran ‘Ecommerce Ethics: Govt of India Bans 13 Dark Patterns on Ecommerce Platforms’, in Aufait UX, 26 December 2023:
https://www.aufaitux.com/blog/govt-bans-13-dark-patterns-on-ecommerce-platforms/
►Wodinsky, S. and Barr, K. ‘These Companies Know When You’re Pregnant – And They’re Not Keeping It Secret’, Gizmodo, 30 July
2022: https://gizmodo.com/data-brokers-selling-pregnancy-roe-v-wade-abortion-1849148426
►Wallbank, A. ‘2023 Prediction: What’s on the horizon for privacy and data’, SHOOSMITHS, 17 January, 2023:
https://www.shoosmiths.co.uk/insights/legal-updates/2023-predictions-whats-on-the-horizon-for-privacy-and-data
►Williams, S. ‘Study highlights consumer distrust due to dark patterns’, in ChannelLife, 15 December, 2023:
https://channellife.co.uk/story/study-highlights-consumer-distrust-due-to-dark-design-patterns
►Wolford, B. ‘The “Incognito Mode’ lawsuit is another legal blow to Google’s privacy-washing tactics’, in Proton blog, 30 October
2023: https://proton.me/blog/google-incognito-lawsuit
►The Privacy Whisperer: https://www.theprivacywhisperer.com/
References (cont’d)
►Parent club – Online safety: https://www.parentclub.scot/topics/online-safety
►Prifina. The User-held Data Company: https://www.prifina.com/
►Solove, D. J. ‘The Limitations of Privacy Rights’ (2022). 98 Notre Dame Law Review:
https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2856&context=faculty_publications
►Schmidt, A. (2022) ‘Deliberate intervention. Using Policy and Design to Blunt the Harms of New Technology’, Two Waves Books.
►Véliz, C. ‘The Case for Ending Data Economy’, TEDx: https://www.youtube.com/watch?v=luCXlPYrTP4&t=1s
►Vigneshwaran ‘Ecommerce Ethics: Govt of India Bans 13 Dark Patterns on Ecommerce Platforms’, in Aufait UX, 26 December 2023:
https://www.aufaitux.com/blog/govt-bans-13-dark-patterns-on-ecommerce-platforms/
►Wodinsky, S. and Barr, K. ‘These Companies Know When You’re Pregnant – And They’re Not Keeping It Secret’, Gizmodo, 30 July
2022: https://gizmodo.com/data-brokers-selling-pregnancy-roe-v-wade-abortion-1849148426
►Wallbank, A. ‘2023 Prediction: What’s on the horizon for privacy and data’, SHOOSMITHS, 17 January, 2023:
https://www.shoosmiths.co.uk/insights/legal-updates/2023-predictions-whats-on-the-horizon-for-privacy-and-data
►Williams, S. ‘Study highlights consumer distrust due to dark patterns’, in ChannelLife, 15 December, 2023:
https://channellife.co.uk/story/study-highlights-consumer-distrust-due-to-dark-design-patterns
►Wolford, B. ‘The “Incognito Mode’ lawsuit is another legal blow to Google’s privacy-washing tactics’, in Proton blog, 30 October
2023: https://proton.me/blog/google-incognito-lawsuit
►The Privacy Whisperer: https://www.theprivacywhisperer.com/
@UserVision
www.uservision.co.uk
[email protected]
55 North Castle Street
Edinburgh
EH2 3QA
United Kingdom
Tel: 0131 225 0850
55 North Castle Street
Edinburgh
EH2 3QA
United Kingdom
Tel: 0131 225 0850@weareuservision
www.linkedin.com/in/gvenzlauskaite/
Thank you!
www.uservision.co.uk
[email protected]
55 North Castle Street
Edinburgh
EH2 3QA
United Kingdom
Tel: 0131 225 0850
55 North Castle Street
Edinburgh
EH2 3QA
United Kingdom
Tel: 0131 225 0850@weareuservision
www.linkedin.com/in/gvenzlauskaite/
Thank you!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 42
- Slides 63
- Age 570 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
28 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
33 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
27 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
30 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
26 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
27 views