With every Photoshop license comes great responsibility to use your design skills for good. In this case, “good” means the use of design to promote the right to privacy by incorporating privacy by design principles into your work. As a data privacy attorney and a Certified Information Privacy Professional, I’ll discuss the following:
- What is privacy by design and its fundamentals?
- Why designers should care about privacy by design
- Additional helpful resources for designers who want to learn more.
What Is Privacy by Design, and Why Should Designers Care?
Privacy by design is the idea that the privacy of users must be taken into account throughout the entire systems engineering process.
The core principles of privacy by design include taking measures proactively, defaulting to privacy and embedding it in the design, and ensuring transparency with users.
While the above concepts have been criticized for being confusing, they are an excellent place to start the conversation on how to incorporate privacy by design into your work. I will share three tips later in this article that will allow you to quickly get started with privacy by design.
Designers have the ability to inform the public exactly what data is collected, and it’s the right thing to do. Also, it’s the law in many places, including the EU’s GDPR. The truth is that these concepts are becoming more and more important over time and, as your industry changes toward a more privacy-conscious future, so should you.
Incorporating Privacy by Design Into Your Work
So how can you incorporate the respect for users’ privacy and experience into your design work? If you want to try out a few elements without diving head first into the very deep pool that is privacy by design, here are three great ways to start.
1. Minimize Data Collection on Your Site
The website should be collecting only the data that is actually needed. For example, you are building out a contact form and your client asks you to include the following fields: name, phone number, email, physical address, and social security number.
At this point, you should ask your clients why they want to collect this information and whether they really need it. If they are asking for social security numbers on the website “just to have them,” that is not congruent with privacy by design, and that data point should not be collected. A few good things to keep in mind:
- Only collect personal data for specified purposes
- Collect a sufficient amount of data
- Periodically review and deleted unneeded data
Below is a great checklist from the Information Commissioner’s Office that will aid you in data minimization:
Businesses should be upfront about the data they collect and the reasons for it.
2. Design Contact Forms to Capture Consent
When personal information (e.g., name, phone number) is collected via a website, it is vital that you can show that the user consented to giving that information. Contact forms need to be compliant because they’re one of the most common ways to collect information.
Below are two examples: one form from SuperOffice CRM that is GDPR compliant and another form that is not. Pay particular attention to the checkbox.
Note also in the picture that the checkbox should not be pre-checked, as then it would be impossible to determine whether the user actually took an action to consent to the collection of data. Also note that the user should be required to check the box to be able to submit the form.
- A visibly different color from the surrounding text.
- A different font from the surrounding text.
- A larger font size from the surrounding text.
Other Resources to Get Your Privacy by Design Process Started
Finding trustworthy information about a topic as complex and discussed as privacy by design can be difficult, but here are some great resources to read up on:
- Information Commissioner’s Office: Great for government guidance on GDPR that will give you clear, no-nonsense answers
- International Association of Privacy Professionals: Excellent blog to learn more about the intersection of privacy and technology, including tips for industry professionals
- IT Governance privacy blog: A great way to learn about the latest news in the privacy space.