How to make the end user feel safe using your solution and convince them that their data is handled securely?
What does it feel like to be private and safe?
In Finland, people will say something like this: Privacy allows me to have control and make a choice between private and public. Privacy means having your own space to be free and as you are. Safety means being protected in a guarded, stable (frozen) place, for example, being without technical gadgets, being offline and alone in nature, being in peace.
In contrast, fearing for your privacy is described as losing control. People envision a twisted world where you may assume everything is right but in reality it’s not. People are afraid of the enormity of the data. Either there’s so much data being collected that it cannot be controlled or that they are not even able to know what they should control.
From harmless to intrusive
When thinking about personal data, people view it context-sensitively and evaluate situations case-by-case. People want to understand if sharing their personal data could possibly damage their image in the eyes of their everyday contacts, friends, family, co-workers, or professional network. When behaviour is studied more closely, we know that people filter their updates to social media to show a more positive image of themselves, this is one form of self-censorship. But factually, people are usually not aware how their data is being handled and haven’t even taken any actions to check. People don’t read the privacy statements or terms of service. They are just hoping that the risks and threats won’t become a reality for them individually.
People have given up – Game over.
Today, people feel powerless and the fact that service providers have taken ownership of many of the data types is just accepted as a status quo. When asked, people tend to rationalize and explain away the trust for the service providers or apps that they are using. Government, health care, banks, insurance companies are trusted more than the large, international players like Google or Meta.
Sometimes any possible fears a person might have are rationalized by the possibility to stay anonymous. Being a “grey dot” in the analytics of some bigger operator is not seen as a problem. People also assume that some sectors are under stricter regulations and without checking they just want to trust that their most sensitive personal information (health and wealth) is guarded more heavily.
How to act:
Lower the threshold of controlling one’s own data:
- Provide people the right amount of information about their data, do this with the help of automation
- Satisfy people’s need to find and check all their data, make this easy and usable
Focus on creating trust in your communication:
- Try legal designing your Terms of service to uncover your security principles
- Talk about benefits of behaving securely
- Find a balance in the communication: withholding information vs. providing scary amounts of information
- Prevent and avoid scandals or events that breed mistrust. Make sure you are prepared and actions in place if attacks or data breaches happen