Building Privacy Into Your Website’s User Experience

Clayton Dewey

We should treat personal electronic data with the same care and respect as weapons-grade plutonium - it is dangerous, long-lasting and once it has leaked there's no getting it back. -- Cory Doctorow

Privacy concerns have taken center stage in the ethics of technology discussion. Several user experience architects have spoken out about the need for prioritizing a user’s privacy when designing products and websites — including Privacy is UX by Alex Schmidt and Privacy and the User Experience by Alexander Dawson. However, in UX communities I still see a lack of importance given to the subject. As a result, the web is still fraught with insecure connections, irresponsible data mining and missing or obtuse privacy policies. The UX community has the ability to dramatically shift that.

Collect Only What You Need

The best way to protect someone’s privacy is to leave them alone. If you don’t know something about a person, you can’t divulge it to others. To take a minimalist approach to data collection, perform a data collection review. Ask the following questions of all data you consider collecting on a user:

  1. Who would be using this data?
  2. What would they use the data for?
  3. Would this data be required or optional?
  4. If it is required, what would happen if a user provides false information?

Pare Down Your Data

Like all things content related on the web, we most likely have more than we need. If you are already auditing your site on a regular basis, work a data collection review into the next audit. And if you aren’t, well you really should start :)

Make a list of all points of data collection on your site. These will include:

  • Form fields
  • Analytic tools configuration
  • Content management system configuration

Form Fields

A nice byproduct of only asking for what you need is that you improve your user’s experience on the site. Removing unnecessary fields on forms leads to increased conversions. It also means less data you need to store, organize, analyze and protect. Once you’ve trimmed down form fields to the essentials, cull the unneeded data from your system. Have this done on a staging site and review it first to ensure you do not permanently delete information that is needed.

Analytic Tools Configuration

The purpose of analytics tools is to collect data. Products tend to collect as much data on users as they can, in order to make themselves marketable. Begin by listing all of the analytics tools your site uses. You can then review the data being collected by each one. Again, ask the four questions of these data points. If you find that a tools’ data collection is unnecessarily broad, consider moving to another tool.

Google Analytics and IP Masking

The most popular analytics tool, Google Analytics, does not collect any personal identifying information (eg: email address) from users, but it does collect the following by default:

  • IP address
  • Geolocation
  • What website they came from
  • How long a user stays on each page
  • What pages a user visits
  • Operating System
  • Browser

The most contentious data point is a user’s IP address. This address is the unique id for the wireless network’s router the user is accessing your site through. While the IP address is not linked to a specific computer, the IP address can be traced back to a user’s exact location.

Thanks to Germany’s privacy laws, Google Analytics now has the option to mask users’ IP addresses, removing the last octet of the user's IP address when it is collected. Geolocation can still be derived, but it’s less accurate (though still approximate) and not traced back to a specific router.

Content Management Configuration

Your content management system (eg: Wordpress, Drupal) also tracks and stores data on users. Aside from the form fields you might have created through your CMS, there is data every CMS tracks by default—at the very least your users’ email addresses and passwords.

Inform Users with a Privacy Policy

If you are collecting user data (including using Google Analytics) you are required by law to have a privacy policy. This policy should be comprehensive and clear. Use your previous work identifying what you are collecting and why to write your policy. As is true with all content on your site, keep your users in mind when writing the policy. Your users’ reading level and technical background knowledge are especially important to consider when writing your policy. Mozilla’s Privacy Policy is a great example — it uses plain language, avoids jargon and defines terms such as personal information to make crystal clear what they are talking about.

Protect Traffic

Make sure that the site is using HTTPS (see our advice on what your site needs in 2017). This encrypts user traffic so that others (eg: hackers, intelligence agencies) cannot track the activity of users on your site nor the information they submit (eg: usernames, passwords, credit card numbers). Google also uses it as a search ranking signal.

By respecting users’ privacy, we ensure that the sites we build are trustworthy and easy to use. In an age of mass surveillance this is more important than ever before.