SlideShare a Scribd company logo

UX Edinburgh Meetup deck - Privacy UX - March 2024.pdf

I
info948069

Slides from Gintare presentation

Presentations & Public Speaking
1 of 63
Download to read offline
Privacy UX UX Meetup | March 2024 Privacy as human and user experience Gintare Venzlauskaite gintare@uservision.co.uk Duration – 60 min
2 A bit about me ► UX Consultant at User Vision ► Teacher in Higher Education • Research methods • Critical thinking skills • History of the Soviet Union ► Social & Political science researcher • Forced migration, diaspora • Collective memory, cultural trauma • Data brokers, anonymity, and digital privacy ► Privacy enthusiast (but not an expert!)
3 What I am going to talk about ► Why privacy matters ► What are current concerns revolving around digital privacy ► How response to privacy concerns is evolving ► What design and UX has to do with digital privacy ► Principles of Privacy UX ► How to practice privacy personally and professionally ► What’s in the horizon for digital privacy
4 What is privacy? And why should we care?
5 Definitions Privacy [prahy-vuh-see; British also priv-uh-see] ► Someone’s right to keep their personal matters and relationships secret (Cambridge dictionary). ► The right to be let alone, or freedom from interference or intrusion (IAPP). Informational privacy ► The right to have some control over how your personal information is collected and used and under what circumstances (IAPP; Law insider). Right to privacy ► Privacy is among human rights enshrined in the Universal Declaration of Human Rights, the European Convention of Human Rights, and the European Charter of Fundamental Rights (European Data Protection Supervisor).
6 Your relationship with digital privacy Please scan this QR code to enter Mentimeter questionnaire
7 Even when you think you’ve done it all, they still get you… Sitcom ‘Frasier’
8 Users as data generators How much data do we generate? ► According to DOMO (2020), an average internet user generates 1.7 MB of data per second How do we generate data? ► The data trail is accumulated by interactions with digital technologies that we use, wear, register for, check-in at, etc.
9 Users as data generators What happens to our data? ► Data can be harvested through tracking, scraping, proxies; then mined and aggregated ► It benefits us – efficiency, convenience, discounts, accuracy, scientific development So what? ► It makes us data subjects whose information is collected and used for profit ► This data is monetised by first parties and may be also sold to third parties, e.g., to data brokers – companies who then sell it on to other market actors ► It makes us vulnerable. The real-life short- and long-term implications are difficult to anticipate, grasp, or control
10 Carissa Véliz on dangers of data economy https://www.youtube.com/watch?v=luCXlPYrTP4
11 Digital privacy as human experience Real-life consequences of data economy ► Individual (e.g., abused vulnerabilities, prevention of opportunities, physical and digital harassment, identity theft) ► Socio-political impact (e.g., targeted political advertising, social polarization) ► National security (e.g., cyber attacks, surveillance)
12 Privacy concerns, awareness and regulations are on the rise Legislation Research Products and Services ► GDPR ► UK Data Protection Act ► US state privacy laws ► 71% of countries with some kind of legislation around data protection and/or privacy ► Academic literature ► Journalism ► Guidelines and advice for users ► Browsers ► Automatic opt-out engines ► Removal of data from commercial and data broker databases ► Tracker/cookie blockers ► Data breach alerts ► Product reviews
13 ► $275mil. collecting personal information from children under 13 ► $245mil. deployment of deceptive design for making unintended purchases ► €746 mil. tracking without consent ► $30 mil. Alexa/Ring invasion of privacy Recent fines related to privacy violation Sources: Termly; TechCrunch; US Federal Trade Commission ► €159 mil. not giving users easy way to refuse cookies on Google and Youtube ► $50 mil. for poorly structured privacy consent agreements ► $7.8 mil. sharing users’ sensitive data with outside companies ► £12.7 mil. illegally processing data of children under 13 without checking for parental consent ► €345mil. For breaking EU data law on children’s accounts ► €60 mil. not giving users easy way to refuse cookies on Facebook ► €225 mil. unclear privacy policies and lack of transparency ► €405 mil. mishandling teenagers’ data on Instagram ► €390 mil. forcing consent ► €265 for exposure to data scraping ► € 1.2 bil. for unlawful transfer of data of EU citizens to the US
14 Data privacy concerns on popular TV Last week tonight with John Oliver on Data brokers Parks and Recreation on cookies Documentary exploring social media through the case of Cambridge Analytica The final season of TV series ‘Succession’ dropping a few references to data economy, lack of people’s understanding of how it works, and business overtures to bypass governmental regulation Black Mirror, season 6 (2023) on implications of sneaky T&Cs
15 Question time So, shouldn’t users know better? What are your thoughts?
16 It is hard to know what you don’t know The internet and technology has not been kind on our privacy ► Tech companies are never explicit or specific of if and how our personal and behavioural data will be used ► Companies update their privacy notices all the time ► Data economy prompts practices aimed at collecting more data. ► Limitations of knowledge causes digital resignation ► Putting much of responsibility on individuals is unfair (Daniel Solove)
17 It is hard to know what you don’t know Design is part of the problem ► Design contributes to maximising data collection ► Difficult language, lack of visibility, ambiguous choices, deceptive patterns or lack of user-focused controls are all utilised and in turn is part of the problem UX design paradox ► The UX field prides itself in its human-centred philosophy and commitment to serve user needs through an optimal experience ► If UX designers are involved in compromising privacy-related design, that’s problematic ► Balancing between business needs and user needs in data-driven world can lead well-meaning teams into the grey area of deceptive design practices
18 What is Privacy UX? And how is it doing?
19 Question time Do you ever take note of privacy-related interfaces and designs? Feel free to give examples. What do think makes a design privacy- unfriendly? Feel free to give examples.
20 Privacy UX Privacy UX generally refers to: ► Approach promoting privacy by design and default ► Practices bridging data privacy protection regulations and their translation into user-friendly interfaces, journeys and content ► Application of UX principles in the user-facing versions of products and services relevant to privacy by: • being transparent • tailoring explanations • providing options • enabling user to make meaningfully informed decisions about what they share/provide/act upon ► Acknowledgement that privacy is an important element of user experience (as broadly understood) and should not be exploited by way of deceptive design practices
21 Deceptive patterns Definition ► Deceptive patterns (also known as “dark patterns”) are tricks used in websites and apps that make you do things that you didn't mean to, like buying or signing up for something (deceptive.design). Deceptive patterns relevant to privacy ► Preselection ► Forced action ► Privacy zuckering ► Confirm-shaming ► Hard to cancel ► Visual interference ► Decisional interference ► Hindering
22 Deceptive patterns relevant to privacy Preselection Employing the defaults, options that are already chosen for you. Most often refers to preselected boxes or steps this way manipulating people’s awareness; if users don’t notice it, their choice and autonomy is undermined (Deceptive design)
23 Deceptive patterns relevant to privacy Forced action A transactional pressure to choose an option that is better for the provider in return for something that user want It can also come in form of a ”bundled consent” whereby agreeing or providing something mandatory, the user is also agreeing to something else (Deceptive patterns). Source: Luiza Jarovsky @Privacy Whisperer
24 Deceptive patterns relevant to privacy Privacy zuckering Linked to forced action, this refers to tricking users into sharing more personal information than intended (e.g., photos, address, phone number, contacts, preferences, date of birth) Source: Uxcel
25 Deceptive patterns relevant to privacy Confirm shaming Influencing user’s decision making by triggering uncomfortable emotions around choice that would be more beneficial for them (Deceptive patterns). Source: The Mobiversal blog
26 Deceptive patterns relevant to privacy Hard to cancel or opt-out (roach motel) Typically, easy to subscribe or sign up with a service but very difficult to cancel. This can cause user resignation and leaving them with staying with the service longer than intended (Deceptive patterns). Source: noyb.eu
27 Deceptive patterns relevant to privacy Visual interference Purposefully hiding, disguising or obscuring choices by way of lower contrast, smaller text or general prominence of associated design components (Deceptive patterns). On cookie banners ► Introduced to provide users with the opportunity to give consent on tracking and for companies to get their consent ► criticised for becoming a pain point, a barrier between site visitors and the content they are interested in ► have bad reputation for deceptive design practices ► good example of user versus human experience dilemma (quick acceptance removes the barrier but contributes to long-term harm)
28 Deceptive patterns relevant to privacy Decisional interference Limited or absent choices or alternatives that otherwise would be preferable to an individual (Privacy Wiki).
29 Deceptive patterns Demo of 12 minutes of unchecking legitimate interest boxes on a cookie banner (I gave up and left the website) Hindering Delaying, hiding or making it difficult for the user to adopt privacy-protective actions (difficult rejection, complex settings, hiding opt-out, deletion, or revoking of consent, privacy-negligent defaults).
30 Deceptive patterns relevant to privacy Hindering is common in privacy settings ► There is rarely on place where you can control all privacy-related settings ► While Meta now refreshed their privacy controls, it is still challenging to navigate and manage them with ease Example of adjusting audience-based ad settings on Facebook. It is possible to refuse to be shown adds from particular advertisers, but I need to opt- out one advertiser at a time instead of being able to disallowing targeting from all.
31 Similarly, imagine you discovered that there is a way of severing ties with advertisers that share my activity happening outside Facebook with Facebook to target-advertise me. There is not ‘select all’ or ‘disconnect’ option.
32 Compliant does not mean user- or human-friendly The above examples show that laws and regulations are not enough (at least not in their current form) ► Just because a company complies it does not mean that it will do so with the best user’s interest at heart ► Your data and privacy protection legally depends on where you live ► It is hard to check if company honours your choices ► For big companies, paying the penalty bill may be seen as lesser price to pay than profits they get from commodifying people’s data The business are doing their best to make money, which means that loopholes are likely to be exploited including in the form of deceptive design. — Harry Brignull — Richie Koch, Proton blog
33 Examples of better cookie banners
34 Question time So, shouldn’t designers know better? What do you think are the challenges of UX professionals when it comes to creating with privacy in mind? Have you ever received any training around data privacy (either in education and/or your organisation)? Feel free to give examples.
35 Challenges of practicing Privacy UX What limits designers ► Lack of privacy-forward requirements and direction from upper echelons of the organisation/company ► Lack of voice in decision making ► Lack of awareness of the relevant regulations ► Lack of education and training ► Lack of collaboration with other privacy stakeholders (lawyers, engineers) ► Lack of guidelines and standardized practices ► User-unfriendly legal documents
36 Your priva-Cs. How to practice privacy UX Choice Clarity Control Consciousness Curiosity Championing Adopted from IAPP; Fairpatterns. ICO, Alexandra Schmidt’s book ‘Deliberate intervention […]’ Cautioning Compliance Collaboration Contributing
37 Your priva-Cs. How to practice privacy UX (in words) On professional level: ► Be aware of data privacy regulations and your organisation’s policies ► Be curious about privacy-forward solutions, privacy-friendly businesses, guidelines, practices, tips, advice ► Be a champion in your personal and professional circles – if you know something, spread the word ► Caution the team when you anticipate a potentially harmful (or unlawful) design practice. Seek support or report malpractice ► Contribute to development and sharing of good practice ► Seek collaboration with other teams (engineers, legal, etc.) On practical level, when it comes to hands on work: ► It is important to provide users with choice and inform them they have a choice (e.g., to opt-out) in a meaningful way ► The options need to be presented in a balanced and fair manner (avoidant of framing one choice over other) ► Users should be able find, understand and control their privacy settings. Having control ensures autonomy. These controls should be granular, and easy to manage ► Being able to revoke consent or opt-ins should be ensured ► The privacy-related interfaces and content should be clearly formulated ► The websites/apps should inform the users about purposes and choices in clear fashion ► Transparency about how and why the data is collected, or what the value of the transaction is Adopted from IAPP; Fairpatterns; ICO; Alexandra Schmidt’s book ‘Deliberate intervention […]’
38 Personal, collective and professional responsibility I am tired of people focusing too much on the consequences and saying ‘well, if I am not sure I am going succeed, then I am just gonna not care’. That’s too complacent. Sometimes we just have to do the right thing, whether we win or lose – it is the right thing to do. — Carissa Véliz While policy evaluation is an existing, robust approach to assessing policy impact, designers and other technologists outside of government who understand user experiences are, in fact, well-positioned to opine on policies that make a difference. That’s partly because they are on the front line of harms that emerge from new tech, able to perceive them quickly, and can examine them at their own speed. — Alexandra Schmidt
39 Where is privacy going? Hopes and worries
40 Question time What is your knowledge about changes in data privacy landscape? Regulations? Tools? Projects? Approaches? Innovations? Are you hopeful or doubtful? Is privacy too hard to do?
41 Developments in sight signal hope Growing consumer awareness ► ICO survey in 2022 showed 90% of the respondents’ concern about organisations using their personal information without their permission. ► KMPG in 2021 revealed that 86% of respondents reported growing concerns about their data privacy. ► 63% of consumers worldwide think companies aren't honest about how they use their personal information, and nearly 48% have stopped purchasing from companies because of privacy worries. (Tableau)
42 Developments in sight signal hope Emerging laws and regulations ► Steady and continuous growth in global privacy laws – by 10% every year. • There are at least 157 countries with some kind of data privacy law. That is 50% more than 10 years ago • In the US, the number of state privacy laws is also growing • The further development of regulations on deceptive patterns (India banned them in 2023) ► The EU’s AI Convention (Source: IAPP)
43 Developments in sight signal hope Growing business awareness ► We see more pleads for commitment to privacy ► Privacy is increasingly seen as the next component of ESG framework to gaining and maintaining consumer trust and loyalty (Brian Lesser) ► Companies witness an average return on investment of 1.8% from their privacy-related expenditures, and 92% acknowledge they have a moral obligation to use consumer data honestly and transparently (Cisco) Businesses now understand that if they want to keep the customers they have and attract new opportunities, they’re going to have to sell privacy as part of what they are offering — Ann Cavoukian
44 Developments in sight signal hope Adoption of standards and initiatives for guidelines ► ISO adopted Privacy by design standard (ISO31700 in Feb 2023) ► Draft report with opinions and advice on cookie banners (EU) ► Good practice initiative for cookie banner consent management (Germany) ► Privacy-enhancing design heuristics ► New rules for apps to boost consumer security and privacy (UK) ► ICO and CMA joint position paper on harmful design in digital markets and stakeholder workshop for design guidelines
45 Developments in sight signal hope Demand for privacy professionals ► Privacy engineering field is growing ► The effort to define the field as well as the role and concepts for privacy by design ► More courses, programmes, literature focusing on how to protect personal data in digital environment
46 Developments in sight signal hope Communities and services of practice ► We see more initiatives, individuals, and communities dedicated to advocating for privacy ► More examples of privacy-by-design services, off-the-shelf solutions, and consulting firms providing fairer privacy design advice, assessment, and products
47 Developments in sight signal hope Solutions and products for consumers that: ► Opt-out consent to collect data and target you for you ► Removes data from commercial databases on your behalf ► Requests data brokers to delete your data ► Blocks trackers/cookies ► Let you know when your data has been compromised ► Reviews products and websites for privacy Examples of privacy-forward products
48 Developments in sight signal hope Privacy technologies ► The number of privacy tech companies increased by 777% since 2017. From 44 in 2017 to almost 370 in 2022 (IAPP) ► Growing trend of real-world application of Privacy-enhancing technologies (synthetic data, homomorphic encryption, federated learning, data minimisation)
49 Developments in sight signal hope Shift in approach to personal data and privacy ► Belief that technology is not only part of the problem but also part of the solution (Jaap Henk-Hoepman) ► Ideas around your data working for you, not against you (Prifina)
50 ... But it is still an uphill battle Surveillance goes on ► Every day, we keep feeding companies with our data, and the tracking, profiling, and behavioural data exploitation goes on ► We keep seeing (and fall victims for) unsavoury, privacy-undermining practices and data breaches ► Companies say they embrace privacy but there is also lot of privacy washing and privacy-branding with continuous profiling of personal data by organisations of all sizes
51 ... But it is still an uphill battle Limited control and scrutiny ► No global data privacy standards ► Gaps and flaws in existing laws ► The approach from regulators is largely reactive rather than proactive ► Too much industry appeasement and reservations about disrupting business models (Wolfie Christl) ► Limited resources in watching what companies are doing
52 ... But it is still an uphill battle Pushback and/or manoeuvring from the big tech
53 ... But it is still an uphill battle Regulation vs innovation ► View that regulation is slowing down and curbing innovation ► Ground-breaking developments in technology distracts from difficult debates ► Limited public knowledge about other areas of privacy, e.g., cognitive, biometric
54 Final thoughts Let’s conclude
55 The key takeaways Privacy… ► matters and it is a part of our human and user experience ► has been undermined by the development of digital technology ► is everyone’s business to care about and advocate for ► is becoming important value and component of business strategy ► should not be sacrificed for the sake of aggressive innovation ► is a part of user experience, therefore should be part of responsible UX design Do the best you can until you know better. When you know better, do better. — Maya Angelou
56 Any final thoughts or questions from you?
57 Before we part our ways, personal tips Ask yourself: ► What information I am comfortable giving (even the most basic information can be sensitive, and not all information must be accurate) ► How can I reduce exposure to my personal data ► The usage of apps on your phone – are you using everything? ► Does the website/app needs as much information as it is asking? ► Does the website/app provide privacy controls they are committed to by law? (e.g., consent, right to be forgotten, right to delete or correct personal information); should I report them to local data privacy watchdog? Beware of: ► Default settings - you maybe sharing more (and publicly) than intended ► Deceptive design (aka dark patterns) ► Tracking ► Apps that require a login – if you don’t log out, they may be running in the background and collecting your data For families and parents/guardians: ► Be proactive of family privacy settings on your devices ► Check parental controls and privacy settings for children (Parent Club has a great set of information and resources about online safety) ► Pause before “sharenting” ► Look for privacy guides for parents
58 Who to follow? Harry Brignull Carissa Véliz Marie Potel-Saville Luiza Jarovsky Michelle Finneran Dennedy Robert Bateman Daniel Solove Jeff Jockisch Debbie Reynolds Arianna Rossi There are many people to follow, but here is a few (in no particular order)
59 References In case you need get to the source: ► ‘Building Trust Through Data Privacy and Protection’ (a video discussion), January, 2023: https://event.webcasts.com/starthere.jsp?ei=1548275&tp_key=57b7e0432e ► ‘Draft Report of the work undertaken by the Cookie Banner Taskforce’, European Data Protection Board, January, 2023: https://edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf ► ‘Exposing Big Tech, Privacy Threats & The Future of Artificial Intelligence’ (video discussion with Carissa Véliz), Through Conversations Podcast, March 2024: https://www.youtube.com/watch?v=HHwGat02v3Q ► ‘Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges’, Federal Trade Commission, December 19, 2022: https://www.ftc.gov/news-events/news/press- releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations ► ‘Harmful design in digital markets: How Online Choice Architecture practices can undermine consumer choice and control over personal information’ A joint position by the Information Commissioner’s Office and the Competition and Markets Authority: https://www.drcf.org.uk/__data/assets/pdf_file/0024/266226/Harmful-Design-in-Digital-Markets-ICO-CMA-joint-position-paper.pdf ► ‘How concerned are Europeans about their personal data online?’ (2020), European Union Agency for Fundamental Rights (FRA): https://fra.europa.eu/en/news/2020/how-concerned-are-europeans-about-their-personal-data-online ► ‘ISO set to adopt privacy-by-design standard’, IAPP: 13 January, 2023: https://iapp.org/news/a/iso-set-to-adopt-privacy-by-design- standard/ ► ‘OIPC – Privacy by Design Resources’, IAPP: https://iapp.org/resources/article/oipc-privacy-by-design-resources/ ► ‘Privacy in Practice 2023’, ISACA (The Information Systems Audit and Control Association): https://www.isaca.org/resources/reports/privacy-in-practice-2023-report
60 References (cont’d) ► ‘Privacy-washing: What Is It And How To Stop It From Happening To Your Company’, California Lawyers Association: https://calawyers.org/business-law/privacy-washing-what-is-it-and-how-to-stop-it-from-happening-to-your-company/ ► ‘The State of Data Privacy in 2023’ (video conference), Yes We Trust, 19 January, 2023: https://app.livestorm.co/didomi/the-state-of- data-privacy-around-the-world-in-2023/live?s=ef20f40e-608d-49e2-bebf-820190c983bc ► ‘Three years of GDRP: the biggest fines so far’, BBC News, 24 May, 2021: https://www.bbc.co.uk/news/technology-57011639 ► Anant, V., Donchak, L., Kaplan, J., Soller, H. ‘The consumer-data opportunity and the privacy imperative’, McKinsey & Company, 27 April 2022: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-consumer-data-opportunity-and-the- privacy-imperative ► Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M. and Turner, E. (2019) ‘Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information’, Pew Research Center: https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over- their-personal-information/ ► Baines, J. ‘ICO warns of fines for companies who do not get cookie banners right’, in Mishcon de Reya, 15 June 2023: https://www.mishcon.com/news/ico-warns-of-fines-for-companies-who-do-not-get-cookie-banners-right ► Beens, R. E. G. ‘The Role of Digital Privacy in Brand Trust’, Forbes, 8 January, 2021: https://www.forbes.com/sites/forbestechcouncil/2021/01/08/the-role-of-digital-privacy-in-brand-trust/ ► Brignull, H., ‘Dark Patterns overview’ (video), Vimeo: https://vimeo.com/776232138 ► Christl, W. (2022) Digital Profiling in The Online Gambling Industry. A report on marketing and risk surveillance by the UK gambling firm Sky Betting and Gaming, TransUnion, Adobe Google, Facebook, Microsoft and other data companies: https://cdn.sanity.io/files/btrsclf0/production/e23ea75fe93f775d9f9ed795427f4b5ed8d67016.pdf ► Deceptive Design: https://www.deceptive.design/
61 References (cont’d) ► Jarovsky, L. ‘Understand Privacy-Enhancing Design and How it Can Be a Game Changer for Data Protection’, Linkedin, 15 June, 2022: https://www.linkedin.com/pulse/understand-privacy-enhancing-design-how-can-game-changer- jarovsky/?trackingId=F5E466iUQsK29mvK3wXYGw%3D%3D ► FairPatterns by “amurabi: https://fairpatterns.com/ ► Hoepman, J. H. Privacy is Hard and Seven Other Myths. Achieving Privacy Through Careful Design, The MIT Press, Cambridge Massachusetts, London England. ► Ketch, J. J. ‘Data privacy truly matters to your customers. It’s time to make it a core business value’, Venture Beat, 31 August, 2022: https://venturebeat.com/security/data-privacy-truly-matters-to-your-customers-its-time-to-make-it-a-core-business-value/ ► Koch, R. ’Big tech has already made enough money to pay all its 2023 fines’, in Proton blog, 8 January 2024: https://proton.me/blog/big-tech-2023-fines-vs-revenue ► Komnenic, M., ’51 Biggest GDPR Fines & Penalties So Far’, Termly, March 31 2022: https://termly.io/resources/articles/biggest-gdpr- fines/ ► Lance, W. (2021) ‘Data privacy is a growing concern for more consumers’, Tech Republic: https://www.techrepublic.com/article/data-privacy-is-a-growing-concern-for-more-consumers/ ► Lomas, N. ‘Facebook data-scraping breach triggers GDPR enforcement lawsuit in Ireland’, Tech Crunch, 10 January, 2023: https://techcrunch.com/2023/01/10/digital-rights-ireland-gdpr-lawsuit-facebook-data-scraping-breach/ ► Lupiáñez-Villanueva, F., Boluda, A., Bogliacino, F., Liva, G., Lechardoy, T. R., Ballell, H. (2022) ‘Behavioural study on unfair commercial practices in the digital environment: dark patterns and manipulative personalisation. Final Report’, Directorate-General for Justice and Consumers. EU Consumer-Programme: https://op.europa.eu/en/publication-detail/-/publication/606365bc-d58b-11ec-a95f- 01aa75ed71a1/language-en/format-PDF/source-257599418 ► Nelissen L., & Funk, M. (2022). Rationalizing dark patterns: Examining the process of designing privacy UX through speculative enactments. International Journal of Design, 16(1), 77-94. https://doi.org/10.57698/v16i1.05
62 References (cont’d) ► Parent club – Online safety: https://www.parentclub.scot/topics/online-safety ► Prifina. The User-held Data Company: https://www.prifina.com/ ► Solove, D. J. ‘The Limitations of Privacy Rights’ (2022). 98 Notre Dame Law Review: https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2856&context=faculty_publications ► Véliz, C. ‘The Case for Ending Data Economy’, TEDx: https://www.youtube.com/watch?v=luCXlPYrTP4&t=1s ► Vigneshwaran ‘Ecommerce Ethics: Govt of India Bans 13 Dark Patterns on Ecommerce Platforms’, in Aufait UX, 26 December 2023: https://www.aufaitux.com/blog/govt-bans-13-dark-patterns-on-ecommerce-platforms/ ► Wodinsky, S. and Barr, K. ‘These Companies Know When You’re Pregnant – And They’re Not Keeping It Secret’, Gizmodo, 30 July 2022: https://gizmodo.com/data-brokers-selling-pregnancy-roe-v-wade-abortion-1849148426 ► Wallbank, A. ‘2023 Prediction: What’s on the horizon for privacy and data’, SHOOSMITHS, 17 January, 2023: https://www.shoosmiths.co.uk/insights/legal-updates/2023-predictions-whats-on-the-horizon-for-privacy-and-data ► Williams, S. ‘Study highlights consumer distrust due to dark patterns’, in ChannelLife, 15 December, 2023: https://channellife.co.uk/story/study-highlights-consumer-distrust-due-to-dark-design-patterns ► Wolford, B. ‘The “Incognito Mode’ lawsuit is another legal blow to Google’s privacy-washing tactics’, in Proton blog, 30 October 2023: https://proton.me/blog/google-incognito-lawsuit ► The Privacy Whisperer: https://www.theprivacywhisperer.com/
@UserVision www.uservision.co.uk gintare@uservision.co.uk 55 North Castle Street Edinburgh EH2 3QA United Kingdom Tel: 0131 225 0850 55 North Castle Street Edinburgh EH2 3QA United Kingdom Tel: 0131 225 0850 Thank you!

Recommended

Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023 Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023 User Vision
 
Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matzner Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matznercyborgology
 
Increasing Sophistication - The Cyberpsychology of Online Fraud and Phishing
Increasing Sophistication - The Cyberpsychology of Online Fraud and PhishingIncreasing Sophistication - The Cyberpsychology of Online Fraud and Phishing
Increasing Sophistication - The Cyberpsychology of Online Fraud and PhishingCiarán Mc Mahon
 
Privacy and Surveillance
Privacy and SurveillancePrivacy and Surveillance
Privacy and SurveillanceIrem Gokce Aydin
 
How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...Kellyton Brito
 
Semantic Web Technologies for Social Translucence and Privacy Mirrors on the Web
Semantic Web Technologies for Social Translucence and Privacy Mirrors on the WebSemantic Web Technologies for Social Translucence and Privacy Mirrors on the Web
Semantic Web Technologies for Social Translucence and Privacy Mirrors on the WebMathieu d'Aquin
 
Young Canadians, Participatory Digital Culture and Policy Literacy
Young Canadians, Participatory Digital Culture and Policy LiteracyYoung Canadians, Participatory Digital Culture and Policy Literacy
Young Canadians, Participatory Digital Culture and Policy Literacydmcolab
 
UXPA 2023: Rethinking Design Processes for Inclusion
UXPA 2023: Rethinking Design Processes for InclusionUXPA 2023: Rethinking Design Processes for Inclusion
UXPA 2023: Rethinking Design Processes for InclusionUXPA International
 

Recommended

Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023 Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023 User Vision
 
Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matzner Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matznercyborgology
 
Increasing Sophistication - The Cyberpsychology of Online Fraud and Phishing
Increasing Sophistication - The Cyberpsychology of Online Fraud and PhishingIncreasing Sophistication - The Cyberpsychology of Online Fraud and Phishing
Increasing Sophistication - The Cyberpsychology of Online Fraud and PhishingCiarán Mc Mahon
 
Privacy and Surveillance
Privacy and SurveillancePrivacy and Surveillance
Privacy and SurveillanceIrem Gokce Aydin
 
How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...Kellyton Brito
 
Semantic Web Technologies for Social Translucence and Privacy Mirrors on the Web
Semantic Web Technologies for Social Translucence and Privacy Mirrors on the WebSemantic Web Technologies for Social Translucence and Privacy Mirrors on the Web
Semantic Web Technologies for Social Translucence and Privacy Mirrors on the WebMathieu d'Aquin
 
Young Canadians, Participatory Digital Culture and Policy Literacy
Young Canadians, Participatory Digital Culture and Policy LiteracyYoung Canadians, Participatory Digital Culture and Policy Literacy
Young Canadians, Participatory Digital Culture and Policy Literacydmcolab
 
UXPA 2023: Rethinking Design Processes for Inclusion
UXPA 2023: Rethinking Design Processes for InclusionUXPA 2023: Rethinking Design Processes for Inclusion
UXPA 2023: Rethinking Design Processes for InclusionUXPA International
 
20220301 digital person v15
20220301 digital person v1520220301 digital person v15
20220301 digital person v15ISSIP
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
The death of data protection
The death of data protection The death of data protection
The death of data protection Lilian Edwards
 
Marden - Privacy in the 21st Century Why It Matters Now More Than Ever
Marden - Privacy in the 21st Century Why It Matters Now More Than EverMarden - Privacy in the 21st Century Why It Matters Now More Than Ever
Marden - Privacy in the 21st Century Why It Matters Now More Than EverNational Information Standards Organization (NISO)
 
Me and My Big Data Project
Me and My Big Data Project Me and My Big Data Project
Me and My Big Data Project DIPRC2019
 
Ethics in Product Development
Ethics in Product DevelopmentEthics in Product Development
Ethics in Product DevelopmentJennifer Fraser
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
How Generative AI can combat disinformation?
How Generative AI can combat disinformation? How Generative AI can combat disinformation?
How Generative AI can combat disinformation? TitanEurope1
 
Mantelero collective privacy in3_def
Mantelero collective privacy in3_defMantelero collective privacy in3_def
Mantelero collective privacy in3_defAlessandro Mantelero
 
Functional anonymisation - risk management in a data environment
Functional anonymisation - risk management in a data environmentFunctional anonymisation - risk management in a data environment
Functional anonymisation - risk management in a data environmentJisc
 
Social media: Legal and business challenges
Social media: Legal and business challengesSocial media: Legal and business challenges
Social media: Legal and business challengesPaul Jacobson
 
Data and ethics Training
Data and ethics TrainingData and ethics Training
Data and ethics TrainingLegal Services National Technology Assistance Project (LSNTAP)
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordPersonal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordDigital Catapult
 
Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Steve Mckee
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Onlinecaniceconsulting
 
Dgital-Self-UTS-exploring-the-digital-self.pptx
Dgital-Self-UTS-exploring-the-digital-self.pptxDgital-Self-UTS-exploring-the-digital-self.pptx
Dgital-Self-UTS-exploring-the-digital-self.pptxsantosem70
 
Age Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data UseAge Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data UseAgeFriendlyEconomy
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
19032013 Jacques Bus user controlled personal data management
19032013 Jacques Bus user controlled personal data management 19032013 Jacques Bus user controlled personal data management
19032013 Jacques Bus user controlled personal data management Stichting ePortfolio Support
 
National Volunteering Forum: May18
National Volunteering Forum: May18National Volunteering Forum: May18
National Volunteering Forum: May18NCVO - National Council for Voluntary Organisations
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 

More Related Content

Similar to UX Edinburgh Meetup deck - Privacy UX - March 2024.pdf

20220301 digital person v15
20220301 digital person v1520220301 digital person v15
20220301 digital person v15ISSIP
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
The death of data protection
The death of data protection The death of data protection
The death of data protection Lilian Edwards
 
Me and My Big Data Project
Me and My Big Data Project Me and My Big Data Project
Me and My Big Data Project DIPRC2019
 
Ethics in Product Development
Ethics in Product DevelopmentEthics in Product Development
Ethics in Product DevelopmentJennifer Fraser
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
How Generative AI can combat disinformation?
How Generative AI can combat disinformation? How Generative AI can combat disinformation?
How Generative AI can combat disinformation? TitanEurope1
 
Mantelero collective privacy in3_def
Mantelero collective privacy in3_defMantelero collective privacy in3_def
Mantelero collective privacy in3_defAlessandro Mantelero
 
Functional anonymisation - risk management in a data environment
Functional anonymisation - risk management in a data environmentFunctional anonymisation - risk management in a data environment
Functional anonymisation - risk management in a data environmentJisc
 
Social media: Legal and business challenges
Social media: Legal and business challengesSocial media: Legal and business challenges
Social media: Legal and business challengesPaul Jacobson
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordPersonal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordDigital Catapult
 
Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Steve Mckee
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Onlinecaniceconsulting
 
Dgital-Self-UTS-exploring-the-digital-self.pptx
Dgital-Self-UTS-exploring-the-digital-self.pptxDgital-Self-UTS-exploring-the-digital-self.pptx
Dgital-Self-UTS-exploring-the-digital-self.pptxsantosem70
 
Age Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data UseAge Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data UseAgeFriendlyEconomy
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
19032013 Jacques Bus user controlled personal data management
19032013 Jacques Bus user controlled personal data management 19032013 Jacques Bus user controlled personal data management
19032013 Jacques Bus user controlled personal data management Stichting ePortfolio Support
 

Similar to UX Edinburgh Meetup deck - Privacy UX - March 2024.pdf (20)

20220301 digital person v15
20220301 digital person v1520220301 digital person v15
20220301 digital person v15
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obama
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
 
Marden - Privacy in the 21st Century Why It Matters Now More Than Ever
Marden - Privacy in the 21st Century Why It Matters Now More Than EverMarden - Privacy in the 21st Century Why It Matters Now More Than Ever
Marden - Privacy in the 21st Century Why It Matters Now More Than Ever
 
Me and My Big Data Project
Me and My Big Data Project Me and My Big Data Project
Me and My Big Data Project
 
Ethics in Product Development
Ethics in Product DevelopmentEthics in Product Development
Ethics in Product Development
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenience
 
How Generative AI can combat disinformation?
How Generative AI can combat disinformation? How Generative AI can combat disinformation?
How Generative AI can combat disinformation?
 
Mantelero collective privacy in3_def
Mantelero collective privacy in3_defMantelero collective privacy in3_def
Mantelero collective privacy in3_def
 
Functional anonymisation - risk management in a data environment
Functional anonymisation - risk management in a data environmentFunctional anonymisation - risk management in a data environment
Functional anonymisation - risk management in a data environment
 
Social media: Legal and business challenges
Social media: Legal and business challengesSocial media: Legal and business challenges
Social media: Legal and business challenges
 
Data and ethics Training
Data and ethics TrainingData and ethics Training
Data and ethics Training
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordPersonal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - record
 
Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Online
 
Dgital-Self-UTS-exploring-the-digital-self.pptx
Dgital-Self-UTS-exploring-the-digital-self.pptxDgital-Self-UTS-exploring-the-digital-self.pptx
Dgital-Self-UTS-exploring-the-digital-self.pptx
 
Age Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data UseAge Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data Use
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication Skills
 
19032013 Jacques Bus user controlled personal data management
19032013 Jacques Bus user controlled personal data management 19032013 Jacques Bus user controlled personal data management
19032013 Jacques Bus user controlled personal data management
 
National Volunteering Forum: May18
National Volunteering Forum: May18National Volunteering Forum: May18
National Volunteering Forum: May18
 

Recently uploaded

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

UX Edinburgh Meetup deck - Privacy UX - March 2024.pdf

  • 1. Privacy UX UX Meetup | March 2024 Privacy as human and user experience Gintare Venzlauskaite gintare@uservision.co.uk Duration – 60 min
  • 2. 2 A bit about me ► UX Consultant at User Vision ► Teacher in Higher Education • Research methods • Critical thinking skills • History of the Soviet Union ► Social & Political science researcher • Forced migration, diaspora • Collective memory, cultural trauma • Data brokers, anonymity, and digital privacy ► Privacy enthusiast (but not an expert!)
  • 3. 3 What I am going to talk about ► Why privacy matters ► What are current concerns revolving around digital privacy ► How response to privacy concerns is evolving ► What design and UX has to do with digital privacy ► Principles of Privacy UX ► How to practice privacy personally and professionally ► What’s in the horizon for digital privacy
  • 4. 4 What is privacy? And why should we care?
  • 5. 5 Definitions Privacy [prahy-vuh-see; British also priv-uh-see] ► Someone’s right to keep their personal matters and relationships secret (Cambridge dictionary). ► The right to be let alone, or freedom from interference or intrusion (IAPP). Informational privacy ► The right to have some control over how your personal information is collected and used and under what circumstances (IAPP; Law insider). Right to privacy ► Privacy is among human rights enshrined in the Universal Declaration of Human Rights, the European Convention of Human Rights, and the European Charter of Fundamental Rights (European Data Protection Supervisor).
  • 6. 6 Your relationship with digital privacy Please scan this QR code to enter Mentimeter questionnaire
  • 7. 7 Even when you think you’ve done it all, they still get you… Sitcom ‘Frasier’
  • 8. 8 Users as data generators How much data do we generate? ► According to DOMO (2020), an average internet user generates 1.7 MB of data per second How do we generate data? ► The data trail is accumulated by interactions with digital technologies that we use, wear, register for, check-in at, etc.
  • 9. 9 Users as data generators What happens to our data? ► Data can be harvested through tracking, scraping, proxies; then mined and aggregated ► It benefits us – efficiency, convenience, discounts, accuracy, scientific development So what? ► It makes us data subjects whose information is collected and used for profit ► This data is monetised by first parties and may be also sold to third parties, e.g., to data brokers – companies who then sell it on to other market actors ► It makes us vulnerable. The real-life short- and long-term implications are difficult to anticipate, grasp, or control
  • 10. 10 Carissa Véliz on dangers of data economy https://www.youtube.com/watch?v=luCXlPYrTP4
  • 11. 11 Digital privacy as human experience Real-life consequences of data economy ► Individual (e.g., abused vulnerabilities, prevention of opportunities, physical and digital harassment, identity theft) ► Socio-political impact (e.g., targeted political advertising, social polarization) ► National security (e.g., cyber attacks, surveillance)
  • 12. 12 Privacy concerns, awareness and regulations are on the rise Legislation Research Products and Services ► GDPR ► UK Data Protection Act ► US state privacy laws ► 71% of countries with some kind of legislation around data protection and/or privacy ► Academic literature ► Journalism ► Guidelines and advice for users ► Browsers ► Automatic opt-out engines ► Removal of data from commercial and data broker databases ► Tracker/cookie blockers ► Data breach alerts ► Product reviews
  • 13. 13 ► $275mil. collecting personal information from children under 13 ► $245mil. deployment of deceptive design for making unintended purchases ► €746 mil. tracking without consent ► $30 mil. Alexa/Ring invasion of privacy Recent fines related to privacy violation Sources: Termly; TechCrunch; US Federal Trade Commission ► €159 mil. not giving users easy way to refuse cookies on Google and Youtube ► $50 mil. for poorly structured privacy consent agreements ► $7.8 mil. sharing users’ sensitive data with outside companies ► £12.7 mil. illegally processing data of children under 13 without checking for parental consent ► €345mil. For breaking EU data law on children’s accounts ► €60 mil. not giving users easy way to refuse cookies on Facebook ► €225 mil. unclear privacy policies and lack of transparency ► €405 mil. mishandling teenagers’ data on Instagram ► €390 mil. forcing consent ► €265 for exposure to data scraping ► € 1.2 bil. for unlawful transfer of data of EU citizens to the US
  • 14. 14 Data privacy concerns on popular TV Last week tonight with John Oliver on Data brokers Parks and Recreation on cookies Documentary exploring social media through the case of Cambridge Analytica The final season of TV series ‘Succession’ dropping a few references to data economy, lack of people’s understanding of how it works, and business overtures to bypass governmental regulation Black Mirror, season 6 (2023) on implications of sneaky T&Cs
  • 15. 15 Question time So, shouldn’t users know better? What are your thoughts?
  • 16. 16 It is hard to know what you don’t know The internet and technology has not been kind on our privacy ► Tech companies are never explicit or specific of if and how our personal and behavioural data will be used ► Companies update their privacy notices all the time ► Data economy prompts practices aimed at collecting more data. ► Limitations of knowledge causes digital resignation ► Putting much of responsibility on individuals is unfair (Daniel Solove)
  • 17. 17 It is hard to know what you don’t know Design is part of the problem ► Design contributes to maximising data collection ► Difficult language, lack of visibility, ambiguous choices, deceptive patterns or lack of user-focused controls are all utilised and in turn is part of the problem UX design paradox ► The UX field prides itself in its human-centred philosophy and commitment to serve user needs through an optimal experience ► If UX designers are involved in compromising privacy-related design, that’s problematic ► Balancing between business needs and user needs in data-driven world can lead well-meaning teams into the grey area of deceptive design practices
  • 18. 18 What is Privacy UX? And how is it doing?
  • 19. 19 Question time Do you ever take note of privacy-related interfaces and designs? Feel free to give examples. What do think makes a design privacy- unfriendly? Feel free to give examples.
  • 20. 20 Privacy UX Privacy UX generally refers to: ► Approach promoting privacy by design and default ► Practices bridging data privacy protection regulations and their translation into user-friendly interfaces, journeys and content ► Application of UX principles in the user-facing versions of products and services relevant to privacy by: • being transparent • tailoring explanations • providing options • enabling user to make meaningfully informed decisions about what they share/provide/act upon ► Acknowledgement that privacy is an important element of user experience (as broadly understood) and should not be exploited by way of deceptive design practices
  • 21. 21 Deceptive patterns Definition ► Deceptive patterns (also known as “dark patterns”) are tricks used in websites and apps that make you do things that you didn't mean to, like buying or signing up for something (deceptive.design). Deceptive patterns relevant to privacy ► Preselection ► Forced action ► Privacy zuckering ► Confirm-shaming ► Hard to cancel ► Visual interference ► Decisional interference ► Hindering
  • 22. 22 Deceptive patterns relevant to privacy Preselection Employing the defaults, options that are already chosen for you. Most often refers to preselected boxes or steps this way manipulating people’s awareness; if users don’t notice it, their choice and autonomy is undermined (Deceptive design)
  • 23. 23 Deceptive patterns relevant to privacy Forced action A transactional pressure to choose an option that is better for the provider in return for something that user want It can also come in form of a ”bundled consent” whereby agreeing or providing something mandatory, the user is also agreeing to something else (Deceptive patterns). Source: Luiza Jarovsky @Privacy Whisperer
  • 24. 24 Deceptive patterns relevant to privacy Privacy zuckering Linked to forced action, this refers to tricking users into sharing more personal information than intended (e.g., photos, address, phone number, contacts, preferences, date of birth) Source: Uxcel
  • 25. 25 Deceptive patterns relevant to privacy Confirm shaming Influencing user’s decision making by triggering uncomfortable emotions around choice that would be more beneficial for them (Deceptive patterns). Source: The Mobiversal blog
  • 26. 26 Deceptive patterns relevant to privacy Hard to cancel or opt-out (roach motel) Typically, easy to subscribe or sign up with a service but very difficult to cancel. This can cause user resignation and leaving them with staying with the service longer than intended (Deceptive patterns). Source: noyb.eu
  • 27. 27 Deceptive patterns relevant to privacy Visual interference Purposefully hiding, disguising or obscuring choices by way of lower contrast, smaller text or general prominence of associated design components (Deceptive patterns). On cookie banners ► Introduced to provide users with the opportunity to give consent on tracking and for companies to get their consent ► criticised for becoming a pain point, a barrier between site visitors and the content they are interested in ► have bad reputation for deceptive design practices ► good example of user versus human experience dilemma (quick acceptance removes the barrier but contributes to long-term harm)
  • 28. 28 Deceptive patterns relevant to privacy Decisional interference Limited or absent choices or alternatives that otherwise would be preferable to an individual (Privacy Wiki).
  • 29. 29 Deceptive patterns Demo of 12 minutes of unchecking legitimate interest boxes on a cookie banner (I gave up and left the website) Hindering Delaying, hiding or making it difficult for the user to adopt privacy-protective actions (difficult rejection, complex settings, hiding opt-out, deletion, or revoking of consent, privacy-negligent defaults).
  • 30. 30 Deceptive patterns relevant to privacy Hindering is common in privacy settings ► There is rarely on place where you can control all privacy-related settings ► While Meta now refreshed their privacy controls, it is still challenging to navigate and manage them with ease Example of adjusting audience-based ad settings on Facebook. It is possible to refuse to be shown adds from particular advertisers, but I need to opt- out one advertiser at a time instead of being able to disallowing targeting from all.
  • 31. 31 Similarly, imagine you discovered that there is a way of severing ties with advertisers that share my activity happening outside Facebook with Facebook to target-advertise me. There is not ‘select all’ or ‘disconnect’ option.
  • 32. 32 Compliant does not mean user- or human-friendly The above examples show that laws and regulations are not enough (at least not in their current form) ► Just because a company complies it does not mean that it will do so with the best user’s interest at heart ► Your data and privacy protection legally depends on where you live ► It is hard to check if company honours your choices ► For big companies, paying the penalty bill may be seen as lesser price to pay than profits they get from commodifying people’s data The business are doing their best to make money, which means that loopholes are likely to be exploited including in the form of deceptive design. — Harry Brignull — Richie Koch, Proton blog
  • 33. 33 Examples of better cookie banners
  • 34. 34 Question time So, shouldn’t designers know better? What do you think are the challenges of UX professionals when it comes to creating with privacy in mind? Have you ever received any training around data privacy (either in education and/or your organisation)? Feel free to give examples.
  • 35. 35 Challenges of practicing Privacy UX What limits designers ► Lack of privacy-forward requirements and direction from upper echelons of the organisation/company ► Lack of voice in decision making ► Lack of awareness of the relevant regulations ► Lack of education and training ► Lack of collaboration with other privacy stakeholders (lawyers, engineers) ► Lack of guidelines and standardized practices ► User-unfriendly legal documents
  • 36. 36 Your priva-Cs. How to practice privacy UX Choice Clarity Control Consciousness Curiosity Championing Adopted from IAPP; Fairpatterns. ICO, Alexandra Schmidt’s book ‘Deliberate intervention […]’ Cautioning Compliance Collaboration Contributing
  • 37. 37 Your priva-Cs. How to practice privacy UX (in words) On professional level: ► Be aware of data privacy regulations and your organisation’s policies ► Be curious about privacy-forward solutions, privacy-friendly businesses, guidelines, practices, tips, advice ► Be a champion in your personal and professional circles – if you know something, spread the word ► Caution the team when you anticipate a potentially harmful (or unlawful) design practice. Seek support or report malpractice ► Contribute to development and sharing of good practice ► Seek collaboration with other teams (engineers, legal, etc.) On practical level, when it comes to hands on work: ► It is important to provide users with choice and inform them they have a choice (e.g., to opt-out) in a meaningful way ► The options need to be presented in a balanced and fair manner (avoidant of framing one choice over other) ► Users should be able find, understand and control their privacy settings. Having control ensures autonomy. These controls should be granular, and easy to manage ► Being able to revoke consent or opt-ins should be ensured ► The privacy-related interfaces and content should be clearly formulated ► The websites/apps should inform the users about purposes and choices in clear fashion ► Transparency about how and why the data is collected, or what the value of the transaction is Adopted from IAPP; Fairpatterns; ICO; Alexandra Schmidt’s book ‘Deliberate intervention […]’
  • 38. 38 Personal, collective and professional responsibility I am tired of people focusing too much on the consequences and saying ‘well, if I am not sure I am going succeed, then I am just gonna not care’. That’s too complacent. Sometimes we just have to do the right thing, whether we win or lose – it is the right thing to do. — Carissa Véliz While policy evaluation is an existing, robust approach to assessing policy impact, designers and other technologists outside of government who understand user experiences are, in fact, well-positioned to opine on policies that make a difference. That’s partly because they are on the front line of harms that emerge from new tech, able to perceive them quickly, and can examine them at their own speed. — Alexandra Schmidt
  • 39. 39 Where is privacy going? Hopes and worries
  • 40. 40 Question time What is your knowledge about changes in data privacy landscape? Regulations? Tools? Projects? Approaches? Innovations? Are you hopeful or doubtful? Is privacy too hard to do?
  • 41. 41 Developments in sight signal hope Growing consumer awareness ► ICO survey in 2022 showed 90% of the respondents’ concern about organisations using their personal information without their permission. ► KMPG in 2021 revealed that 86% of respondents reported growing concerns about their data privacy. ► 63% of consumers worldwide think companies aren't honest about how they use their personal information, and nearly 48% have stopped purchasing from companies because of privacy worries. (Tableau)
  • 42. 42 Developments in sight signal hope Emerging laws and regulations ► Steady and continuous growth in global privacy laws – by 10% every year. • There are at least 157 countries with some kind of data privacy law. That is 50% more than 10 years ago • In the US, the number of state privacy laws is also growing • The further development of regulations on deceptive patterns (India banned them in 2023) ► The EU’s AI Convention (Source: IAPP)
  • 43. 43 Developments in sight signal hope Growing business awareness ► We see more pleads for commitment to privacy ► Privacy is increasingly seen as the next component of ESG framework to gaining and maintaining consumer trust and loyalty (Brian Lesser) ► Companies witness an average return on investment of 1.8% from their privacy-related expenditures, and 92% acknowledge they have a moral obligation to use consumer data honestly and transparently (Cisco) Businesses now understand that if they want to keep the customers they have and attract new opportunities, they’re going to have to sell privacy as part of what they are offering — Ann Cavoukian
  • 44. 44 Developments in sight signal hope Adoption of standards and initiatives for guidelines ► ISO adopted Privacy by design standard (ISO31700 in Feb 2023) ► Draft report with opinions and advice on cookie banners (EU) ► Good practice initiative for cookie banner consent management (Germany) ► Privacy-enhancing design heuristics ► New rules for apps to boost consumer security and privacy (UK) ► ICO and CMA joint position paper on harmful design in digital markets and stakeholder workshop for design guidelines
  • 45. 45 Developments in sight signal hope Demand for privacy professionals ► Privacy engineering field is growing ► The effort to define the field as well as the role and concepts for privacy by design ► More courses, programmes, literature focusing on how to protect personal data in digital environment
  • 46. 46 Developments in sight signal hope Communities and services of practice ► We see more initiatives, individuals, and communities dedicated to advocating for privacy ► More examples of privacy-by-design services, off-the-shelf solutions, and consulting firms providing fairer privacy design advice, assessment, and products
  • 47. 47 Developments in sight signal hope Solutions and products for consumers that: ► Opt-out consent to collect data and target you for you ► Removes data from commercial databases on your behalf ► Requests data brokers to delete your data ► Blocks trackers/cookies ► Let you know when your data has been compromised ► Reviews products and websites for privacy Examples of privacy-forward products
  • 48. 48 Developments in sight signal hope Privacy technologies ► The number of privacy tech companies increased by 777% since 2017. From 44 in 2017 to almost 370 in 2022 (IAPP) ► Growing trend of real-world application of Privacy-enhancing technologies (synthetic data, homomorphic encryption, federated learning, data minimisation)
  • 49. 49 Developments in sight signal hope Shift in approach to personal data and privacy ► Belief that technology is not only part of the problem but also part of the solution (Jaap Henk-Hoepman) ► Ideas around your data working for you, not against you (Prifina)
  • 50. 50 ... But it is still an uphill battle Surveillance goes on ► Every day, we keep feeding companies with our data, and the tracking, profiling, and behavioural data exploitation goes on ► We keep seeing (and fall victims for) unsavoury, privacy-undermining practices and data breaches ► Companies say they embrace privacy but there is also lot of privacy washing and privacy-branding with continuous profiling of personal data by organisations of all sizes
  • 51. 51 ... But it is still an uphill battle Limited control and scrutiny ► No global data privacy standards ► Gaps and flaws in existing laws ► The approach from regulators is largely reactive rather than proactive ► Too much industry appeasement and reservations about disrupting business models (Wolfie Christl) ► Limited resources in watching what companies are doing
  • 52. 52 ... But it is still an uphill battle Pushback and/or manoeuvring from the big tech
  • 53. 53 ... But it is still an uphill battle Regulation vs innovation ► View that regulation is slowing down and curbing innovation ► Ground-breaking developments in technology distracts from difficult debates ► Limited public knowledge about other areas of privacy, e.g., cognitive, biometric
  • 55. 55 The key takeaways Privacy… ► matters and it is a part of our human and user experience ► has been undermined by the development of digital technology ► is everyone’s business to care about and advocate for ► is becoming important value and component of business strategy ► should not be sacrificed for the sake of aggressive innovation ► is a part of user experience, therefore should be part of responsible UX design Do the best you can until you know better. When you know better, do better. — Maya Angelou
  • 56. 56 Any final thoughts or questions from you?
  • 57. 57 Before we part our ways, personal tips Ask yourself: ► What information I am comfortable giving (even the most basic information can be sensitive, and not all information must be accurate) ► How can I reduce exposure to my personal data ► The usage of apps on your phone – are you using everything? ► Does the website/app needs as much information as it is asking? ► Does the website/app provide privacy controls they are committed to by law? (e.g., consent, right to be forgotten, right to delete or correct personal information); should I report them to local data privacy watchdog? Beware of: ► Default settings - you maybe sharing more (and publicly) than intended ► Deceptive design (aka dark patterns) ► Tracking ► Apps that require a login – if you don’t log out, they may be running in the background and collecting your data For families and parents/guardians: ► Be proactive of family privacy settings on your devices ► Check parental controls and privacy settings for children (Parent Club has a great set of information and resources about online safety) ► Pause before “sharenting” ► Look for privacy guides for parents
  • 58. 58 Who to follow? Harry Brignull Carissa Véliz Marie Potel-Saville Luiza Jarovsky Michelle Finneran Dennedy Robert Bateman Daniel Solove Jeff Jockisch Debbie Reynolds Arianna Rossi There are many people to follow, but here is a few (in no particular order)
  • 59. 59 References In case you need get to the source: ► ‘Building Trust Through Data Privacy and Protection’ (a video discussion), January, 2023: https://event.webcasts.com/starthere.jsp?ei=1548275&tp_key=57b7e0432e ► ‘Draft Report of the work undertaken by the Cookie Banner Taskforce’, European Data Protection Board, January, 2023: https://edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf ► ‘Exposing Big Tech, Privacy Threats & The Future of Artificial Intelligence’ (video discussion with Carissa Véliz), Through Conversations Podcast, March 2024: https://www.youtube.com/watch?v=HHwGat02v3Q ► ‘Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges’, Federal Trade Commission, December 19, 2022: https://www.ftc.gov/news-events/news/press- releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations ► ‘Harmful design in digital markets: How Online Choice Architecture practices can undermine consumer choice and control over personal information’ A joint position by the Information Commissioner’s Office and the Competition and Markets Authority: https://www.drcf.org.uk/__data/assets/pdf_file/0024/266226/Harmful-Design-in-Digital-Markets-ICO-CMA-joint-position-paper.pdf ► ‘How concerned are Europeans about their personal data online?’ (2020), European Union Agency for Fundamental Rights (FRA): https://fra.europa.eu/en/news/2020/how-concerned-are-europeans-about-their-personal-data-online ► ‘ISO set to adopt privacy-by-design standard’, IAPP: 13 January, 2023: https://iapp.org/news/a/iso-set-to-adopt-privacy-by-design- standard/ ► ‘OIPC – Privacy by Design Resources’, IAPP: https://iapp.org/resources/article/oipc-privacy-by-design-resources/ ► ‘Privacy in Practice 2023’, ISACA (The Information Systems Audit and Control Association): https://www.isaca.org/resources/reports/privacy-in-practice-2023-report
  • 60. 60 References (cont’d) ► ‘Privacy-washing: What Is It And How To Stop It From Happening To Your Company’, California Lawyers Association: https://calawyers.org/business-law/privacy-washing-what-is-it-and-how-to-stop-it-from-happening-to-your-company/ ► ‘The State of Data Privacy in 2023’ (video conference), Yes We Trust, 19 January, 2023: https://app.livestorm.co/didomi/the-state-of- data-privacy-around-the-world-in-2023/live?s=ef20f40e-608d-49e2-bebf-820190c983bc ► ‘Three years of GDRP: the biggest fines so far’, BBC News, 24 May, 2021: https://www.bbc.co.uk/news/technology-57011639 ► Anant, V., Donchak, L., Kaplan, J., Soller, H. ‘The consumer-data opportunity and the privacy imperative’, McKinsey & Company, 27 April 2022: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-consumer-data-opportunity-and-the- privacy-imperative ► Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M. and Turner, E. (2019) ‘Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information’, Pew Research Center: https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over- their-personal-information/ ► Baines, J. ‘ICO warns of fines for companies who do not get cookie banners right’, in Mishcon de Reya, 15 June 2023: https://www.mishcon.com/news/ico-warns-of-fines-for-companies-who-do-not-get-cookie-banners-right ► Beens, R. E. G. ‘The Role of Digital Privacy in Brand Trust’, Forbes, 8 January, 2021: https://www.forbes.com/sites/forbestechcouncil/2021/01/08/the-role-of-digital-privacy-in-brand-trust/ ► Brignull, H., ‘Dark Patterns overview’ (video), Vimeo: https://vimeo.com/776232138 ► Christl, W. (2022) Digital Profiling in The Online Gambling Industry. A report on marketing and risk surveillance by the UK gambling firm Sky Betting and Gaming, TransUnion, Adobe Google, Facebook, Microsoft and other data companies: https://cdn.sanity.io/files/btrsclf0/production/e23ea75fe93f775d9f9ed795427f4b5ed8d67016.pdf ► Deceptive Design: https://www.deceptive.design/
  • 61. 61 References (cont’d) ► Jarovsky, L. ‘Understand Privacy-Enhancing Design and How it Can Be a Game Changer for Data Protection’, Linkedin, 15 June, 2022: https://www.linkedin.com/pulse/understand-privacy-enhancing-design-how-can-game-changer- jarovsky/?trackingId=F5E466iUQsK29mvK3wXYGw%3D%3D ► FairPatterns by “amurabi: https://fairpatterns.com/ ► Hoepman, J. H. Privacy is Hard and Seven Other Myths. Achieving Privacy Through Careful Design, The MIT Press, Cambridge Massachusetts, London England. ► Ketch, J. J. ‘Data privacy truly matters to your customers. It’s time to make it a core business value’, Venture Beat, 31 August, 2022: https://venturebeat.com/security/data-privacy-truly-matters-to-your-customers-its-time-to-make-it-a-core-business-value/ ► Koch, R. ’Big tech has already made enough money to pay all its 2023 fines’, in Proton blog, 8 January 2024: https://proton.me/blog/big-tech-2023-fines-vs-revenue ► Komnenic, M., ’51 Biggest GDPR Fines & Penalties So Far’, Termly, March 31 2022: https://termly.io/resources/articles/biggest-gdpr- fines/ ► Lance, W. (2021) ‘Data privacy is a growing concern for more consumers’, Tech Republic: https://www.techrepublic.com/article/data-privacy-is-a-growing-concern-for-more-consumers/ ► Lomas, N. ‘Facebook data-scraping breach triggers GDPR enforcement lawsuit in Ireland’, Tech Crunch, 10 January, 2023: https://techcrunch.com/2023/01/10/digital-rights-ireland-gdpr-lawsuit-facebook-data-scraping-breach/ ► Lupiáñez-Villanueva, F., Boluda, A., Bogliacino, F., Liva, G., Lechardoy, T. R., Ballell, H. (2022) ‘Behavioural study on unfair commercial practices in the digital environment: dark patterns and manipulative personalisation. Final Report’, Directorate-General for Justice and Consumers. EU Consumer-Programme: https://op.europa.eu/en/publication-detail/-/publication/606365bc-d58b-11ec-a95f- 01aa75ed71a1/language-en/format-PDF/source-257599418 ► Nelissen L., & Funk, M. (2022). Rationalizing dark patterns: Examining the process of designing privacy UX through speculative enactments. International Journal of Design, 16(1), 77-94. https://doi.org/10.57698/v16i1.05
  • 62. 62 References (cont’d) ► Parent club – Online safety: https://www.parentclub.scot/topics/online-safety ► Prifina. The User-held Data Company: https://www.prifina.com/ ► Solove, D. J. ‘The Limitations of Privacy Rights’ (2022). 98 Notre Dame Law Review: https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2856&context=faculty_publications ► Véliz, C. ‘The Case for Ending Data Economy’, TEDx: https://www.youtube.com/watch?v=luCXlPYrTP4&t=1s ► Vigneshwaran ‘Ecommerce Ethics: Govt of India Bans 13 Dark Patterns on Ecommerce Platforms’, in Aufait UX, 26 December 2023: https://www.aufaitux.com/blog/govt-bans-13-dark-patterns-on-ecommerce-platforms/ ► Wodinsky, S. and Barr, K. ‘These Companies Know When You’re Pregnant – And They’re Not Keeping It Secret’, Gizmodo, 30 July 2022: https://gizmodo.com/data-brokers-selling-pregnancy-roe-v-wade-abortion-1849148426 ► Wallbank, A. ‘2023 Prediction: What’s on the horizon for privacy and data’, SHOOSMITHS, 17 January, 2023: https://www.shoosmiths.co.uk/insights/legal-updates/2023-predictions-whats-on-the-horizon-for-privacy-and-data ► Williams, S. ‘Study highlights consumer distrust due to dark patterns’, in ChannelLife, 15 December, 2023: https://channellife.co.uk/story/study-highlights-consumer-distrust-due-to-dark-design-patterns ► Wolford, B. ‘The “Incognito Mode’ lawsuit is another legal blow to Google’s privacy-washing tactics’, in Proton blog, 30 October 2023: https://proton.me/blog/google-incognito-lawsuit ► The Privacy Whisperer: https://www.theprivacywhisperer.com/
  • 63. @UserVision www.uservision.co.uk gintare@uservision.co.uk 55 North Castle Street Edinburgh EH2 3QA United Kingdom Tel: 0131 225 0850 55 North Castle Street Edinburgh EH2 3QA United Kingdom Tel: 0131 225 0850 Thank you!