Putting privacy controls in the hands of your users

I mentioned yesterday that Bob and I have just finished up some research on privacy.  In this upcoming report, we stress the importance of establishing privacy principles and then using those principles to guide privacy practices.  I happen to see this NY Times article (via Nishant’s Twitter stream) and had a bit of a Baader-Meinhof moment.  The article talks about how social networking sites are giving their end-users more and more control over how information is disclosed.  Giving users choice as to how their information is disclosed and used is important.  Giving users meaningful choice as to how their information is used is much better. 

 One of the privacy principles that Bob and I examine in our report is the principle of Meaningful Choice:

Robbing others of the ability to exercise their free will is an affront to dignity; therefore we allow people to decide how we will use information about them.  When presenting people with choices about how we will be allowed to use their information, we design easy-to-understand interfaces which reduce the possibility of confusing people, and we avoid creating “Hobson’s choice” situations in which people are forced to choose the lesser of a set of evils.

As an ex-interface and product designer, I am especially sensitive to usability and the principle of Meaningful Choice directly addresses this.  Providing an end-user with a difficult to use privacy settings tool and then saying, “Well, we gave you choice as to how your information gets used” exploits the power imbalance between the service provider and the user.  As the interaction between the user and the service provider become more and more valuable (moving from social networking to, say, electronic health records), such an exploitation is less and less acceptable.

 In the course of our research we talked to one company who spent many months trying to get their privacy settings interface right.  They brought people (non-techies even!) into their usability lab and studied how these user set (or didn’t set) privacy settings.  The design team fully acknowledge that building a usable, meaningful interface for privacy settings was hard but considering the context, the effort was required.


 End-user privacy controls are mandatory.  But in the absence of a usable interface, end-user control is not control at all. 

(Cross-posted from Burton Groups Identity Blog.)