“Privacy must become integral to organizational priorities, project objectives, design processes, and planning operations. Privacy must be embedded into every standard, protocol and process that touches our lives.”
The former Privacy Commissioner of Ontario, Ann Cavoukian, wrote these words in 1995. Privacy by Design is not a new concept — it’s old enough to drink, vote and buy cigarettes. However, while many people know the term, they often don’t understand how to apply Privacy by Design in practice. It usually gets boiled down to a compliance assessment — boxes are ticked, mitigations are assigned and actioned, and implementation continues apace. But that isn’t how design-led thinking works, and it’s not what Professor Cavoukian intended.
This is hardly surprising. The privacy world tends to be populated by lawyers and policy experts, usually with little holistic design expertise. However, if we want to make Privacy by Design effective, we should turn to our friends the Service Designers.
What is Service Design?
Service Design is a professional practice that uses a designer’s approach to create things that solve problems. In practical terms, that means looking at the broader ‘service’ to the users of the service rather than just the component products.
A service goes from ‘end-to-end’. It’s triggered by the moment a person starts needing it, and ends when they no longer need it. A mortgage service might start from when someone thinks, “I’m sick of renting — maybe it’s time to buy my own place?”. It would end when the mortgage was discharged.
When we design a service, we take the user’s lens, and we measure the success of the service by how much it meets their needs. The visible product might be a website, app, or an interaction with a front-line staff member, but the service as a whole is deeper and layered. It includes the system behind it, the technology platform, business processes, business rules and policies, and even organisational structure. For example, the mortgage broker that helps you find the right loan product. The form that you use to make the application. The credit checking process. The internet banking portal that you use to manage your account.
Service designers do more than just adopt the user’s view. Service design also involves validating assumptions, and working directly with customers to learn about their desires and needs. It’s not just about bringing the layers together under one view, it’s also about building the right solution.
So, what does service design look like when applied to privacy?
Privacy is the connective tissue
While all services have layers, some components of the service are more like connective tissue — they hold the layers together. Things like technology, privacy, or accessibility aren’t plug-and-play components, but a vital part of what makes a service good for users.
Privacy isn’t merely one of the steps in the service journey, but something that should be embedded at every step. As the user moves through the service, and their personal information moves through the systems that support the service, we must tailor the layers of the service to ensure that personal information is kept secure and used responsibly.
Meet user needs, not just compliance obligations
Privacy policies are a good example of how service design and privacy should intersect. In most jurisdictions, organisations are required by law to provide privacy policies and collection statements when they collect personal information. There’s often the temptation to use these documents as liability shields, resulting in long, sprawling walls of text. Thousands of words, littered with legalese. That meets the needs of the organisation — to comply with the law, and to protect themselves. But we know that users won’t divert themselves from their immediate goals to read a 3,500 word statement. It’s simply not practical — it’s been estimated that it would take 244 hours a year for the average person to read all the policies that apply to the products that they use. Who has that kind of time? Even if they did, across OECD countries 1 in 5 adults have only rudimentary literacy — they literally can’t read complex privacy policies.
Users don’t want a privacy policy or notice itself. Neither do regulators. Rather, they both want what the policy is intended to achieve — transparency about data use, and reassurance that personal information will be kept secure and used lawfully and responsibly.
If we want to centre the user experience, we should focus on what users want and need to know, and when they need to know it. We have to communicate in language that they can understand, and in a format that they can consume. We have to internalise that users are not a monolith — they have different wants and needs. Some people may have the education to be able to digest complex documents. Others may need screen readers. Some will have more time than others, or speak different languages.
When we do this, user needs shape delivery. We can start thinking about how to use just in time notifications to deliver layered privacy messages, tailor our messaging for smaller screens, or use images or animations. We can give the user what they need — transparency about how their personal information will be used, and reassurance that it will be kept safe. And we will still meet our compliance obligations.
The alternative is long and difficult documents which are hard and time consuming to write, and that almost no users will ever read. Wasted effort, all round.
Invisible is good
Service design isn’t just about making what’s desirable. It’s about meeting user needs in a way that is business friendly and possible (both technically and legally). Well-designed things aren’t always noticeable, and they don’t always ‘spark joy’ or create ‘iconic experiences’. Well-designed things just work, without obstruction.
A service that has effectively embedded privacy-by-design will mean that customers don’t have to do anything to ensure their personal information will be protected — they will be protected by default. They won’t have to navigate through menus or sift through privacy policies to find the settings they need to use to ensure their information is protected. Their choices should be easy to understand and easy to make.
But customers are not the only users of the service — staff are users too. The focus on customers means that we often neglect the needs of the providing the service itself. A true privacy-by-design approach should include making it easy for staff to use personal information appropriately by integrating security and privacy-protective practices in how the back-end of the service works. If there are choices around risk to be made, they too should be easy to understand and make. We must make it simple for staff to find and call out privacy risks, or understand what baseline controls should be applied.
Meeting staff needs in this respect could help organisations meet their security obligations. It would also improve productivity and reduce data breaches, a large percentage of which involve staff through vectors like social engineering, phishing, or mistakes.
Many hands make light work
The multidisciplinary approach is far more common in service design than it is in privacy. Service design projects frequently bring designers together with project managers, policy experts, engineers, and user researchers, and use these different skillsets and viewpoints to scope requirements and design the service. Working with the users helps them get what they need, and it helps avoid misguided and expensive work which might have failed to get user buy-in.
Privacy professionals can learn a great deal from this approach, because they’re usually not the users. We tend to be highly trained specialists and subject matter experts. That means we can easily overlook what might be hard for people not like us — that is, the entire userbase, both inside the organisation and the end users. When we co-design with users instead and work with a diverse, multidisciplinary project team, it’s far easier to identify and address our assumptions and misconceptions.
So what?
Ultimately, what service design teaches is that up-front investment and playing the long game leads to better services and better outcomes, for customers and organisations alike. We can use those same techniques to deliver better privacy outcomes — more transparent, secure services, that are easier to use for both customers and staff, and that still tick the boxes on compliance requirements. Privacy obligations can act as a prompt for better service design, rather than as a final destination. To get started, all you have to do is think about your users.
