Last week I participated in a panel discussion at The Privacy Identity Innovation Conference (PII2014). The PII2014 conference “explored where innovation is heading, what it means for the future of privacy and identity, and how to build trust in emerging technologies and business models.” The panel discussion “Building Trust Through Transparency: Listening to and Communicating with Users (Especially When Things Go Wrong)” focused on the value of transparency and the link between privacy and trust.
Transparency is a foundational Privacy by Design (PbD) principle. According to “The 7 Foundational Principles” it’s vital to “keep it open”:
“Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify.”
In this post, I highlight some topics of the PII2014 panel discussion and present a practical guide for companies dedicated to fostering trust through transparency.
The Link Between Privacy & Trust
Trust is the foundation of all relationships, whether they are interpersonal or commercial – those between service providers and users. Trust is built through the exchange of information where both parties maintain mutual respect, consistency in their dealings with one another, and we believe in the other’s integrity. Though companies may ask us to trust them, it’s action and not words that reinforce or damage our perception of them as trustworthy. In almost every interaction, we ask ourselves:
• Is the other party reliable and accurate?
• Do I feel they’re open, accessible, and user friendly?
• Do they listen to me? Do I feel they demonstrate an acceptable degree of empathy?
• Do they act ethically and with integrity?
Because our personal information has value and in some cases may be sensitive (for example health or financial records), we recognize that sharing it places us in an inherently vulnerable position. If a company or an individual respects our privacy, our trust deepens. “Trust equity” is built up when we trust and then verify that trust by comparing someone’s words with their actions.
Recognize that aligning words with actions isn’t situational. Customers have to feel as though a company is trustworthy in all of its interactions. Uber recently found itself up against this very problem when a BuzzFeed report stated how Uber executive Emil Michael suggested the use of “opposition researchers to dig up dirt on its critics in the media.” Uber is also facing challenges regarding its privacy practices and use of location and ride history information of its users. When we share a large amount of personal information with a company, but feel that company may abuse that information, trust is severely compromised.
Why Transparency is Important
When companies create opaque or vague privacy policies, they risk poisoning the bond of trust from the start. It’s important that language is clear and that it is used precisely.
A customer’s decision is based on a matrix of logic, psychology, and emotions, as well as a judgment as to whether or not the trade-off between privacy and convenience is fair. Transparency shows respect for the customer and holds companies accountable to their promises.
When it comes to holding companies accountable, the FTC also cares about transparency. Patricia Bailin, a Westin Research Fellow writes in an IAPP white paper:
“In the four decisions requiring companies to establish a comprehensive privacy program, (Google. MySpace, Facebook, Snapchat) companies allegedly failed to respect user choices. According to the FTC, these companies ignored consumer privacy preferences or misled consumers by providing inaccurate or incomplete information about user privacy, notice and control. In all four cases, the companies allegedly violated their own privacy policies and their statements on privacy settings.”
“It is possible to deduce from the FTC’s complaints that companies should:
Conduct regular testing and monitoring of the effectiveness of privacy controls, settings and procedures to ensure that user choices are respected;
Conduct regular reviews of privacy statements and product design in order to ensure a match between privacy policies, available user options, disclosures to third parties and product functions”
The case for transparency is clear: When practiced, it can be a competitive advantage. When neglected, it can be a significant liability.
Additional Best Practices for Improving Transparency
So how do we strive for greater transparency?
1. Innovative research involving product psychology. We can ask what makes customers respond to their privacy choices? How do various forms of interactivity, including layered notices, colors, and special icons influence behavior?
2. Better privacy positioning. Privacy and data security policy is often found to be boring and didactic. By marketing privacy and making it cool, we can make significant changes in how customers think about managing their information.
3. Learn from leaders. Big companies face big transparency challenges. By learning from major tech companies, we can help shape our own efforts at transparency. Facebook is a good example of a major tech company constantly experimenting with ways to innovate and expand their product offerings while working with users to advance an understanding of privacy settings. This Facebook Newsroom post details the many ways Facebook users can better understand and control their settings.