Who designed the Privacy Policy?

[STUB] The UX around the Privacy Policy and Ts & Cs

~This post is in progress and will benefit from discussion with more people to develop fully~

As a product manager, I can count on my fingers and toes, the number of times that I’ve opened my own apps’ privacy policy and terms and conditions. It’s the afterthought of a check box that I include on a sign up wireframe. I suspect it is the case for most product teams.

These two standard links are treated as simple pages that the legal team needs to fill in with paragraphs and paragraphs of text. That’s genuinely how I’ve treated these pages. As someone with a lot of apps on their phone and computer, despite some apps forcing me to actually open the policy link before enabling the Sign up button, I don’t want to scroll and read through it all. The cognitive load of all the legalese is too heavy and it gets in the way of me trying out the app itself.

I was thinking about this for a while and then the simplest insight occurred to me:

Did anyone bother to design the privacy policy and terms and conditions? Did we even try?

I sure didn’t.

For any kind of a consumer-facing software, trust and credibility is essential to promoting usage of the app, getting engagement on content and retaining these users when competitors pop up.

Is it not possible that given all the privacy, data security and trust issues that the layperson and their mom is talking about these days, that this is where we have an opportunity to re-design the UX around trust?

Doris Brother’s popular bit about trust emphasizes that it’s not something we keep in the foreground of our minds. This infers a lack of suspicion or inversely and inclination to trust unless proven otherwise. This is why I blindly click [Accept] and [Next] during sign up for most apps. This is no longer an unconscious crutch that software providers can lean on; that product managers like myself can and should lean on.

Here are some of the problems to solve that I see around the Privacy Policy (PP) and Terms & Conditions (T+Cs):

Disclaimer: Some of these ideas may be technically impractical as per today’s practices around database design but some iteration of these concepts will be viable for apps that want to take on this challenge.

#1 Problem to solve - Friction

The content of the PP and T+Cs are hidden under links. These links are not prominently featured when a user is signing up. It’s perceived to cause frictions and can inconvenience the user if they’re trying to preview the app quickly

#1 Notes

  • Address the user’s actual journey and prioritization of tasks - allow them to access a trial version of the app where the user’s data is encrypted and then auto-destructed before getting them to create an account and sign up.

  • Rename the Privacy Policy and Terms & Conditions to “Learn how we use your data”

#2 Problem to solve - Volume of content

Sometimes these documents are very long because they’re designed to protect the company and to set some guidelines around usage. The literature is very dense and hard to scan.

#2 Notes

  • Do all the legal terms need to be agreed to in one shot? What if the terms were presented in context of first usage of the relevant features?

  • Hire a UX copywriter and translate that damn legalese into clear language.

#3 Problem to solve - The Data Question

Users have become tuned in to the conversation around data privacy and they are sensitive to changes to privacy policies especially in context of how their personal data and metadata is used to benefit the business. It’s perceived as an infringement of consent.

#3 Notes

  • Explain to users what the difference is between their personal data and metadata and clearly delineate which data points are needed for what parts of the experience. Maybe include a video with a real person explaining it. Add visuals. Keep the cognitive load as light as possible.

  • Include an opt-out for any data being shared to third parties and make it easy to access. If the business model relies on data being shared to third parties - it needs to be presented in an engaging way to users from the onset.

[……to be continued…….]


If you’d like to contribute to this post, DM me on Twitter.