The EU’s General Data Protection Regulation (otherwise known as GDPR) went into effect on May 25th 2018, and caused a massive upheaval in the online business world. Though it had been lined up two years prior, its more obtuse elements and varying significance outside of Europe meant that many businesses left it until the last second to openly address it.
Over the span of a month or so, companies everywhere suddenly panicked and rushed to figure out what they would need to be to become GDPR-compliant— but we also must be aware of its potential to have secondary effects on other areas of business.
Since UX involves user data, it seems reasonable to wonder how GDPR will ultimately affect the world of UX design. Will it lead to a lot of change, or not have much impact at all? That’s what we’re going to look at in this piece.
Fundamentally, businesses that adhere to GDPR rules must ensure that any data they store that can practically be used to identify individuals is handled in a very particular way. The emphasis there is important, because anonymous information isn’t considered an issue— though GDPR’s impact is about more than its precise rules.
Simply intended to ensure a higher standard of user data protection for EU businesses and users, it has essentially served as a catalyst for a general revision of standards throughout the Western world. Some businesses that aren’t in the EU and don’t store data on EU citizens are not bound to follow it, but must make an effort regardless or look bad relative to companies using the advent of GDPR to assume a pro-privacy stance.
When designing a UX that requires a personal login, the full force of GDPR applies as the associated data can clearly be linked to a specific person, and any part of the UX that requests or stores data must adhere to the rules.
If extended to the entire UX industry, this would kill off the following irritating practises (as indicated by the Information Commissioner’s Office (ICO) in this guidance document – PDF):
No more tricks, subtle deceptions, or lies of omission. If you’ve ever tried installing freeware software that relies on sponsorships from other utilities, you’ll know how annoying it is to be required to fend off blatant efforts to get you to accept something you don’t want.
Think of layers of negatives making it unclear whether you’re rejecting or accepting something, agreement options being massively bigger and more prominent than rejection options (we tend to go with our attention), or unexpectedly-swapped layouts hoping to get you to click on ‘Yes’ by placing it where there was previously a ‘No’, etc. GDPR will consign them to the past.
When websites started sending out GDPR compliance emails in droves, much ado was made about the aura of desperation produced. There was much satisfaction to be had in seeing companies that had been gleefully storing unnecessary information for years suddenly having to assume a conciliatory tone and properly ask for permission instead of assuming it.
Some businesses did this well, while others made a mess of it. Just take a look at some good and bad examples of how to do it. The smart companies kept their copy clear and succinct, explaining what they needed from the user and politely asking for it. The ill-advised ones waffled on interminably and left their users both confused and annoyed, adding to a lot of built-up resentment instead of mitigating it.
After all, email marketers have taken as many shortcuts as possible. Knowing that attention spans aren’t all that long and every inbox is saturated with newsletters and sales, they’ve been all too willing to throw in giant CTAs with huge quantities of tracking data linked to them, regardless of whether the linked pages met user expectations.
Now that the general public has been forced to learn about GDPR, however, that ‘trick the user into action if you must’ tactic might well become counterproductive. Any company engaging in marketing would be well served to take the time every few months to read up on some email marketing best practices to make sure that they are keeping up with changing expectations.
In general, transparency is going to be the biggest result of GDPR in the long run. Like seeing the man behind the curtain in The Wizard of Oz, people now have some idea of what is being done with their data, and they aren’t going to be too inclined to trust companies that aren’t honest and transparent about what they do and how they do it.
Tone of voice is going to be a vital part of showing this transparency. If one company grudgingly acknowledges that it intends to adhere to the letter of the law, and another personably explains that it cares about its users and will work hard to protect their data, which one will be more likely to earn user consent? Being more personable is also fantastic for brand image in general, so it’s an easy win overall.
Today’s UX designer should bear this in mind at all times and create layouts that reassure the users about what’s happening and what is being requested. Users are no longer less likely to consent if they get that information, because they legally cannot consent without it, so there is no business incentive not to do it— and being more transparent than your competitors will leave you more likely to attract (and merit) customer loyalty.
Are you a UX designer trying to figure out how to approach UX in a post-GDPR world? Don’t focus too much on the exact details of the regulation. In the long term, what matters the most for the user is the reasoning behind GDPR, not the regulation itself. Prove that you’re invested in taking their privacy seriously and you’ll be in good shape.
Traditional research methods are by no means dead, as data analytics and attitudinal continue to…
We’re at an inflection point with personal transportation. Driving by hand is old-school. Driverless or…
Many designers and digital marketers are giving user experience more and more emphasis as the…
Storytelling is no longer limited to our childhood memories. I mean who doesn't love to…
Wearable technology is making it easier for consumers and businesses to access, gather, send and…
Special offers that can expire at any moment. Little extra's getting into your shopping cart…
View Comments
@victoria
Agree with the thesis behind this. Do the right things and you won't generally fall foul of the GDPR regulation.
The issue of Bundling consent requests with other requests has sadly not stopped. See this still everyday. Clearly legitimate interest has a role to play but you cannot insist on emailing me just because I download your ebook. That's not how it works anymore!
I'm sure I'm one of many who had hundreds of unnecessary emails requesting me to reconfirm consent. Again legitimate interest is there if I bought something from you recently. Unless, of course, you had dodgy practices previously that you have now abandoned!
I'm sure we will get there!