General Data Protection Regulation, Europe’s far-reaching new privacy law, In short, GDPR will make privacy a mandatory design principle. The GDPR will likely fundamentally alter how products are developed both in Europe, where the law applies across every country, and in the United States, where many companies have European customers.
Co.Design spoke to design agencies, data protection officers, and privacy advocates about how these changes in Europe will impact designers all over the world. Here’s what designers and privacy experts have to say about the way GDPR is changing their business.
1.DESIGNERS CAN’T PLAY IGNORANT ABOUT DATA ANYMORE
Thanks to GDPR, designers will be forced to reckon with the underlying technology that powers their products–namely, databases. Sarah Gold, the CEO of the London-based privacy and design organization Projects By IF, believes there are big challenges for designers when it comes to notifying people about how to delete their information from systems that are powered by machine learning–systems that are becoming increasingly prevalent.
2.PRIVACY MUST BE PART OF THE DESIGN PROCESS
GDPR is poised to become a crucial part of the design process itself. Product teams won’t be able to ignore what data is collected and shared by their product, and then go to a lawyer a few weeks before launch and say, “Do you see any problems with this? We’re going to launch in a few weeks,” Hancock explains. Instead, thinking about privacy should happen during the design process.
3.BAD DESIGN WILL BECOME A PRICEY LIABILITY
A key part of designing for GDPR will be answering this question: What data should this product collect? The designers had an easy answer: Don’t collect data if it doesn’t make the UX better.
Laws like GDPR could spell the end of business models based purely on data collection–mostly because the risks and costs will be too great.
4.DESIGN COULD HELP SOLVE ONE OF TODAY’S BIGGEST PROBLEMS–OR NOT
The new directives have created a serious design challenge: creating better, clearer interfaces that make navigating privacy easier for users.Today, privacy settings are often buried deep inside apps where no one can find them, and privacy policies are a mess of legalese that no one reads.
Many companies facing GDPR are relying on a familiar interface design to comply: the “settings” screen. These ubiquitous screens don’t do much to functionally protect users, though they may be technically compliant.
Rather than relying on these old solutions, Tiago Luchini, a partner of technology at the New York-based agency Work & Co, believes in something he refers to as “micro-consent,” where users can learn what each piece of data they’re giving up is going to be used for–and how their experience might suffer if they decide not to provide it.
5.GDPR ISN’T ENOUGH–DESIGN CULTURE MUST CHANGE, TOO
While GDPR might be a step in the right direction, some think that the the law isn’t enough. The progression needs to lead the way. Designers should call out nefarious dark patterns, even when their colleagues are building them, so that manipulative interfaces that encourage people to give up their data don’t remain the default.
GDPR also doesn’t have to be viewed as a negative. Work & Co’s Luchini sees it as a form of creative constraint.
6.GDPR IS JUST THE BEGINNING OF A SEA CHANGE
Designers are already working on many of these points. One of the most compelling reasons to embrace the GDPR is that these kinds of data standards are here to stay–even if they haven’t hit the U.S. yet. Ultimately, the designers remain optimistic that the GDPR will be good for users and businesses.