Privacy for App Designers: A Quick Overview

Last updated on 19 July 2024

I feel like app designersā€™ attitudes on privacy have gone from šŸ˜ to šŸ˜• & lately to šŸ˜³.

Itā€™s ok: šŸ˜Œ hereā€™s whatĀ you need to know.

Summary (TL;DR)

  • Privacy isnā€™t scary: itā€™s an opportunity to earn peopleā€™s trust.
  • This is about how we handle personal data.
  • Some data are sensitive, and we need explicit consent before collecting them.
  • System permissions for apps are not the same as explicit consent.
  • Everyone is entitled to certain privacy rights: to be informed (Notice), to see the data we collect (Access), to take their data elsewhere (Portability), and to have their data corrected or deleted (Right to Be Forgotten).
  • Here are some design patterns we can use to respect peopleā€™s privacy in our mobile apps.

By the way, I donā€™t claim to be an expertā€¦ This is stuff I learned from working on mobile health apps, advice from experts, books, articles, & my own review of:

HIPAA (Health Insurance Portability & Accountability Act)

GDPR (EU General Data Protection Regulation)

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Personal vs. Sensitive Data

As the title suggests, privacy deals with two broad categories of data. Personal data refers to any information that can identify a person. Sensitive data refers to a subset of personal data that leave a person especially vulnerable to discrimination or harassment. When in doubt, assume data are sensitive.

Collecting sensitive data requires explicit consent, i.e. opt-in.

Sensitive data include types that reveals information like:

  • Religion
  • Racial or ethnic origin
  • Sexual orientation
  • Political affiliations
  • Criminal history
  • Union memberships
  • Genetics
  • Biometrics
  • Medical history

So, we understand that we need explicit consent before collecting a personā€™s sensitive data. And the principle of informed consent means that people need to understand what theyā€™re consenting to. We usually give people this information in a privacy notice.

  • Our privacy policy is how we agree to handle data.
  • A privacy notice tells people about our privacy policy.

Since privacy notices tend to be long and difficult, we can use aĀ short-form privacy notice.Ā Itā€™s a brief, understandable summary of your privacy policy.

Short Form Privacy Notice - Onboarding

I worked with this pattern at Philips, because the apps I worked on there collect medical data. Hereā€™s an example for onboarding people to a fictitious baby health app.

As you can see, the screen summarizes the most important points of the privacy policy and links to the full privacy notice. And itā€™s opt-in: the toggles are off by default, and theĀ I Agree button doesnā€™t appear until at least one toggle is switched on.

Short Form Privacy Notice - App Onboarding

Using this pattern does interrupt a personā€™s flow in using the app. But sharing sensitive data carries some serious risk, so itā€™s in a personā€™s best interest to stop & think for a moment about whatā€™s happening. In that sense, this is the opposite of deceptive ā€œdarkā€ patterns.

That doesnā€™t mean we canā€™t make it a little easier or more fun!Ā Itā€™s an opportunity to establish trust, highlight the appā€™s value, and express your serviceā€™s personality. We can use techniques like motion to assist people as well.

Simple prototype animation of a short-form privacy notice in a fictitious mobile app

Please allow me to bust the most common myth Iā€™ve seen around privacy for apps: Asking for system permissions (Allow ā€œAppā€ to access your location?) is not the same as asking for consent.

App Permissions Are Not Explicit Consent

Permissions are your operating system, asking if you trust the app in question. But consent represents an agreement between the person sharing data and the people collecting them.

Informed consent requires people that understand what theyā€™re consenting to.

So what does informed consent really mean?Ā Letā€™s take a quick look at peopleā€™s privacy rights.

Privacy Rights

You and I, as well as the people who use the things we create, have a legal right to privacy. While specific laws apply depending on where people live, hereā€™s a rundown of the most important rights we need to respect when collecting data.

Right to Notice

People have the right to know:

  • Which types of data weā€™re collecting
  • Why weā€™re collecting the data (purpose)
  • Who else (3rd parties) will get the data & why
  • How to have their data corrected or erased

Right to Access

We need to make sure people can access all the data we have about them, for free and in a digital format.

When we analyze peopleā€™s data (like with machine learning algorithms), they also have the right to know the processing logic & any consequences from being profiled. This is especially important when an algorithm decides how long you should go to jail.

Right to Portability

A person must be able to transfer their data from one place to another. So the data need to be made available ā€œin a structured, commonly used, machine-readable and interoperable format. (GDPR)ā€

Right to Erasure

A person also has the right to have their personal data corrected or deleted. They can withdraw any given consent, and sometimes any links to personal data must also be deleted (Right to Be Forgotten).

This presents a challenge for systems that rely on blockchain.Ā Because itā€™s immutable, data on a blockchain canā€™t be deleted. Opinions differ as to how this challenge should be addressed.

Full disclosure: some of my clients work with blockchain. And I believe that we need to adapt technology to our human rights, not the other way around.

Our Responsibilities

We know that revealing a personā€™s sensitive data could get them fired from their job, dropped from their insurance, or even arrested. But even seemingly ā€œinnocentā€ data can be harmful. Revealing a personā€™s name & date of birth leaves them vulnerable to identity theft,Ā so we have important responsibilities.

Collect only what you really need.

An appalling number of people still insist on collecting peopleā€™s birth dates. But the risk of someone opening a credit card in my name far outweighs the benefit of getting that ā€œhappy birthdayā€ spamĀ marketing e-mail from your company. So collect only what you really need, and destroy any data as soon as itā€™s no longer needed.

Keep people informed.

Informed consent means always knowing what youā€™ve consented to, especially when that changes. As a product evolves, you may want to start collecting new data, or find a new purpose for data youā€™re already collecting.

Short Form Privacy Notice - New Data

Thatā€™s ok, but when we make changes, we need to let people know. And if we want to collect more sensitive data, or change how we use sensitive data we already have, we need to ask for explicit consent again.

Hereā€™s a version of the short-form privacy notice, adapted to ask for new data.

Short Form Privacy Notice - New Data

Let people correct & delete their data.

People own their personal data, so they have a right to have it corrected or deleted whenever they want. Most companies require that you contact them to manage your data, but some provide in-app controls that allow you to do it yourself.

The Health app on iOS does this nicely by allowing people to view and delete their data within the interface.

Apple Health Data Management

What Now?

So there it is, what every app designer needs to know about privacy.

Thereā€™s much more out there of course; engineers and business stakeholders have other things to think about as well. But weā€™re also customers and citizens, so we need to think about our own privacy.

Empower people, donā€™t exploit them.

There are lots of principles out there for Privacy by Design. And with privacy laws like the GDPR, there are plenty of consultants offering advice. But the main thing to remember is: be cool, not šŸ’©. Treat people with respect.

Special Thanks

My journey into the world of privacy started with Bram Hoovers and Almar van der Krogt. We started around 2013 working together on the first privacy guidelines for mobile apps at Philips, and Iā€™ve been hooked ever since. Thanks, gentlemen!

Thank you, Hester Bruikman-PagĆ”n for your time and feedback! šŸ™

Further Reading

Privacy: And How to Get It BackĀ (Great book) ā€“ B. J. Mendelson

Ethical Design ManifestoĀ (I follow this) ā€“ Indie

A Technieā€™s Rough Guide to GDPRĀ (More on the law) ā€“ Cennydd Bowles

Hereā€™s how Apple can figure out which emojis are popularĀ (Differential Privacy) ā€“Ā Rob Verger

Grindr Is Letting Other Companies See User HIV Status And Location DataĀ (Privacy is important!) ā€“Ā Azeen Ghorayshi