Web Design: The Ethics of Collecting Personal Information

I thought it might be clever to begin this blog with a privacy policy notice; a not-so-subtle entrée to the theme that would follow. The critical error with that is it would only guarantee that every visitor to the page wouldn’t read a word of the blog. They would instead furiously scroll to the bottom of the page looking for the “Accept & Continue” button.

Every day, websites across the internet trot out these privacy policy notifications to inform their users what personal data, among other things, will be collected while visiting the site. Theoretically, at least, that is the reason for these notifications, but when you consider that almost nobody actually reads them, they feel more like perfunctory legal protection in an overly litigious society.     

Users rarely reading privacy policies and terms-of-service agreements is an issue that needs reconciling from both the website and the visitor. From the visitor’s perspective, the issue is clear: Is it safe or advisable to visit a website when you don’t know what personal data it is collecting? After all, by simply visiting a website you may be surrendering information like your IP address, location or browsing history.

For websites, it comes down to ethics and design. Websites have a responsibility to inform their users of the data they collect, but there’s no doubt that some sites would prefer to obfuscate just how intrusive their data collecting is. And for the businesses to which that applies, will they actually design their policies to be as accessible and digestible as possible?

How Web Design Can Help

A 2015 study explored how web design impacts how much personal information users give away both intentionally and unwittingly. The study assigned its 400 subjects to one of eight (one being a control group) mock search engines—each with a different design—asking them to use and evaluate the search engine. While the users were under the pretense that they were using the search engines in a focus group setting, they were being monitored to see how much personal information they disclosed and how it differed depending on the web design of the search engine.

Characteristics of the seven mock search engines
  • Traditional: Displayed a clickable link at the top-right of the page to open the privacy policy.
  • Simplified: Same clickable link as the traditional one, but this one conveyed the policy in simpler language.
  • Static Agent: To the right of the search box was an animated woman and below her, text that read “What would you like to search for?” in addition to the clickable link at the top-right.
  • Interactive Agent: The same animated woman and text to the right of the search box, but in addition to the clickable link at the top-right, the woman’s head and eyes moved to track.
  • Informality: The overall design of the search engine appeared “informal and youthful” by using bright colors and softer lines in the logo in addition to the clickable link at the top-right.
  • IP Information: Displayed the subject’s real IP number, location and the browser which the subject was using to the right of the search box in addition to the clickable link at the top-right.
  • History: Displayed the subjects browsing history to the right of the search box in addition to the clickable link at the top-right.

The study found that subjects were more likely to disclose information when using the static and interactive agent search engines. Additionally, users of the IP information search engine were more likely to notice the privacy policy link, while users of the informal engine were the least likely to notice the link. However, whether or not they noticed the link didn’t seem to have an effect on whether or not they disclosed information.

It’s likely that the IP information search engine made users aware of encroachments on their privacy, therefore making them more likely to notice the policy link. The fact that their awareness didn’t have an effect of how much information they disclosed would suggest there is a certain amount of apathy among users when it comes to their personal information. Trying to keep your personal information can feel like a losing battle, so why try to fight it?

What Should Websites Do?

It’s not fair to put the onus on websites to make their visitors care about what data they are collecting. However, there is a responsibility to make that information easy to find and understand. Businesses should use A/B testing tools to test multiple designs and see which of them result in the highest visitor awareness of the privacy policy.

Ultimately, though, no matter how accessible and digestible websites make these policies, it doesn’t matter if users don’t care. Perhaps as technology becomes more and more pervasive, privacy will become less and less valued, and these policies will become a thing of the past.

FURTHER READING: An Introduction to Big Data