To design effective user-focused services, we need to use data. We need to understand how people are using the service, what works for them and what doesn’t. There can be no service without data.
But as designers, we have to focus on user needs. That means we need to address users’ data needs as well as their service needs. We must design good services based on good data that don’t infringe on people’s privacy.
This means we have to look at questions like: what data is my service collecting? How and when is this data being used? Who has access to this data and who owns it? And how do we keep it secure?
As service designers working with data on a daily basis, we want to raise awareness of the value of data to services. And we want to discuss fundamental questions around what happens to that data.
This talk was held at Service Lab London on 19 October 2016 by Maria Izquierdo and Martin Jordan.
3. @izdo_maria @martin_jordan
Maria Izquierdo — @izdo_maria
Service Designer,
Government Digital Service (GDS)
Martin Jordan — @martin_jordan
Service Designer,
Government Digital Service (GDS)
10. @izdo_maria @martin_jordan
“Service is the application of specialised
competences through deeds, processes and
performances for the benefit of another entity”
—Stephen L. Vargo Professor of Marketing, University of Hawai'i at Manoa
17. @izdo_maria @martin_jordan
Personal data — Sensitive personal data
• name
• date of birth
• address
• telephone number
• physical or mental health conditions
• offences or alleged offences
• religious beliefs
• sexual life
29. @izdo_maria @martin_jordan
Target—is able to calculate a pregnancy
prediction score based on 25 products and send
coupons timed to very specific stages of someone’s
pregnancy, thereby, in one instance, knowing
about a teenage girl’s pregnancy before their
parents did
Ethical aspect
Source: http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#50b7f32734c6
30. @izdo_maria @martin_jordan
DriveNow—created precise movement profile of a
carsharing customer including route taken, speed
of vehicle, outdoor temperature and position of
mobile phone during booking; providing evidence
in manslaughter trial, but violating its own T&Cs
Privacy concerns
Source: http://www.manager-magazin.de/unternehmen/autoindustrie/bmw-autobauer-liefert-gericht-kundendaten-fuer-bewegungsprofil-a-1104050.html
31. @izdo_maria @martin_jordan
SmartTVs—recording spoken words including
personal or other sensitive information and
transmitting the captured data to a third party
through use of their Voice Recognition software;
constantly spying in people’s living rooms
Security risks
Source: http://www.bbc.co.uk/news/technology-31296188
33. @izdo_maria @martin_jordan
“We say we want privacy online, but our actions
say otherwise […] people who indicate serious
privacy concern nevertheless reveal intimate
details of their lives for trivial rewards”
—Leslie K. John Associate professor, Harvard Business School
Source: https://hbr.org/2015/10/we-say-we-want-privacy-online-but-our-actions-say-otherwise
42. @izdo_maria @martin_jordan
Ask:
What data is the service collecting? And why?
How and when is this data being used?
Who has access to this data and who owns it?
And how do we keep it secure?
45. @izdo_maria @martin_jordan
BBC—“Our privacy promise covers how we treat
your data and put you in control of what happens
to it. It’s based around three main areas […]
transparency, choice, trust”
Embracing transparency and simple language
Source: http://www.bbc.co.uk/privacy/
48. @izdo_maria @martin_jordan
Co-op Paperfree—“We’re committing to a data
relationship that’s unambiguously clear and
transparent. We will always be clear and precise
with you, our members about what we are going to
do with your data. You will be in control of the
data we hold on you.”
Taking sensitive data seriously
Source: https://digital.blogs.coop/2016/05/21/co-op-agm-2016/
50. @izdo_maria @martin_jordan
Source: http://www.helloclue.com/privacy.html / http://blog.helloclue.com/post/135713474876/why-data-will-revolutionize-global-female-health
Providing options and guaranteeing privacy
Clue—“You can use Clue without creating an
account and if you do you will not share your
data. If you wish to use Clue Connect, however,
you do need an account and once you create an
account your data will be hosted on Clue’s servers.
52. @izdo_maria @martin_jordan
Source: Sarah Gold, Projects by IF / https://projectsbyif.com/ideas/design-for-data
1 Keep other services in mind
2 Collect minimum viable data
3 Be transparent
4 Get consent
5 Put users in control of their data
6 Separate the data
54. @izdo_maria @martin_jordan
Source: Sarah Gold, Projects by IF / https://projectsbyif.com/ideas/design-for-data
1 Keep other services in mind
• Don’t lock users into your service
• Consider what value the data could create
when used in other services too
• Think about API usage
55. @izdo_maria @martin_jordan
2 Collect minimum viable data
• Ask for the data you really need, not more
• Question what you really need to know
e.g. date of birth / confirmation of 18+
• Think about data breaches, hacks,
requests from regimes
56. @izdo_maria @martin_jordan
3 Be transparent
• Explain to your users what data you keep
for what reason and who owns it
• State what data you collect, use and store
• Share this big data with the world
57. @izdo_maria @martin_jordan
4 Get consent
• Use simple language so people
understand what they are agreeing to
• Don’t bury details in 60-page privacy
statement when you ask for consent
• Allow them to revoke consent
58. @izdo_maria @martin_jordan
5 Put users in control of their data
• Give users a choice to share data or not
• Don’t force account creation
• Allow full deletion of account and data
59. @izdo_maria @martin_jordan
6 Separate the data
• Decouple services and data
• Unlink personal and sensitive personal data
wherever possible—pseudonymise
• Separate data on people from data on things
66. @izdo_maria @martin_jordan
What data is being collected?
Location of user, every 3 minutes
Why?
To give user contextual recommendations
What does it enable in the service?
Understanding if user is new to area or not
What are potential risks?
Generating detailed movement profiles
70. @izdo_maria @martin_jordan
Step up your game, designers, don’t only
design services that easy are to use but also
trustworthy, understandable, accountable*
*Inspiration: Richard Pope / http://www.memespring.co.uk/talks/oscon2016/oscon.pdf
71. @izdo_maria @martin_jordan
• Join discussions with your team members
• Apply Sarah’s principles for design for data
• Ask why, ask why again and then once more
• Design for worst case scenarios
• Consider data accumulation over time
• Tweak your tools, add data swim lanes etc.