Jan 2018 - June 2018 (6 months)
Enable Schibsted’s EU businesses to fulfil the minimum requirement for GDPR & ePrivacy, with a focus on User Empowerment and Privacy by Design
Role: Head of UX (Privacy)
Company: Schibsted Product & Tech, working across Global Media & Marketplaces
Project timeline: 6 months
Jan 2018 - June 2018 (6 months)
Enable Schibsted’s EU businesses to fulfil the minimum requirement for GDPR & ePrivacy, with a focus on User Empowerment and Privacy by Design
Role: Head of UX (Privacy)
Company: Schibsted Product & Tech, working across Global Media & Marketplaces
Project timeline: 6 months
Problem to solve
The objectives of privacy work in Schibsted are to manage legal risk for the company, facilitate for the Schibsted strategy, enabling our business and the use of data as well as focusing on our users rights to control how we collect and use their data
Privacy is the right to be left alone. It is freedom from interference or intrusion. It comes from the notion that every human being has an inherent value, and every individual has the right to a private sphere that you control yourself – where you may choose how to act without use of force from or interference from the government or other people. Only then do you actually have freedom to act they way you want.
Top Level Objective:
Enable Schibsted’s EU Businesses to fulfil the minimum requirement list for GDPR & ePrivacy, with a focus on User Empowerment and Privacy by Design - May 2018
What are we doing?
When we ensure regulatory compliance, we should
focus on turning constraints into user engagement opportunities
establish a stimulating dialogue with our users around their data
facilitate for Schibsted´s overall Media and Marketplaces strategy
deliver a common and shared set of guidelines across Media and Marketplaces
Why are we doing it?
What’s at stake: users trust, fines up to 4 % of global annual turnover, and the inability to collect and use data and execute strategy
How we measure success?
Finding the right balance for business/user needs VS Legal needs.
Ensure minimum legal compliance to manage risk properly
How was it solved: deliverables
Created a Privacy Product, called ‘About Me’
Created UX product guidelines
Created User Transparency guide
Created a ‘UX Tone of Voice’
Created a ‘Privacy Portal’
How was it solved
Team set-up
Leading the UX Team Central Privacy team, and working between OSLO and LONDON. Driving the design strategy for all of Schibsted Global Privacy offering and developing solutions to be rolled out to all Media sites and Marketplaces.
Regular workshops held in Oslo and Stockholm - reason being, the Privacy Product was built for SPID -mainly for the Scandinavian Media sites, and is a ‘common single sign’ on for multiple sites, sharing user data and consent choices.
Working in a agile scrum team of 18 persons: Product Lead, Technical Program Manager (TPM), UX lead, UX designer, Visual designer, Copywriter, Engineering Manager, Tech leads, Frontend devs, Backend devs, Product Analysts.
Responsible for day-to-day managing of team, sprint deliveries, and mentoring team growth and educational development
1. Created a privacy product, ‘About Me’
We designed the Privacy Product “About Me” for all SPiD users in Norway, Sweden and Finland (SPID: single sign on for multiple sites sharing personal data).
To address transparency and user empowerment, we created validated content and user flows to address:
The right to information (incl. privacy and cookie policy) - generated 20 general articles, plus a ‘data tour’
The right to data takeout
User choices/opt-outs
The right to data deletion
The right to data portability
For none-SPID Marketplaces
The right to information: the team created 20x general translated articles to english
To be adapted by all other Schibsted sites, to use as inspiration or re-write for their sites.
Product design principles and features
For the ‘About Me’ offering we established early on the “product design principles and features” as our Northstar.
Transparency: Be transparent about what we do with user data, through simple, clear, proactive communication
Engagement: Provide clear, valuable incentives and explain value proposition to users in exchange for their data
Control: Provide users with privacy features to empower but not overwhelm them
Education: Keep user data secure, including when sharing with third parties
Right to information: 1st level information
Created a quick tour guide for users to get a quick and simple understanding of what happens with their data, and outcomes of consent choices
UX Research Learnings
Conducted regular Qualitative and Quantitative testing, and documented for other Schibsted companies to learn
Example prototype screens below
UX Research Learnings
Also used external agencies to oversee extensive research in France, Norway and Sweden on user perceptions about data collection
Prototypes (a) Privacy Consent selection + (b) Privacy Data Request and Download
2. Created UX product guidelines portal
These Guidelines were for anyone within Schibsted who wished to understand what the Privacy Product is all about
Plus why certain product decisions were made, and what we have learned so far user testing and research
Also included on the portal were: sitemap, content strategy outline, articles copy, sketches, prototypes and illustrations to be used by all Schibsted companies
Plus the sharing of all qualitative and quantitative research insights
3. Created User Transparency guide
What information to provide what, when and how. Explaining complex technical processing activities and legal rights to users within the general population - this is not an easy task. Trust takes a long time to build, but can be wrecked in seconds using the wrong words or analogies. So, delivering the information to the right users at the right time to get them in the right state of mind requires expertise in both content strategy and copywriting.
1st layer: When users enter a site for the first time, tracking and collection of personal data begins users must be informed about processing of data
2nd layer: Opt-out toggle / General statement of type of data processed and for what purpose / Name the data controller / link to more info
3rd layer: More extensive description of the purpose of processing, how it is processed, including any analysis/profiling etc.
4th layer: more extensive in-depth articles on types of data and the purpose for collection
4. Created a ‘UX Tone of Voice’
We aim for a mid-range level of formality where we come across as human, but are not too cute, sassy or silly.
6 basic principles of user-focused copy:
Respect. Don’t talk down to users, and don’t make them sorry they clicked ‘learn more’.
Educate. Users should come away from interactions with us knowing more than they did before they started.
Empower. Place control over users’ experiences on your site firmly in their hands.
Assist. Support and guide users as they negotiate your products and services.
Reassure. Inspire confidence in your users through your words. Back up those words with action; this builds trust.
Engage. Treat serious subjects with respect, but never be boring. Don’t risk putting your users to sleep at the wheel.
If it’s worth our time to write it, it should be worth their time to read it.
E.g. How changing your opt-in language can increase consent rate by 50% - medium article
Tone of Voice outcome
Friendly. We talk like humans, but are not over-familiar or manic
Trustworthy. We are transparent about our practices, but without introducing unnecessary fears
Invested. We care, but we’re not intrusive or presumptuous.
5. Created a ‘Privacy Portal’
• Essential information about the new GDPR and ePrivacy laws, with guidance about how to become compliant
• A educational self-help portal with many short videos and articles for many cross-disciplines.
Result
Working very closely with the Privacy Office, the UX team has been successful in delivering for GDPR. We were able to provide a privacy product platform and knowledgebase to be used and implemented across all Schibsted Media & Marketplace sites.
