In a few days, CCPA enforcement will take effect in California to ensure millions of people’s data rights. While the regulations have been around for months, it is expected that the enforcements will drive another wave of company compliance. But, minimum compliance in the face of CCPA enforcement is a short-term reputation approach, as consumers have been clear on two fronts: they want actionable data privacy from companies and they place increased trust in companies that prioritize their data rights.
Evidence of why it’s critical to step out of the ‘basic compliance and regulation’ mindset can be found at Apple’s June 2020 Worldwide Developers Conference. On the trend-setting stage, Apple announced a new feature that will provide information about the data that apps collected from users. As Apple’s senior vice president of software engineering recently told Fast Company, “We think we’re showing the way to the industry, to the customer, that they can demand more–they should expect more–about the protection of their privacy, and that we can help move the industry into building things that better protect privacy.”
Apple gets it right when they say that data privacy has a user experience problem. But you don’t need an Apple-sized engineering and legal budget to meet the increasing data privacy expectations of your users.
Before we get there, it’s important to note that historically Apple’s app store privacy updates have been reactions to specifically bad behavior from developers. While the data privacy updates may appear proactive to the outside observer and it is a good step in the right direction, it likely signals that app developers are getting worse, not better at respecting consumer data rights. What one can assume Apple is saying is, ‘there are still too many developers lagging behind on data privacy’ — and there are enough in this camp to warrant an industry-wide Apple standard.
So, while as great as Apple’s updates are for consumer transparency and privacy literacy, it also reflects how much enforcement is required to protect consumers from violating data practices. We believe the conversation inside companies & among consumer watchdogs needs to change from compliance with legal requirements to respecting data rights and the consumer experience.
To put it another way, getting out ahead of regulations and not waiting for app stores to cut you off is where trust and meaningful commitments reside for any company with online user data. When it comes to privacy, if you’re not proactively leading, you may be the inspiration for the next enforcement.
At Transcend, we’re an engineering team that has built modern data privacy infrastructure to enable companies to approach privacy as an opportunity to improve the user experience. For example, our platform makes it possible to fulfill subject requests in seconds. We’re proud to power the data privacy systems at leading companies like Robinhood, Opendoor, and Patreon.
To help you be a privacy champion and stay ahead of your user data rights experience, here are three tips from our team:
Don’t bury your data privacy information or consumer controls on your website. Apply the ‘user experience challenge’ to all your privacy-related properties and controls. Is it easy or hard to find your company’s data practices and get your data as a user? Take note of the time length it takes to fulfill the request and the security measures of your approach (user verification via an email, for example, is a large data breach risk). Flipping internally, ask yourself: ‘if a cross-functional team adds a new vendor or switches a product feature, is it easy or a nightmare to ensure consistency of user experience on data privacy?’
Build to transparently educate your consumers. If your users don’t understand your policies or practices, then you haven’t truly informed them. Ask if your users know how to find your policies and if they find them easy to navigate and understand. Do they pass the test only with lawyers? The New York Times did a study last year on the incomprehensive disaster of most privacy policies. The goal is for consumers to rate your company’s policies as clear, simple, and informative. Check out privacy.patreon.com as one example.
Historically, building for user data privacy experience has been a challenge because it required substantial engineering resources and building from scratch. Now, Transcend’s Data Privacy Infrastructure sits across legal and engineering teams to create seamless and secure systems for your company’s approach to data privacy.
Read more about the importance of a strong user data privacy experience in my piece in Fast Company.