UX and Data Protection: Designing together for competitive advantage

Designing with both in mind improves the user experience, builds trust and creates a sustainable competitive advantage.
Let's illustrate this with three everyday scenarios:

• Maria decides to sign up for a financial service in conjunction with her loyalty card, which she often uses for grocery shopping. As she is not very familiar with digital tools, she goes to the store to get help. During rush hour, the customer area is only separated by a plexiglass wall. The process takes several minutes, the assistant is interrupted several times. To be heard, Maria raises her voice, but the assistant still makes mistakes and has to repeat actions. Finally, the assistant asks Maria to write her details on a piece of paper, which remains on the desk until the end of the day.
• In an affiliated medical practice, Dr Bianchi emails the results of a diagnostic test to her patient, Marco Rossi. Unfortunately, the results are bad news. Just then, her assistant knocks to ask for confirmation of a prescription for another patient. Distracted, Dr Bianchi replies to the assistant and then returns to her email. Without realising it, she sends Marco's results to the wrong patient.
• At the registry office, Ahmed and Zainab arrive to update their family status: their first daughter has been born. Although they speak good Italian, the clerk has difficulty understanding the spelling of their surnames and places of birth. Out of an abundance of caution, Ahmed shows his residence permit and the official notices that it is about to expire. A security officer approaches; Ahmed and Zainab feel uncomfortable being watched by the people in line.

If the design does not take into account the whole ecosystem in which the service is delivered, we find that privacy is at risk from both sophisticated cyber-attacks and careless design of the actual user experience.

Tools for Data Protection by Design

The scenarios illustrate how privacy can be easily compromised, even in common situations. Addressing these challenges requires the integration of design tools that consider real risks and take preventive measures to protect users' data.

User Experience Design activities, thanks to the multidisciplinary involvement of experts (legal, IT, DPO and security managers), offer a significant opportunity to integrate privacy "by design". This approach not only ensures compliance. It also builds a relationship with users based on respect and trust.

We have already discussed this topic in detail in our article on digital transparency, written by Nicolò, as part of a joint journey with Privacy Network, enriched by our contributions to their Privacy Week newsletter. Integrating privacy into the user experience is not just a regulatory requirement. It is a critical element in building long-term trust and value, putting people first and improving the quality of digital services.

Worst-Case Scenarios

The scenes described are worst-case scenarios, analysis and design tools that help visualise problematic situations and find solutions that take into account both technical constraints and the real-life context of use. This includes makeshift arrangements, such as notes left on desks, that people use to deal with urgent situations, often at the expense of privacy.

Guardrails and Friction

To ensure effective privacy during system use, we use two specific tools: "guardrails" and "friction". Guardrails act as safeguards to prevent errors, while friction introduces intentional pauses to prompt users to verify data, ensuring greater accuracy.

An example: Dr Bianchi

Dr Bianchi made a typical "human error". Things might have turned out differently if the system for sending results had been designed with interruptions in mind - common in her job and often leading to unintentional errors with serious consequences.

• Guardrail: During results transmission, the system could check the patient's email against the data in the report, and ask Dr Bianchi to double-check if there were any discrepancies.
• Friction: A warning that only appears in these cases prompts extra caution before proceeding.

Data Protection as a foundation for innovation

Many companies have realised that privacy is not just about regulatory obligations; it is a promise of value and transparency. Integrating data-protection into the user experience is not a cost, but an investment that makes privacy a central part of the innovation process, creating a competitive advantage.

At Tangible, we've been working on this for years, thanks to the trust of clients such as Coop Alleanza 3.0, Coop Italia, Bologna Airport, Vittoria Assicurazioni, Reverse and many others. Guided by our Ethical Compass, we design user experiences across their ecosystems, mapping touchpoints and identifying risks that may arise from interactions with interconnected and complex systems.

Integrating data-protection from the outset also brings tangible benefits that improve the experience for both businesses and users on multiple levels:

• Trust and satisfaction: Users feel respected and protected, improving their experience and engagement with the service.
• Risk reduction: Minimises errors and breaches, ensuring greater security from the outset.
• Loyalty: Builds trust and encourages positive word-of-mouth, increasing user loyalty.
• Simplified compliance: Facilitates regulatory compliance and avoids costly remediation down the road.

A proactive approach to privacy helps build trust and encourages innovation, turning a challenge into an opportunity to differentiate. We are here to help organisations turn privacy into a competitive advantage.

If you have a project that requires privacy to be integrated into the design, contact us, we can work together to build better, safer and more user-respectful services.