Some guidelines have been issued by the FTC, the EDPB, individual states’ negative option laws, the forthcoming California Age-Appropriate Design Code Act (and similar UK law), California’s CCPA and EU’s GDPR and its forthcoming EU Digital Services Act. The essence of their recommendations can be summarized like so –
Don’t play around with the customer’s prerogative to make informed choices – this can be anything from not giving customers all the information or giving them too many options to choose from and thereby confusing them to setting things up in a way that makes users not even think of privacy issues.
Get user consent for use of their data – regulators are concerned when brands ask for consent to use the information and data in a way that is not related to the purpose for which it is being collected or might be unexpected to the consumer. Consent must always be obtained as an informed decision.
Marketers need to be careful not to surreptitiously make their audience do more than they intended to do, to advance their own ends. This could be anything from customers divulging more information than they need to, buying more, subscribing to more to never being able to unsubscribe or leave without giving away more information. Some brands make it really easy for users to subscribe – but absolutely impossible to sign out of!
The key is, we think, to look at it from a consumer’s perspective. Sharp UX designers can make all the difference in making the customer feel comfortable as well as safe, and that, at the end of the day, can protect brands as well.