Published on Aug 09, 2021
Marketers will often speak of the four most important pages on a website as being the home, about, blog, and contact pages. According to this article by Neil Patel in Hubspot, these are the core pages that drive the most conversions, and therefore deserve the most attention from an SEO (search engine optimisation) perspective.
Include service or product pages, and you have the who, what, when, where, why, and how of your brand's proposition thoughtfully constructed in a broad and comprehensive digital footprint. All you need now are visitors to come along to consume your highly optimised content and then convert. However, what if something important is still missing?
If you really want to earn customer confidence, you need to go beyond traditional selling tactics. One way to achieve this is to let website visitors know exactly what's going on under the hood. Be transparent about your processing methods and practices by clearly explaining to visitors what you do with their data in order to build genuine trust.
As part of a value exchange, it's common to use consent, contractual and legal purposes. Businesses can also use legitimate interest or performing a public task as their lawful basis for data processing. There is also vital interest, but this should only ever be used in an emergency. Nevertheless, always remember personal data is a precious commodity. It's only natural that the data subject will want to know that their personal information will be well looked after and want reassurances about how it will be used.
It's worth pointing out that a growing number of consumers are aware of the risks surrounding their privacy. The newly published 2021 Annual Tracking Research from the UK Information Commissioner's Office (ICO) found in a survey of 2000 people that 77% say protecting their personal information is essential. Another global Consumer Privacy Survey from Cisco in 2020 identified 48% of respondents do not feel they can adequately protect their data.
When asked why not, 79% said that they couldn't figure out what companies are doing with their data, while 51% said they have to accept data terms to use the service. The survey also revealed 29% indicated themselves as privacy actives who care about their data and are willing to act to protect it. If these figures aren't compelling enough, bear in mind only 3% of UK consumers view our data protection and privacy laws negatively.
While privacy notices have been standard for many years, their value in today's online customer journey is overlooked. Instead, organisations use them as a means to legitimise their data processing practices rather than educating or explaining. They're documents drafted by lawyers for lawyers that pay lip service to the interests of actual data subjects. It's no wonder consumers rarely spend any time reviewing them.
It is precisely for these reasons that there is a competitive advantage to being transparent about how you collect and process personal data. While your competitors are stuck in a regulatory mindset from another time, you can take advantage of one of the many benefits available at the point where website navigation and user interface design facilitate GDPR compliance.
Privacy notices are external documents that explain what you do with any personal data that you hold about an individual and why. The UK general data protection regulation (GDPR) contains precise instructions about what should be included and how they must be written. The main objective is to be transparent; this is outlined in the first GDPR principle under Article 5(1), which states:
The GDPR provides more precise instructions about how individuals have the right to be informed under Articles 12, 13 and 14.
The provisions refer to all situations that involve providing transparent information and communications, not just privacy notices. The following summary outlines the relevant extracts required to write a privacy notice.
Articles 13 and 14 provide specific instructions around what information needs to be included within your privacy notice. Article 13 relates to personal data collected from the data subject directly, while Article 14 covers information obtained from a third-party.
While EU GDPR recitals were not transposed into UK data protection law, they do provide further clarification in relation to writing a privacy notice.
Recital 58 - The Principle of Transparency:
Recital 60 - Information Obligation
For more information, the ICO has a page that explains the above requirements and provides detailed guidance to organisations about how and where to begin drafting your privacy information.
Before you commence writing your privacy notice, the first step is to know what data you have and how it is processed. If you haven't already done this, you will need to conduct an information audit or data mapping exercise.
It's one thing to recognise there is scope to improve how we present privacy information. It's quite another to execute an effective strategy. In this instance, the GDPR is literally transparent about how to resolve the problem.
There are two key points to highlight from Article 12:
And that:
In addition, the ICO also talks about different methods to provide privacy information, including using icons, dashboards, and layering information to reveal further details.
The way we read online is an area of intense research. As such, we know people rarely read digital content in full. Instead, we're much more likely to scan content, picking out individual words and sentences. We only commit fully to reading online content when we find something we are interested in or are motivated to learn more.
Therefore, the challenge is to reduce your privacy information to high-level summaries made up of brief snippets or bullet points that can be quickly scanned and clearly understood. Think of nutritional labels but for privacy. Further details can be provided using layering techniques or embedded links. These summaries can then be grouped into simple categories and presented on a dashboard-style layout with added icons for easier scanning.
This is where good website user-experience design can make all the difference. Given a proper set of instructions about the layout of your privacy information, an experienced digital marketing agency or web designer can transform a table of data and supporting information into highly engaging content that consumers will want to read.
The point is, you are making it easy for prospects, customers, service users, employees and any other relevant stakeholders (data subjects) to see precisely how you collect and process their personal data—and therefore making you genuinely more trustworthy.
The final point to consider is where to position your new privacy notice for maximum effect. The traditional position in the website footer is still relevant given that it's where people know to look. However, introducing a section to your home or about page emphasising your updated privacy information's features and benefits will significantly enhance its chances of being seen and read.
It's not a perfect representation per se, but this is as good an example as we can find at this time (we are planning to implement the above technique on our next website update). For now, we will have to draw inspiration from Apple.
Apple is one of the few US technology companies that promotes privacy as a core feature of its phones and other products. In an interview in 2015, Apple CEO Tim Cook said:
In June 2020, Apple announced that it would require app developers to disclose their app's privacy practices to customers through easy to glance privacy labels that must be included in the App Store. These new app privacy labels are now live, and as you can see, they provide a much simplified view of how apps handle personal data.
In our next article, we return to conducting the readiness assessment and implementation of a GDPR compliance programme.
If you would like to speak to an expert on how to write a policy notice or if you're looking for data protection and privacy law training, email us at contact@freevacy.com or call 0370 04 27701.
Freevacy has been shortlisted in the Best Educator category. The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.