Design with privacy in mind: Five business best practices to avoid deceptive design

Deceptive design patterns make it difficult for people to protect their privacy online. Integrating a privacy by design and privacy by default approach for websites and mobile apps helps to promote the best interests of individuals and builds trust in organizations.

With these five best practices, you can support your customers in making informed privacy choices that are free of influence, manipulation and coercion:

1. Avoid long and complex privacy policies. Privacy information should be easy for individuals to understand. Provide short, simple explanations that include key information, with links to further details for those who wish to learn more. If it is likely that children regularly use your website or mobile app, limit your collection of their personal information, and, where collection is necessary, make sure to explain your data practices in a way that they can easily understand it, for example with short video animations.
2. Do not use confusing or leading design, which can interfere with the users’ ability to make privacy choices. For example, avoid false hierarchies by ensuring that the “accept all” and “reject all” buttons are the same size and in the same text, and do not pre-select the less privacy-friendly choice by default. Steer clear of “confirm-shaming” users into going against their instincts by using emotionally charged language like “it would be a shame to see you go” when they try to delete their account.
3. Do not nag users to encourage them to provide their personal information. Avoid repeated pop-ups that ask users to give up more personal information than is necessary by signing up for an account, providing their email address, or switching to the app, especially if they have already declined.
4. Make it easy to find your website or app’s privacy settings or information about how to delete an account. Avoid discouraging users through “click fatigue”, and therefore limit the number of steps, or clicks, it takes for users to complete a task.
5. Do not force users to disclose personal information that is not necessary. In many cases, signing up for an account has no bearing on the functionality of a site or app and should be optional. Moreover, do not force users to provide additional personal information, like an email address or telephone number, just to delete their account.