In one of the latest developments for the privacy landscape, Facebook-owned WhatsApp is being fined $267 million USD for breaching Europe’s GDPR privacy law. Ireland’s Data Protection Commission asserts that WhatsApp didn’t tell European citizens enough about how their data is collected, used, and shared with other Facebook brands (e.g., Instagram). Because the app wasn’t transparent enough with its data practices, consumers didn’t have the necessary information to make an informed data consent decision, according to the Commission.  

While WhatsApp has already stated it will appeal the decision, the incident is an important reminder for brands across industries to reexamine their data practices — whether the brand operates in the EU or not.  

A survey from PwC found that 85% of consumers want more control over their data. We can assume that part of this control is being able to identify and modify how brands use and share an individual’s personal data. But most privacy policies are lengthy, written in legal jargon, and seen as a hurdle users must click through before accessing the content or experience they came for.  

In order to succeed amidst this backdrop, privacy must be considered at every touchpoint a consumer has with your brand — not just with the products they purchase, but with the digital properties they visit, the communications you send, and the interactions your team has. In our new era hyper-focused on privacy and transparency, brands must create a privacy-led customer experience. 

Privacy by design 

Companies that operate in the EU are familiar with the phrase “privacy by design” – this is a concept that can be applied to the customer experience as well. 

For those unfamiliar, privacy by design is the notion that products are designed with privacy compliance in mind, rather than seeking compliance after the product is already developed. If you look at the customer experience as one of the products your company provides, the idea of privacy by design can be accomplished as well. 

Consider how users interact with cookie pop-ups. Many consumers will click “I accept” without reviewing the pop-up’s details to understand what the site’s cookie policy is. Sometimes accepting is the only obvious choice, sometimes users are just fatigued. Either way, the intrusive pop-up experience can lead to a poor experience with your brand and in some cases, consumers consenting to share more data than they may actually be comfortable with.  

Instead, consider an experience where the consumer’s privacy preferences are already baked into the application or browser they’re using so they don’t have to accept different privacy policies on each property they visit. This is the future envisioned by the U.K.’s independent authority to uphold information rights, the ICO. Rather than creating a cumbersome experience with many clicks, users can click a link and be taken directly to the content that interests them.  

Another example is consenting to a mobile application’s privacy policies before using the app. Mobile phones have smaller screens than a traditional desktop computer or laptop, presenting a unique challenge to brands. With less screen real estate, some brands may see serving up their privacy policy before granting app access as a poor experience because of how lengthy the policies must be – it’s difficult and annoying to read them on a phone. However, if you redesign how this policy is served to a user, it can benefit the experience instead. 

Rather than presenting a big block of legal text, consider implementing a layered approach to your privacy policy. Organize it by the frequently asked questions users have. Use clear language that’s easy to understand and visuals to help arrange the information. From there, give users the option to continue clicking down into your privacy policy to find more information. As users drill down, this is where you can provide the more technical language. You’re still providing all the necessary legal information, but in a way that’s more digestible to the average person.  

Ultimately, the best customer experience is one where your rights are respected. Designing this experience with privacy at the forefront will help you achieve this for your customers. 

Take action now 

While we don’t yet know the outcome of WhatsApp’s privacy fine, it signals the EU’s seriousness about enforcing GDPR. Companies must take stock of their own privacy practices not just to ensure compliance with local regulations like GDPR, but to ensure they’re operating ethically as a company.  

Protecting consumer data isn’t just legally required, it’s the right thing to do. Because users value and deserve a straightforward privacy experience, redesigning the customer experience with privacy at the center will benefit your brand – and your customers.  

Want to learn more about creating the privacy customer experience? Get in touch today.