Data Privacy Hygiene
How companies build trust with users on data privacy controls. Plus, a checklist for your digital privacy hygiene (in 2021).
When I was a kid, we’d go out to clean the yard every spring and take care of the house. If you miss a season, you end up with double work next year, which meant less time with friends and doing things you enjoy. To me, digital hygiene is similar in many ways; thus, I like to review data privacy settings every once in a while (often when a new story comes out on abuse of user data and makes me freak out). In this article, I want to share my research on privacy tools in four services: Google, Facebook, LinkedIn, Twitter. The article has two parts:
1. Overview of the good practices and confusing parts of user experience for data controls. The review will be slightly opinionated, yet you might find it helpful if you’re designing similar security controls in your product.
2. The checklist for each service with links to help you control what data you want to share. Feel free to jump to ‘Part 2’ for practical advice.
Part 1: Overview
User tracking and privacy are often on the news. Recently, Apple rolled out iOS 14.5, which directly affects how effectively Facebook can personalize ad targeting. WSJ did a great job explaining it in this video. They also had an interview with the senior VP of Software - Craig Federighi.
Apple VS. Facebook fight reminded me to review privacy settings. This time I took notes, which I want to share here. Even if you don’t want to check every setting, you may find some old and amusing files. For example, I found some high school photos and my old CV.
The first section includes screenshots and comments on how products help users manage their data. I’ll use Facebook, Twitter, LinkedIn and Google as examples. Since settings, data collected and controls are similar, you could re-use this advice in other services. These are the starting points (please log in first for links to work):
Two main flow qualities I’m looking at:
#1 As a user, I can find and see what personal information a product stores about me.
#2 As a user, I can remove information I found if I no longer wish to share it.
The user journey starts promising since each service has privacy controls at most six clicks away from a home page (more details on the flow in this thread). The business model for these companies depends on targeting users with personalized ads. Each service also needs to verify your identity, thus we can categorize the data into four buckets:
Essential identity information, e.g., email, name, gender.
Visibility of your content on a platform (private → public).
Activity tracking on the platform.
Activity tracking outside the platform.
One note to make here, LinkedIn also offers products for recruiter and sales accounts that are less about ad targeting and more about search and sourcing tools for professionals. Still, they need to know professional user preferences to help source prospects and candidates effectively. Two product offerings are most likely why they have two separate pages for advertisement-related data and the professional context they know about you.
Facebook, Google, Linkedin have activity timelines, but Twitter doesn't have one. Facebook and Google have the most detailed ones, while LinkedIn features only the high-level changes in the product or user settings. I think LinkedIn’s title is misleading since they don’t cover all user data and activity.
I appreciate how Google and Facebook built wizards for privacy checkups; however, in the case of Facebook, it gives only a basic overview of what Facebook knows - many more options are hidden in full settings and are not as straightforward. Kudos for a reminder option tho.
Some settings offer lists of interests, topics or people I previously followed or liked. I can hide them, but it's not clear to me if I can delete them. Sometimes an explainer text says that it will disappear, but changes will take up to 48 hours to apply. The most annoying experience I had was with Facebook, where I tried to clean up the following list. Still, even after I unfollowed someone, their profiles stayed in my account under the ‘Following’ section. In general, Facebook has a pretty limited set of controls for data deletion. It often shows convoluted menus with a confusing copy. I earlier tweeted about the Facebook approach to communicate opt-in and opt-out screens.
Google stores a ton of data between many services they offer, but I think they do the best job out of all four transparently communicating how they use the data. I also feel like Google gives the most control over deleting the data in the easiest possible way:
Offer controls to delete all or partial data for a service.
Allow to download all user data, but again with controls for each platform.
They have the most comprehensive overview of all information stored.
For me, data privacy comes down to transparency of communication and controls to change/delete my data. Most companies made great progress on both in recent years. Still, most features appeared with GDPR and similar legal changes; instead it would be great to see companies proactively prioritizing transparent data privacy. Communication transparency helps me feel comfortable with sharing information. Otherwise, I feel alarmed every time an app asks for permission to collect my data.
Part 2: Privacy checkup checklist
To begin with, evaluate if you need a service. You don’t need to manage privacy for data that isn’t shared. The amount of data will depend on how often you use a service and how much information is stored there. For example, I spent only a couple of minutes on Twitter since I started using it only a few weeks ago and I don't have much information stored there.
Important: the downside of turning off some privacy and personalization setting is that you will start to see many irrelevant ads. If this irritates you, don’t turn it OFF.
Important #2: settings below represent my set of preferences; yours may be different, so feel free to explore and please share what you found!
⏰ Checkup time: approx. 5-10 min
As far as I can tell, Twitter has the simplest organization of controls. Below is a list of settings I care about and want to change. For fun: consider looking at Topics and Interests to see what Twitter thinks you're into.
Your Twitter activity section:
Control photo tagging from others to avoid spam and unwanted content.
Remove location information from the tweets if you’re afraid of stalking.
Turn OFF explore the location to simplify the Home screen (since it mostly ends up showing political or pop culture trends).
Remove any contacts shared with Twitter if accidentally shared them.
Data sharing and off-Twitter activity:
⏰ Checkup time: approx. 15-20 min
Not surprisingly, LinkedIn stores a lot of professional data. A good place to begin is a timeline, but it doesn’t offer a look at what data you uploaded. Yet, it has a clear call to action button on each option.
Remove salary data, if you feel that’s too sensitive.
Configure what demographic information you want to share. For example, LinkedIn states that they can use the information on disabilities to help employers diversify the talent pool.
Opt-out from research data use for social and economic studies.
Review job application settings in case it has any outdated information.
Review commute preferences if they are relevant for you.
Manage job alerts to signal companies that you’re interested in working there.
Review permitted services that can access your data.
⏰ Checkup time: approx. 30 min
Remove unused apps you logged into via Google.
Control what activity tracking you allow.
Configure ad personalization.
⏰ Checkup time: approx. 30 min to infinity (if you decide to remove the most nuanced data from facebook like follows, likes, etc.
Start with a privacy checkup.
Control what is publicly displayed on the About page. (also review how your profile appears publicly by clicking ‘View As’)
Control what parts of your activity are shared publicly.
Manage what information can be used to find you on the platform and outside.
Control who can send you message requests.
I'd recommend turning OFF face recognition on Facebook.
Control who can tag you and what information will appear on your profile.
Control what is shared publicly (to people who are not your friends).
I'd recommend turning OFF location tracking on devices.
Manage apps to which you logged in via Facebook.
Data privacy spring cleaning
As someone who gets joy from organizing stuff, I love the feeling of cleaning some old files. If this article could bring at least the same joy - I’d be happy. Perhaps this checklist could give you a form of mental relief and a sense of control. I hope that it creates recurring value as I plan to use it myself every time I do a privacy checkup. Some will rightfully notice that you don’t need to manage data if you don't use a service. There are alternatives; yet, I am not ready to use some of them, and I want to control my data. Raising questions about data control, sharing feedback and asking for more transparent communication will help all of us. What's your take?