It’s a part of our normal, everyday life:
- “Hey Siri, turn on the lights.”
- Your friend asks, “Can you look up how busy it is at Applebee’s on Google Maps?”
- You snap a family photo on vacation and let it automatically upload to your iCloud Photo Library.
- When at work, you wonder how your dog is doing, so you access your Nest in-home security cameras to check in.
- Concerned about your grandmother, you take advantage of her Echo Show’s “drop-in” feature to video call her without requiring her to answer.
Digital products today empower us to easily do incredible things. Yet, all of these examples rely on sharing our personal, private data with the companies that power them.
The benefits are unquestionable, but are the potential privacy trade-offs worth the risk? What if you’re building your own digital product that requires user data to function? How should you approach managing that in 2019?
With digital interactions using a variety of personal data now a part of everyday life, digital privacy is unquestionably becoming the heated tech issue for the coming years. Just watching this year’s conferences from Google, Apple and others will show you how each company is taking shots at one another and striving to give consumers confidence that their data is safe. Yet, there continue to be headlines like:
Now politicians are getting involved too:
Our industry is going to change within the next few years due to headlines like these. It’s unclear exactly how it will change; however, it’s valuable today to explore why this is a problem when building digital products.
Today’s software development is supported by powerful and flexible backend systems on servers generally managed by companies like Amazon and Microsoft. This approach to development empowers new apps to get off to a fast start, provides synchronization of data between user devices, and gives cheap compute power not reliant on a user’s personal device.
If you’re building a new app in 2019, leveraging these cloud provider services is a quick and low-cost way to get started. Yet, using services like these requires a thorough analysis of how your app is sending, receiving and storing data on both the cloud servers and your users’ devices:
- Is your data encrypted “at rest” on the servers so it cannot be accessed?
- What is your company policy for accessing user data, and for what purposes do you access it, if at all? Are your users informed?
- Do you have a testing methodology in place to thoroughly test for all possible attack vectors on your app with each release in order to help prevent a disastrous hack?
There are legitimate examples of this being a concern for users or, at a minimum, a PR nightmare to avoid:
- Earlier this year, Facebook admitted many passwords were stored in plaintext.
- Bloomberg published a story recently, highlighting that companies with smart assistants are listening to user recordings in an effort to improve the services.
- Even hardware hacks are a threat: last year Bloomberg published a cover story exposing the threat of almost undetectable chips being added to servers used by major companies. The authenticity of the findings are in question; however, it highlights a potential risk to be aware of.
There are unquestionable benefits to leveraging cloud-based technologies that provide value from collection of user data. However, it is becoming more critical that each new digital product does a risk assessment when being developed.
There are a few camps when it comes to how data should be leveraged or not in today’s world. For one, there’s the idea that using cloud-based approaches empower your products to get better. Google is a great example of this: they illustrate that by having a cloud-focused approach for digital products, users get better and smarter features like being able to see how busy a restaurant is in real time.
In another camp, you have companies like Apple, who work to minimize the amount of cloud-based processing and collection of user data. Instead, they focus on running intense machine-learning algorithms on user devices to provide similar benefits. From a development perspective, there are certainly pros, cons, and risks to each camp.
Amongst the growing list of considerations for development, data privacy is becoming a larger political issue. The European Union has already started to lead the way with regulation in the form of GDPR. California enacted their Consumer Privacy Act, which could pave the way for broader policies in the United States. CEOs from some of the larger tech companies are regularly requested to Capitol Hill to speak on behalf of their organization. All of this means that data privacy is becoming an increasingly larger issue. While it is difficult to tell what will become of this, one thing is for sure: the tech landscape will look different in the next few years. Plan your business endeavors around that.
In the meantime, there are some general approaches product development teams can take when handling user data moving forward. The idea that “data is a liability” is something to consider subscribing to. If something were to happen to your users’ data, that could be disastrous for your company. Minimizing the amount of data your collect and ensuring any small amount is well-protected would be in the best interest of your users and company.
Thinking carefully through your user experience of protecting data is also a valuable practice. In your product, consider how your users can manage their data and ensure it can be securely removed if needed. Be transparent about how your store, secure, and manage anything they share with you.
The next few years of tech will be focused on data privacy. These problems have always been present, but in today’s landscape are incredibly pronounced and under examination. If you’re building a new digital product today, it is incredibly important for the future of your business to prioritize risk assessment, analyzing and planning when it comes to protecting your user data.