Trusting our data to online services

Online privacy25 July 2012

By Ruby Tucker

In our online society more and more people are not only investing their time in the internet, but also their lives. The ability to share information about ourselves is rapidly increasing with the spread of blogs and social media. And so the issue of privacy arises: can we ever be sure who we're really exposing ourselves to?

The Visualisation and Other Methods of Expression (VOME) project, part of the ESRC-supported Ensuring Privacy and Consent programme, aimed to address the issues of users' uncertainty with the internet and design more efficient tools to help develop our knowledge of privacy awareness.

Service users who distrust the ability to protect data are likely to limit their engagement in online services, avoid registration or give false information. With more public services being moved online, these patterns of use could have a major negative impact for public service delivery and access to support for vulnerable clients.

Over the last three and a half years VOME researchers have interacted with communities throughout the UK, to better understand how users engage with online services. Building on this they produced a set of design principles to help service providers understand and respond to the privacy, consent and information needs.

A key finding is users' lack of trust that service providers are capable of protecting their personal information - despite their trust in the company itself. VOME researchers found that a key principle for designing privacy awareness features for online services is to support users' confidence in the service's ability to manage personal information.

The research indicates that two types of information are required on the website to support user trust before any information is required:

  • Service provider disclosure: the company providing the service should give key information about itself, such as history, founder, contact details and links to other companies, as well as the management team
  • Personal information requirement: service providers should explain in an understandable and simple format why personal details are required and where the information will be used

To further encourage the trust of users, VOME recommended additional design features:

  • Noticeable and understandable interfaces: service providers should supply an overview of their privacy feature information, so users can decide when and how to engage with the privacy functionality
  • User control over type of service: service users should be able to make clear choices as to which services they need in return for providing their personal information
  • Meaningful relationship with all parties involved: service users should either have the option to reject an offer to give personal details or a clear explanation as to why personal information is required.