When Implementing New Privacy Requirements, Don’t Forget User Perception

Recent events involving famous podcaster and comedian Joe Rogan and fitness device company Polar are a lesson in the delicate balancing act businesses face between privacy compliance and a positive user experience.

Joe Rogan screengrab of Polar Private Notice and Temporary Account Lock

A Backdrop of New Privacy Norms

Considering new and stringent privacy regulations, companies are increasingly required to obtain explicit user consent for sensitive information processing as well as international transfer of personal information.

Polar, in a bid to meet these legal requirements, locked users’ apps until such consent was provided. While this step might have been in line with the legal requirements, Polar faced backlash when Mr. Rogan publicly voiced his surprise and discomfort with the robust consent mechanism to his millions of social media followers.

Joe Rogan screen grab of comment on Polar heart rate monitor personal data notification consent

The Danger of Surprising Users

Polar’s approach, while robustly designed from a purely privacy compliance standpoint, resulted in user surprise. When a regular user encounters an unexpected barrier to accessing a trusted application, especially one demanding consent related to personal information to use previously accessible functionality, it may trigger concern and suspicion.

Rogan not only voiced his concerns but also influenced a vast number of followers to reconsider their association with Polar. While Polar may have been compliant from a privacy standpoint, they may not have sufficiently accounted for user experience.

Joe Rogan screen grab of Policy Privacy Notice options

Balancing Compliance and User Experience

Compliance with laws and regulations is non-negotiable, but how a company approaches compliance matters. A successful privacy program goes beyond just checking boxes; it should place the user experience at its core. Here are some steps that companies should consider taking to achieve this balance:

  1. Privacy By Design: Implementing privacy-forward practices now may eliminate the need for invasive consent efforts later by eliminating collection of personal information. Similarly, steps can be taken to provide users with limited platform functionality to maintain both compliance and usability while consents and other compliance methods are implemented.
  2. Transparent Communication: Before implementing changes, inform users about what’s coming. A simple heads-up about changing practices may make a significant difference in how they are received. Consider utilizing emails and in-platform messages to socialize upcoming changes.
  3. User Education: Invest in educating users about the importance of these changes. When users understand the “why” behind an unexpected change, they’re more likely to be accepting.
  4. Design with Empathy: A well-designed user interface can guide users through new changes without making them feel cornered. Prioritize usability alongside compliance.
  5. Prior Testing: Testing new compliance mechanisms with select user groups or A/B testing can provide initial insights into potential problems before these mechanisms are put in place for the full user base.
  6. Gradual Implementation: Rather than sudden, sweeping changes, consider a phased approach. Give users time to adjust.
  7. Feedback Loops: Allow users to share feedback on these changes. This not only provides insights into potential pitfalls but also helps users feel heard, potentially preventing them from voicing their concerns in other avenues.

As businesses navigate the complex world of privacy regulations, the user experience and core business goals need to remain a focus. While legal compliance is paramount, the way it is approached and implemented can spell the difference between retaining loyal customers or driving them away. While not every individual has the influence of Joe Rogan, every company faces the risk of unexpected customer reaction to honest privacy compliance efforts.