When Implementing New Privacy Requirements, Don’t Forget User Perception

Recent events involving famous podcaster and comedian Joe Rogan and fitness device company Polar are a lesson in the delicate balancing act businesses face between privacy compliance and a positive user experience.

Joe Rogan screengrab of Polar Private Notice and Temporary Account Lock

A Backdrop of New Privacy Norms

Considering new and stringent privacy regulations, companies are increasingly required to obtain explicit user consent for sensitive information processing as well as international transfer of personal information.

Polar, in a bid to meet these legal requirements, locked users’ apps until such consent was provided. While this step might have been in line with the legal requirements, Polar faced backlash when Mr. Rogan publicly voiced his surprise and discomfort with the robust consent mechanism to his millions of social media followers.

Joe Rogan screen grab of comment on Polar heart rate monitor personal data notification consent

The Danger of Surprising Users

Polar’s approach, while robustly designed from a purely privacy compliance standpoint, resulted in user surprise. When a regular user encounters an unexpected barrier to accessing a trusted application, especially one demanding consent related to personal information to use previously accessible functionality, it may trigger concern and suspicion.

Rogan not only voiced his concerns but also influenced a vast number of followers to reconsider their association with Polar. While Polar may have been compliant from a privacy standpoint, they may not have sufficiently accounted for user experience.

Joe Rogan screen grab of Policy Privacy Notice options

Balancing Compliance and User Experience

Compliance with laws and regulations is non-negotiable, but how a company approaches compliance matters. A successful privacy program goes beyond just checking boxes; it should place the user experience at its core. Here are some steps that companies should consider taking to achieve this balance:

  1. Privacy By Design: Implementing privacy-forward practices now may eliminate the need for invasive consent efforts later by eliminating collection of personal information. Similarly, steps can be taken to provide users with limited platform functionality to maintain both compliance and usability while consents and other compliance methods are implemented.
  2. Transparent Communication: Before implementing changes, inform users about what’s coming. A simple heads-up about changing practices may make a significant difference in how they are received. Consider utilizing emails and in-platform messages to socialize upcoming changes.
  3. User Education: Invest in educating users about the importance of these changes. When users understand the “why” behind an unexpected change, they’re more likely to be accepting.
  4. Design with Empathy: A well-designed user interface can guide users through new changes without making them feel cornered. Prioritize usability alongside compliance.
  5. Prior Testing: Testing new compliance mechanisms with select user groups or A/B testing can provide initial insights into potential problems before these mechanisms are put in place for the full user base.
  6. Gradual Implementation: Rather than sudden, sweeping changes, consider a phased approach. Give users time to adjust.
  7. Feedback Loops: Allow users to share feedback on these changes. This not only provides insights into potential pitfalls but also helps users feel heard, potentially preventing them from voicing their concerns in other avenues.

As businesses navigate the complex world of privacy regulations, the user experience and core business goals need to remain a focus. While legal compliance is paramount, the way it is approached and implemented can spell the difference between retaining loyal customers or driving them away. While not every individual has the influence of Joe Rogan, every company faces the risk of unexpected customer reaction to honest privacy compliance efforts.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Tyler Thompson Tyler Thompson

Tyler J. Thompson advises clients on data privacy and protection, technology contracts and contract processes, websites and mobile apps, digital accessibility, social media, and direct to consumer marketing. Tyler offers clients practical and efficient legal counsel, striving to manage costs and risk with

Tyler J. Thompson advises clients on data privacy and protection, technology contracts and contract processes, websites and mobile apps, digital accessibility, social media, and direct to consumer marketing. Tyler offers clients practical and efficient legal counsel, striving to manage costs and risk with business-friendly strategies.

With deep experience in digital compliance, Tyler focuses on handling all aspects of a client’s website or mobile app to pursue compliance while maintaining the best user experience. His practice also focuses on creating enforceable digital agreements with platform users, whether that platform is a website, SaaS, mobile app, or video game.

Tyler has designed and implemented privacy programs for clients from Fortune 500s to start ups, ensuring those clients are compliant with U.S. and international privacy laws. Tyler also advises on data retention and minimization, privacy by design, data inventories, and privacy impact assessments. Tyler is certified as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals. In addition, he is a Certified Information Privacy Professional for the United States (CIPP/US), Europe (CIPP/E), Asia, (CIPP/A) and Canada (CIPP/C) as well as a Certified Information Privacy Manager (CIPM) and Certified Information Privacy Technologist (CIPP/T). Tyler is also an ISACA Certified Data Privacy Solutions Engineer (CDPSE).

In the technology space, Tyler has provided guidance on open source software, digital marketing, software licensing, and SaaS agreements. He also works with clients to modernize commercial contracting processes and privacy practices, enabling in-house attorneys to function more efficiently and conserve resources.