Privacy, Control, and Trust

In mid-March we met with the first testers of the Smart Routing app in Birmingham. In a four-hour workshop, we asked them to tell us about their experience of using the app, and their expectations, needs, and preferences for it as it evolves. The insights they provided were illuminating, and will help us to design and develop an app that is responsive to the needs they identified, and offers a service unmet by existing apps.

One of the key topics we discussed was that of personal data, and how it will be used within the app. Privacy and control of personal data are rapidly emerging as critical issues in app development, marketing, and use, and participants at our workshop raised a range of interesting questions for us:

·       What data will be collected?

·       For what will it be used?

·       With whom will it be shared?

·       How will that information be shared with us?

·       How much control do we have over all of the above?

Perhaps most importantly, however, they asked us: How will we know that we can trust what you tell us?

The concept of trust is significant in the app environment, as few of us know what really happens to our data once we’ve registered with and started using an app. High profile cases where data have been misused are becoming ever-more common, and the information we’re given about what will happen to our data is often buried in impenetrable privacy policies. But data privacy and control depend on establishing that trusted relationship.

We can’t control whether our users trust us or not. What we can do, however, is build privacy in from the ground up. Drawing from a Privacy by Design approach, we’re ensuring that we minimise the personal data we collect, set strict data access rights (by, for example, making sure that most data processing takes place on the phone), and work with our users to make sure that we’re developing a system that is responsive to their desires for control over how, with whom, and for what their data are used. How we communicate these practices will require a commitment to transparency, and development of an ongoing relationship with our users.