Back to all blog posts

Empathy in privacy

Where is empathy’s place in privacy?

In the middle of April, I attended the International Association of Privacy Professionals’ Global Privacy Summit and came back with a few impressions. One came from Author Malcolm Gladwell’s keynote session where he proposed that our questions about privacy and technology should not be focused on what can be done but on what should be done with people’s data. The context for this point was around using data to enable more precise explosive attacks. In other sessions I attended, panelists considered where consumers’ expectations of privacy and data use may start and end. It left me pondering how privacy might be undertaken with empathy.

Empathy in the context of privacy

Empathy is an understanding of how another person is feeling. I would suggest that empathy in data privacy would be trying to understand how a data subject would feel about their data being used in a particular way. Putting oneself in the data subject’s shoes may help privacy decision-makers to understand what would be appropriate and inappropriate use of the data according to their expectations.

Where empathy is missing

Data subjects’ concerns around how companies collect and use their data might be relieved by some empathy on the part of those creating the policies.

Treating data subjects as the product

“If something is free, you’re the product” is a phrase I have read in privacy articles and posts related to the data collection of companies like Google, Amazon, and Facebook. Viewing data subjects, or their personal data, as a major source of revenue might allow a company to take their data collection or use beyond the expectations that their data subjects have of privacy. It’s important to remember that data subjects are people who expect to be treated with fairness and to think about the backlash of data subjects if their expectations aren’t met.

Targeted advertising taken too far

In another session at the IAPP conference, the panel shared an example from a data subject who looked up a product on one computer on their network and then got ads for that product on another computer on their network. The data subject said that they felt uncomfortable knowing that the company looked at their network and offered ads to other endpoints connected to it. Among other insight, the panelists said that data subjects’ expectations of privacy may change, so it’s important to keep up with trends and to listen to data subjects sharing their concerns. They want to see companies taking their opinions seriously and adapting their privacy policies accordingly.

Empathy’s work in privacy today

I’d propose two key concepts with empathy behind them to prevent taking data use outside of users’ expectations of privacy and treating the data subject as the product. It’s known that data subjects are more willing to share data when they know that it’s going to be used to do things like improve their own experience or benefit others through research. With more invasive uses of their data or too much data being collected, consumers may be less likely to supply their data. Data collection and use should therefore be done with the data subject’s feelings in mind.  

Transparency

The concept of transparency, or being open about data processing, is to make data subjects hopefully feel more comfortable providing their data now that they know how it will be used. At least trying to understand how the privacy notice and practices may make data subjects feel is a great first step to quell any concerns they might have. It will also keep your practices accountable knowing that data subjects get to be informed about what you’re doing with their data and have the right to opt out or object if they aren’t happy with changes.

Minimization

The concept of data minimization would bring empathy into data collection. This requires understanding that data subjects would be bothered and possibly unwilling to share more information than it seems would be required for the described purposes of processing. With this in mind, it makes sense to limit data collection to only what’s necessary in order to keep data subjects engaged and opting in.