Recently, we posted on LinkedIn and a former colleague asked, “What does a privacy first approach look like for an e-commerce website that’s trying to build in privacy but still have observability to run their business effectively?“
Let me start by saying, I love this question. ❤️
The store owner example is quite simple. We expect them to adapt the layout based on foot traffic, current promotions, and even the season. That’s their right and probably a smart, relatively harmless behavior.
But the internet is not a physical store, it’s got more superpowers. Let’s continue the storeowner analogy, imagining the physical store owner was as powerful as the digital one, and see if you get creeped out or still want to purchase from this physical store…
Before you can enter the store a gate so large that it blocks entry will appear with a few tiers of different cookies 🍪. In order to drop the gate we must eat some these pastries which have little to no nutritional facts provided. What little information you are given, directs you to a different area of the plaza that contains a binder of nutritional-facts-fine-print. If you bothered to read most of the fine print on nutrition you would find it still isn’t even about the source material, or process used to make the cookies. The binder is merely filled with disclosures which protect the business owner and declare that you are about to eat at-your-own-risk, regardless of your allergies, dietary preferences or religious observances.
Let’s assume you’re alright with this and you nibble, accepting the Terms and Conditions and Privacy Policy. Now you’ve opened the gate, but in doing so you have also potentially exposed your home address, your search history, previous purchases (from stores not necessarily owned by this business), and tons of other information about you as a consumer. Also, the entire store reorients itself with one goal in mind: getting you to depart with disposable income or run a balance on your credit.
This is closer to the picture of how browsing and shopping works. I personally feel like this is a wee-bit invasive and to what end? It doesn’t benefit me in a material way. Most of the benefits go to the retailer, not the consumer.
So to answer the question, “What does a privacy first approach look like for an e-commerce website that’s trying to build in privacy but still have observability to run their business effectively?”
For me it comes down to 3 things, informed consent, measurable tradeoffs, and accountability.
- Informed consent. The “nutritional facts” of the cookies 🍪 should be WAY clearer and not buried in fine print so you know what you’re about to consume.
- Measurable tradeoffs. If the consumer decides to share their information, there should be a measurable value that the consumer can weigh. This could be access to premier products/services, discounts on pricing, free add-on services, or something similar.
- Recourse and accountability. Citizens of the web, much like a union, should have the right to bring litigation against businesses/entities that:
- Keep this information for longer than disclosed
- Abuse or sell the information without consent
- Suffer a compromise where the information was not properly encrypted.
So, reader, I hope that answers your question. This is the space we seek to occupy. While the third point seems kind of nefarious, businesses who get down points 1 and 2 will have deeper, more trusting relationship with their customers. That’s where our value is. We plan to help digital citizens reclaim their digital footprint while helping to build trusted relationships with retailers.