Helping users understand what we do with their data
Various regulations and frameworks have emerged to safeguard individuals’ personal information while enabling businesses to operate effectively. Among these, the Transparency and Consent Framework (TCF), the California Consumer Privacy Act (CCPA), and the Australian Privacy Act stand out as prominent examples.
As new regulations came in and expectations evolved, I worked closely with the Guardian’s Data Protection Officer and developed an approach with Advertising, Engineering and Product.
Research
Comprehension
The legal jargon and technical terms required on consent screens can leave users frustrated and unsure what to choose. I led research initiative to tackle this challenge.
My approach involved a series of unmoderated online tests via UserTesting.com. Each round gathered feedback from 8-10 participants in the UK and US. They interacted with real consent screens and then, in their own words, explained the options available to them. They were also asked to rate the clarity of the information on a scale (“not at all clear” to "very clear”).
By analysing their responses, we identified unclear phrasing and terms that were widely understood. This valuable insight informed our efforts to simplify the copy, making it easier for users to understand their privacy choices and make informed decisions.
Affordance
Knowing most visitors decide on cookie consent within a second, I conducted unmoderated five-second and journey tests on mobile and desktop screens. It was important that the design felt intuitive, not coercive. These tests helped with Design System primary and secondary button discussions. We found that the privacy screen use-case required it’s own set of rules and logic.
Internal tooling
Developer experience
Building, testing, and launching consent screens was a pain, even for experienced Guardian engineers. The process lacked the tooling, automated tests, and streamlined workflows they would typically have access to in the main development stack. Instead, it relied on manual configuration, testing and deployment. Each of these came with a significant risk of human error.
I researched current pain points of the existing process, preferred tooling and automation best practices. I prototyped interfaces and presented them to Engineers, Engineering Managers and Product Managers. With feedback, input and buy-in from the wider team I felt confident we could build a solution that met their requirements. I teamed up with a Backend Engineer to develop a SvelteKit application. Engineers could now build, preview and reliably test consent messages locally before launching to production.
When asked, Engineers said they felt comfortable taking on consent screen tasks and confident implementing changes now that it was easier to detect, replicate and diagnose bugs. The tool enabled many accessibility and performance improvements, some of which resulted in an 18% rise in the site's Core Web Vitals score.