From Lean Startup to Lean Privacy: Turning Privacy Concerns Into Opportunities

The story of Snapchat is one of a missed opportunity: most existing messaging apps failed to capture users’ desire for short-lived messages. This simple privacy feature gave Snapchat tremendous popularity and value. Privacy increasingly plays a large role in the art of getting to know users and enabling new business models.

Many online companies profit from the data they collect and are incentivized to design data hungry products with minimal privacy features. As a consequence, consumers feel in little control over their data [1] and there remains a large disparity between how technologies operate and user privacy expectations. An infamous example is Facebook’s default privacy settings that tend to be generous and share content with a large audience to encourage user participation [2].

Users often put up with poor privacy practices because companies offer something they really like. Consumer behavior might change following increased public awareness of data collection practices and Internet surveillance. Privacy not only enables new business models, it also helps companies differentiate their services and establish trust relations with users. Users in control of their data might share more and regret less [3]. The emergence of novel sensing technologies is bound to make privacy even more important. It is no longer just about Facebook, it is about retail stores tracking customers via Wi-Fi, security cameras running face recognition, and email providers performing psychological profiling of their users.

One key aspect of privacy protection is user expectations: when companies fail to provide customers with the privacy they expect, there can be negative externalities. In some cases, users rebel against certain designs. For example, Google Buzz had to stop publicly sharing whom their users email most and Instagram reverted changes to their privacy policy that would let advertisers make use of user pictures. Instagram’s reputation took a hit and Google Buzz was eventually closed.

User expectations are hard to elucidate because they vary over time, context, and across social groups. Some conclude that users do not want privacy and that privacy is dead. Others instead believe that something should be done about it, and we take advantage of today’s Data Privacy Day to suggest a possible approach towards understanding and meeting user privacy expectations.

Imagine technologies meeting user expectations by continually aligning with different personas in the consumer base. The startup industry is already doing this to find good product-market fit by following the Lean Startup model. Companies should apply the same user-centered approach to their privacy policies. We coin this approach Lean Privacy: for each minimum viable product, progress is measured in terms of satisfaction of privacy expectations, in addition to standard metrics.

We expect the emergence of a series of privacy-related metrics for validated privacy learning [4]. For example, companies monitoring how customers set their data sharing preferences should not only focus on how to increase customer involvement, but also how user decisions reflect on their privacy expectations. Via user interviews, A/B testing, or customer shadowing, companies can measure whether customers’ privacy expectations are fulfilled.

Privacy is often considered a hindrance, a deterrent to business growth. Instead, we consider it an unrecognized source of opportunity. Privacy is not static. Privacy is evolving. It thus requires iterative processes to find novel privacy trade-offs, balancing data sharing with data protection. Organizations that integrate privacy expectations into their analytics will be at the forefront of a new generation of privacy-aware products. This will achieve the ultimate objective of Trustworthy Communications, mindful of what people expect, thus exiting an era of Faithful Communications, where trust in services providers is mostly based on hope and wishful thinking.

[1] Microsoft Data Privacy Day. Privacy Survey. 2013
[2] Liu, Yabing, et al. “Analyzing Facebook privacy settings: User expectations vs. reality.” Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 2011.
[3] Wang, Yang, et al. “I regretted the minute I pressed share: A qualitative study of regrets on Facebook.” Proceedings of the Seventh Symposium on Usable Privacy and Security. ACM, 2011.
[4] Cranor, Lorrie Faith, Joseph Reagle, and Mark S. Ackerman. Beyond concern: Understanding net users’ attitudes about online privacy. Cambridge, MA: MIT Press, 2000.