I've spent the last decade of my career building tools to promote privacy and safety in products like WhatsApp, Facebook, Meetup and more. In that time, I have seen a proliferation of online ecosystems which connect people to each other. These range from social media platforms like Twitter, Meta to marketplaces like Amazon, DoorDash, Uber, Yelp to collaboration platforms like Splitwise, Cash App and more. Social components which connect people have made their way into almost every type of consumer product, even one's that we wouldn't think of e.g. AllTrails, the hiking and trail finding app has a reviews component which plays a critical role in the success of the app.
As these ecosystems continue to become a bigger part of our lives, providing the promise of privacy is becoming increasingly important. There have been numerous instances of online platforms causing harm to users by violating their privacy.
Studies from Pew Research have shown that these incidents result in an erosion of trust with the platform and often in real world harm to users. In fact, a National Library of Medicine study found that as online platforms see more privacy issues, it causes privacy fatigue which makes people even less motivated to proactively manage their digital privacy. As these online ecosystems grow, ensuring that these ecosystems can keep their users safe from each other and safe from the platform becomes extremely important. In order to keep users safe, below is a set of key questions to answer with practical examples of every decision you make on the platform.
What information does the user really need to put on the platform?
Think about every piece of information a user is putting and ask whether they really need to provide it.
For example, does a user really need to put their name or address on the platform? Platforms like Instagram rely on unique handles and users have the choice of whether they want that handle to be their name or a pseudonym.
Be very deliberate about the information you collect from users, and always be transparent about the collection. While people think that reducing the data collected will adversely affect the services you can offer, in reality research has shown that in addition to ensuring privacy, reducing data collection will also improve your adoption and usage funnels.
Who can see this information?
Once users input information on the platform, think about who can see the information.
Marketplaces like Amazon, DoorDash and Uber already do not reveal your identity to restaurants, retailers and other merchants but should they take it a step further.
For instance, once you put your name on Uber, should a driver really be able to see your name? Or should you driver's just see a pseudonym so that your real name and identity is protected?
If a user writes a review on a platform such as Yelp, think about whether other users should be able to see their location by default.
Every piece of information you protect will reduce the chance of abuse or harm and increase user trust in the platform.
Should users have control over access to their information?
Give user's affordances and control over who can see the information.
As an example, once a user puts an expense on Venmo, give user's control over who can see it and make the default as restrictive as possible (i.e start with Private vs Public affordances).
Give users the control to not just restrict access to certain pieces of their information but even to certain people entirely (for e.g. at WhatsApp, we have a setting called 'who can add you to a group' and we allow you to select 'Contacts except' and populate a list of specific people you want excluded).
At Facebook, I worked on a product called Locked Profile. In a single click, this tool provided users total control over who can view any information on their Facebook profile. Once 'locked' your past content downgraded to Friends only, and you could only post to a private audience in your control ('Friends'). This feature helped keep women all over the world safe from harassment and harm and contrary to intuitive belief, it dramatically increased engagement (by significant millions of monthly active users) by women on the Facebook platform.
Should the platform have access to the information?
Any platform that has access to information is a source of vulnerability - whether to hacks or leaks.
Many platforms have found new ways of even protecting user's information. For instance, at WhatsApp, we have a core principle that conversations with your friends and family are end-to-end encrypted and stored on the device so that even WhatsApp does not have the contents of any message conversation.
For every piece of information the platform collects, think about:
Does the data even need to be stored in your platform servers or should it just be stored on the device?
Wherever the data is stored, how will it be protected? How strong are your firewalls? Will the data be stored encrypted?
Will there be detection to know if the prevention has failed?
Last but not least, keep in mind that unlike many other aspects of building online ecosystems, privacy is a never ending and iterative process. Privacy will be critical to the success of online ecosystems in the future - especially as we evolve to novel technologies like virtual reality and generative AI. There will always be bad actors and as platforms grow and get more sophisticated, bad actors do as well. Think of privacy as an ongoing cycle of protection and detection - help protect people and then detect new ways that current protections are insufficient. Prioritizing privacy as a design and product principle will lead to happier users who trust your platform more, and ultimately this drives desired business outcomes of increased engagement and retention for your digital product.
Esha is a distinguished Senior Product Management professional with over a decade of training and experience building social technology products. She currently leads the effort to help billions of users around the world engage in thriving online communities on WhatsApp. Prior to WhatsApp, Esha led the effort at Facebook to build digital safety and privacy tools for billions of women and at-risk populations around the world and led the online communities product portfolio at Meetup.