Which one is right for you?
Introducing anything related to tracking users can be a sensitive topic for privacy-centric tools. It’s critical to integrate a respectful, sophisticated consent experience to cultivate meaningful adoption and a happy community. We recommend embracing transparency and user control when integrating telemetry measurements.
In this article, we’ll describe benefits and recommendations for opt-in and opt-out experiences.
Before you dive in, consider who is using your app, what for, and in what situations.
If your app handles human rights documentation, your users may be more weary about having data collected. Be mindful of that and provide information that ensures they understand, feel comfortable, and aren’t put off by what you’re asking. If your app mainly provides content and users aren’t exchanging sensitive information through it, people may be more comfortable with the idea of measurement at the onset. In this case, you could get by with a more minimal experience.
When engaging users around consent, you need to provide enough information, while not overwhelming them.
Asking for consent increases awareness. It is the easiest way for users to have control, because the opportunity to decide is right in front of them. Users are less likely to feel that you’ve made a choice for them. If done well, you have an opportunity to generate positive feelings toward your brand.
The opt-in requirement can lead to a small or biased data sample. This outcome can cause skewed results.
If not done well, opt-in experience can create friction in the user experience. There are several examples of ‘consent gone wrong’. Website Cookie agreements have become very disruptive in the browsing experience. Too many are in your face right away, interrupting your task at hand. The act of opting out to any level of cookies typically requires users to open a new page view, further removing them from what they came to do.
Opt-in can work really well in certain cases, if it aligns with your goals. Below we’ve outlined some sample uses.
- Voice of User Survey
- Errors (when you need more information about what went wrong that only the user can provide)
- A Focus Group Study (when you have a control group of testers, and want to understand behavior over time or for a certain set of time)
- If you can implement a clever, intuitive user experience that you believe will capture a representative sample.
For consent UI patterns, refer to the blog post: https://okthanks.com/blog/2021/5/14/clean-consent-ux.
If done well, an opt-out model can be used in situations where it’s required to optimize your sample size for accurate representation.
In an opt-out model, you want to make sure you are preserving trust with your user base. People don’t need to think about it. They don’t need to be disturbed. But your metrics practices should be fully transparent and available for users.
Opt out is a fitting approach if you practice harm reduction techniques throughout the data lifecycle. This starts with data collection and continues throughout storage and removal of content.
In this model, make sure users are aware of your practices and are presented with an option to disable metrics. One way to do this is to occasionally remind them or show them which measurements are being shared. When you do, present the option to opt-out.
If you only need the data for a certain set of time (not forever), consider setting timeframes for data collection.
Harm Reduction Techniques
- De-Identify Your Data: There are several traditional ways of linking data to an individual. The most common is by IP addresses. If IP addresses are eliminated, other unique identifiers can still be used. If those are eliminated, actions over time can be used.
- Collect Minimal Data: Only the minimum amount of usage and behavioral data should be gathered to answer a determined set of questions. The frequency, range, and level of details of measurements should be as small as possible.
- Mitigate Deanonymization: Don’t collect information that could be matched with publicly available information, or auxiliary data, to discover the person the data belongs to.
- Aggregate at the Source: Possibly identifying data should not be held in any part of the system longer than necessary, aggregated at the source at the earliest possible time.
- Generalize Details (as needed): Modify the respective scale or order of magnitude (i.e. a region rather than a city, a month rather than a week). This is accomplished by diluting the attributes of user data. For example, a region rather than a city. A month rather than a week.
- Give Users Control: You always want users to be in control. Present users with an opportunity to opt-out.
Data Transmission & Storage
- Secure Your Hosting Infrastructure: Ensure that the server that hosts your metrics data is protected from man in the middle attacks, DDOS, and escalation of privilege.
- Encryption of Data in Transit: Ensure that the data is encrypted over the wire.
- Incoming Data Validation: Think about how the server accepts data. Validate the data coming in.
- Encryption of Data on Server: Ensure that the data is encrypted on the server.
- Data Retention: Retain data only as long as you need. Perform routine maintenance to remove data from systems or set expiration data on data. If you don’t already have one, establish a data handling policy for the product.
- Authentication and Account Security: Consider trust and access. Who has access to what and where? Who can get information in and out of your metrics system? Be sure to have authentication and security protocols for getting into the system.
Before You Go…
Keep in mind the goals of consent. Whether it’s opt in or out, you always want to satisfy these goals.
- Build trust. (for both product and end-users)
- Ensure safety. (for both product and end-users)
- Build confidence. (for both product and end-users)