Which is the limit between software that doesn’t ask for consent and malware or spyware? When you interact with users or with their data without asking for permissions, you are making a mistake. Even if you aim for good, you’ll be creating loopholes, possibilities for others that might not have as good intentions as yours. Attempts for harassment, annoyment, or private data violations will find a nice fertile ground on your app if you don’t mind consent.
But, what is consent, really?
Consent means getting an explicit and clear positive confirmation of users in order for your app to perform some action. Consent should be always present, as our apps will always interact with users, their data or their smartphones. In a recent past, just previous to Android 6.0, consent was asked just once, at the moment of installing your app. Nowadays developers can ask for consent more than once, each time related to a different functionality.
If you don’t think consent is vital, then take a look at the following possible consequences:
- Someone that’s been a victim of abuse googles about his/her condition, and hours later Google shows an ad of self-defense or an emergency ad for abused victims, exposing a delicate problem to whoever is using the same devices.
- An employee looks out for sex related content, and at the following day on a work presentation receives emails from sex shops.
- Think about IoT implications, what kind of accidents could take place if an autonomous car makes decisions without its owner’s consent?
- What about a person that’s been harassed, and Facebook lets the stalker know that the victim’s passing nearby? Or Tinder shows his/her profile?
People are vulnerable to blackmail, revenge, humiliation, bullying, and more. If you ask for consent you’ll be not just taking care of users’ privacy, but also providing them a better experience, making them feel that their opinion and confirmation really matters to you.
How can we make sure that we’re not living in a loophole?
Consent Management “allows people to approve and withdraw consent and then create personal experiences from that”, and should take care of the following aspects:
- Not taking user’s preferences for granted.
- Informing the user properly, so he/she can make a well-substantiated decision on the consent that’s been required. Users should be aware of the risks they are taking when they allow any kind of interaction with your app. Being uncertain about what their information is used for and where it’s going will not provide them the best experience.
- Designing UX first. If you think about the user experience, it’s a fact that you’ll be thinking about consent. Defining the whole path they will be going through helps thinking which are the right moments to ask for consent. Also, it’s cheaper than fixing the product at a later phase of development.
- Each feature must survive a big question: “How can it be used to harm someone?” If you can ask the question and solve the vulnerability, then it’s approved.
- It would be ideal for company to pursue the creation of a “safety team” that will be covering vulnerabilities for all your products.
Developers have to start thinking about consent as well as designers and DevOps. If we all pay attention from the very first stage of the product design, we’ll be covering loopholes and, most of all, protecting our users, as well as our company.