Consumer trust in data privacy is broken – here’s how to fix it

By Danny Bluestone, Founder & chief executive officer



The Drum Network article

This content is produced by The Drum Network, a paid-for membership club for CEOs and their agencies who want to share their expertise and grow their business.

Find out more

August 5, 2019 | 7 min read

There’s a growing issue at the heart of our digital world - a total breakdown in trust. Users were once happy to trust businesses with sensitive personal information, such as their name, location, age, health and finance, in exchange for quick convenience.

the Great Hack

Now, users are daunted by the decentralisation of the web through social networks, the Cambridge Analytica scandal, ongoing data breaches, ‘fake news’, online fraud and the processing of voice and wearable data. In July 2019 and off the back of the Cambridge Analytica data scandal, Netflix launched a new documentary called The Great Hack. It’s all about how personal data is being used to not only manipulate our voting decisions but how the big platforms are being weaponised to go against the promise of ‘bringing the world closer together’ for commercial and political gains.

According to Edelman’s 2019 Trust Barometer a whopping 73% of users are genuinely worried about deliberate misinformation being used to weaponise and hijack their opinions. How can brands regain that faith, authenticity and connection with consumers through digital?

At Cyber-Duck, we’ve crafted 10 trust pillars for brands to score and secure success. Here I’ve focused on the first five, which are critical and causing the most issues at the moment.

Cyber-Duck trust

1. Humans come first

Your ethos should put the user first. Driving your product or service via user-centred design is the best way forward. Aristotle coined the ageless ‘power of persuasion’ model. This outlines how all communication should follow the three principles of ethos, pathos and logos.

Users won’t trust your product or service if it isn’t authentic or authoritative (ethos). It must have emotional resonance and relevance (pathos). If it lacks a rationale or logic (logos), users will walk away.

The companies that are social at heart do well. I love the example from energy company Bulb. They hit the emotional side of the user by pledging that 74% of their energy comes from sustainable or renewable sources. They then strike the emotional reward through a robust referral program that supersedes their advertising spend - if you convince a friend to sign-up, you both receive £50. This is untimately in service of harnessing word of mouth.

Cyber-Duck trust relationships

2. Regulation is an opportunity

Designing within constraints is actually good for your product or service. Those constraints have often been brought in with good reason. You can be creative within those limitations; when we worked with Mitsubishi Electric, we made all the forms opt-in leading to a higher conversion rate of product enquiries. In the world of GDPR, your brand reputation is paramount. Some, however, are still not succeeding with these new constraints. BA was just fined £183m in 2019 for not protecting user data properly in 2018,the largest fine that the ICO ever issued.

Transparency, control, and privacy are the hallmarks of this legislation. But, companies that were already ensuring customers wanted to receive their communications (for example) were already winning from an engagement perspective. We have provided a ‘best practice for user experience and the GDPR’ to help.

3. Follow privacy by design

Applying standards and improving the UX for your product or service aren’t mutually exclusive. The Privacy by Design framework bakes customer protection into your business strategy.

Privacy must be…

  • Proactive, not reactive
  • The default setting
  • Embedded into design
  • Balanced with security
  • End-to-end lifecycle protection
  • Visible and transparent
  • User-centric

An example of this is the care that needs to be taken if your brand converses with users. Contrast the moderated, private messaging system from Monzo with Just Eat’s PR nightmare of giving drivers’ access to consumers’ phone numbers.

4. Implement technical security

Brands that apply the latest security standards are more trusted. For example, my agency Cyber-Duck is independently accredited for its user experience, security and technology processes via the ISO standards. This status increases our trust from banks, pharma, and government organisations with sensitive data. We work with brands including the Bank of England, Thomas Cook and the Financial Ombudsman because of this.

Our set of brand protection security principles helps brands implement safeguards. This includes simple measures like using HTTPS, making sure users cannot upload malicious files through apps and websites, and installing security patches on both the server operating system and your CMS/CRM on a regular basis. Only 39% of WordPress websites are running the latest version of the software, for example, which opens up many site owners to hacking vulnerabilities.

Brand protection

5. Ethical design is key

I’ve always loved Steve Jobs’ saying:

“That's not what we think design is. It's not just what it looks like and feels like. Design is how it works.”

I would go further and say that “good design saves lives”. With stakeholders, we establish the business core values of how the data will be used and how interfaces work.

Decisiveness, consistency and designing for diversity (where users are less educated) are key qualities that we need to consider. If we look at WhatsApp, they could have used ‘design thinking’ to prevent the spread of fake news in regions like India by restricting the amount of people a user can forward links to or even filtering the content better. Arguably this could have prevented some of the Indian lynches if it was factored into the design earlier.

Not a threat; an opportunity

Our trust pillars reveal that overall, you need to question and solidify your ethics and values to build faith in your brand. Regulation isn’t a threat, but an opportunity to improve as it’s not been implemented blindly.

Following privacy by design at a strategic level can help you develop secure systems from the start saving a fortune in time and budget later. Design and ethics will always be nuanced; by following a user centric process, you can put the user first and and ensure your experience is inclusive.

If you’d like to work with an independent, accredited agency to do just that – please get in touch. If you’d like a taster of the user-centric approach we recommend, download our free UX Handbook.


Content by The Drum Network member:


Established in 2005, Cyber-Duck is a leading digital agency that works with exciting startups and global brands such as Cancer Research Technology, The European...

Find out more

More from Marketing

View all


Industry insights

View all
Add your own content +