TTC Labs - Building time-efficient privacy controls

Building time-efficient privacy controls

São Paulo
25th Aug 2017

Providing in-context information without becoming too time-consuming requires us to think about where, and when, we should display controls and privacy notices.

Chariot SaoPaolo2017 Main
Product Context

Chariot is a fictional high-end car service app for those who expect a level of comfort and class on the move.

In order to provide the service, Chariot is powered by some of the following data:

  • Location data, to connect a person to their nearest Chariot at time of use
  • Payment credentials, which are stored for digital payment
  • A history of journeys, which are tracked alongside passenger/driver scores to eliminate bad actors
  • Destination location data, which is used to serve ads from relevant businesses nearby
Chariot SaoPaolo2017 Main

Problem & Opportunity

Asking for people's data in a transparent way can be challenging for transportation services. Not only is there is an innate caution about sharing location in public ways, but using the service is often when time is of the essence!

Communicating how people's data is used, however, is a chance to dispel concerns around personal data by letting people decide how, why, when and where data is used. It is an opportunity to build a closer, more trustworthy relationship.

The cross-functional Design Jam team challenged themselves to consider ways in which Chariot could transparently gather the data required without becoming too time consuming or too disruptive in the flow of booking a car.

How might we...

...waste less time by asking only for what data is needed!


Facebook product designer Robbie Manson prototyping with Chariot's team

Design Features
Asking only for what's essential

When Chariot is first used to find a ride, it asks, 'We need to know a few things about you in order to find you a ride.' Riders can input information and are immediately given the option to select which piece of data Chariot will use to find them, by switching options on or off. The person chooses both 'phone number' and 'geoposition' to share with Chariot.

The app only makes requests for minimal data access by systematically providing options. By using switch buttons that are all initially turned off, the design does not try to compel people to make a specific choice.

Chariot SaoPaolo2017 Walkthrough
Design Features
Managing data all in one place

Within the Chariot app, data use is easily managed through a panel offering an overview of all permissions, which can be turned on or off through a single switch action. Personal data is sorted by type, and an illustrative icon helps rapidly identify what data is used for. The 'why?' uses simple language to describe the value exchange of each data type, like picking up people faster or offering promotions:

  • Personal Details - Full Name, Email Address, Phone Number and Payment Details can be turned on/off
  • Location - Geoposition can be turned on/off in addition to location history
  • Advertising & Promotions - Past purchase history controlled to connect or disconnect from 3rd party data sources
Chariot SaoPaolo2017 Settings
Next steps

Offering better transparency and building trust is a key objective for most companies. It's also a very challenging one. Acknowledging that the average user wants to make informed choices is a good step in this direction.

How might we build on Chariot's ideas to...

  • Explain more complex scenarios in a settings interface while ensuring it doesn't become overwhelming?
Chariot SaoPaulo2017 sketch - consentrange