I have a confession to make. In my 7 years of working in tech, I have never questioned whether my team or company had the right to track our users
I didn't ask whether we should notify them when we conducted A/B tests of new features or messaging, or how long we kept the information we collected.
Now that we, as a society, are more aware of how some tech companies have abused the information they collect and are concerned about what data breaches may expose, Product Managers should take a closer look at what data we are collecting about our users and why.
We didn’t do so in the past and this failing led to the exposure of our users to bad actors, to vulnerabilities we could have prevented or protected against.
How do tech companies decide to collect data?
First, it’s important to state that no product or platform can exist without data in some form. The internet is the passing of data from one place to another. It is why it exists. The spread of information (including where and who it is coming from, even if not attached to a name) is a necessary part of the process. Without the where or who, there’s no way to know where/who requested information and should receive information back.
Second, products are looking to collect data in order to provide a service. For example, while working at PayPerks, we rewarded users with points for completing educational content so we needed to collect the information that they completed it. At Reserve, we collected information on a user’s reservation so they had a real reservation at a restaurant. This data was a necessary aspect of the service we were trying to provide. But I never questioned whether all of the data we collected in the process was actually required.
For example, when ridesharing first began, was it required to know a user’s location to be able to charge them for a trip? No. Trips are charged based off of how long they last. A user doesn’t receive a different price based off a driver using different streets, even the use of toll roads can be captured without location tracking. Now the companies are using this location information for other purposes. Some of those are operational. Parents can track where their child’s ride is in real-time. Some of those are to make money in a different way.
Then there’s the question of product analytics...
When a user lands on our website, which button do they click to sign up for our service? When a user downloads our app, how far do they get into the sign up flow? What browser are they using? What device? From where? How long do they spend on this part or that? When
users are searching, what are they searching for most often? How do they sort their results? When we email our users, how many of them open the email with subject line A? What about subject line B? Of the users who open the email, how many click on the Call-to-Action (CTA) A? What about the CTA B? How often does a user return to our product? How can we encourage them to return more often?
To answer these questions, we would add cookies to know when a session started or embed events so we would know if a user started something but never completed it. When conducting our A/B testing, we were basically conducting mini experiments on our users to understand what would nudge most of them to complete an action, to “improve” their engagement. It’s an incredibly common practice among designers and product teams. But, we never notify our users that we’re conducting it and that they’re participating in it, whether or not they consent.
Some of the tracking was used beyond figuring out how we could “improve” the product. It would help customer success agents troubleshoot if a user wrote in with an issue. And, some of the tracking did lead to a better product. At PayPerks, we learned that a large majority of our users experienced our product on their phones, in response we adjusted our designs to better suit phones..
Let’s interrogate what data we collect and how we use it.
Still, a lot of the data collected to answer these questions continues to exist, even if its use has long since passed. What could someone find if they examined all of the tracking data tech companies have collected on their users over time? Should a user’s entire experience of a product become historical record? How closely tied is my last search to my user identity on the product? Should it be? Who has access to that information? And for how long can they access it?
A lot of the data is probably unimportant and doesn’t actually expose a user to any repercussions. But, have we tested that theory? Have we, as Product Managers, actually questioned whether the data we’re collecting is being done for the right reasons, handled properly, and based off of ethical frameworks that protect and serve our users?
Samantha Wu is Head of Data Strategy & Governance at Stae. She will be sharing further knowledge in a talk entitled 'Bridging Communication Between Your Tech and Non-tech Teams' at Women in Tech East Coast, taking place October 24-25 2019.