Ignoring these CX Principles is a costly mistake

Why they matter now

• Regulatory push
  Laws like the EU AI Act and GDPR demand that organisations uphold user rights and accountability for AI-driven decisions.
• Consumer expectations
  Jamie Smith points out that modern users have become increasingly attuned to data misuse, expecting more straightforward, honest interactions with digital services. According to Cisco’s 2022 Consumer Privacy Survey, 81% of respondents said they would spend time or money to protect their personal data, indicating that modern consumers are both aware of and concerned about data misuse.
• Competitive differentiation
  In a market flooded with “growth-at-all-costs” mindsets, companies offering trust-first and privacy-led experiences will stand out, building loyal communities along the way. Further still, the ‘loyalty’ landscape is shifting, but we’ll write about that another time.

“I’m not opposed to the monetization of people’s information with their informed consent, but I’m super opposed to doing it behind their backs”

—Information Doesn’t Want To Be Free, Cory Doctorow

Designing for Trust

What it means: Trust is about demonstrating genuine respect for users—no hidden fees, no sneaky data sharing. Dave Birch underscores that if an entity mismanages digital identities, it can quickly erode confidence and invite regulatory scrutiny. Scrutiny at best, action at worst.

Some considerations:

• Layered communication: Offer high-level info up front (e.g. key data policies), with detailed “learn more” sections for curious users.
• Consistent UX: Don’t surprise users with sudden or undisclosed policy shifts—any change in data usage should be front and centre.
• Open roadmaps: Engage the community in product roadmaps to show how user feedback shapes features and improvements.

Real-Life Example – Apple’s App Privacy Labels

By presenting data usage summaries at a glance, Apple helps users see whether an app collects location data, usage stats, or personal identifiers—before they download it. This no-nonsense approach fosters a base level of trust.

Designing for privacy

What it means: Privacy ensures data is collected minimally and handled responsibly. Doctorow warns of “enshittification” where services quietly expand data collection over time, compromising privacy for profit. While we say ‘warns’, we think it’s fair to say that the evidence of products/services/platforms getting ‘shitter’ over time is quite clear.

Some considerations:

• Data minimisation: Only gather the data you truly need. Every extra piece of personal info increases both risk and user anxiety.
• Granular consent: Avoid bundling all permissions into a single “I Agree” button. Let users opt in or out of specific data categories.
• Robust security: From encryption to secure storage (potentially even decentralised models), ensure data is well-defended against breaches.

Real-Life Example – Signal Messenger

Signal’s privacy-first architecture collects minimal metadata and encrypts communications end-to-end. In doing so, it demonstrates that convenience and strong privacy can coexist.

Designing for control

What it means: Control places users in the driver’s seat—deciding how their data is accessed, stored, and shared. Doc Searls’ VRM model argues for exactly this: user-led data interactions rather than corporate-led data exploitation. Oooh, imagine.

(Aside: Doc Searls’ VRM (Vendor Relationship Management) concept inverts the traditional CRM model by giving individuals, not companies, the power to control how their data is shared. In doing so, VRM aims to foster more equitable, transparent, and mutually beneficial relationships between users and vendors. There are examples most notably in the car selling/buying space.)

Some considerations:

• User-friendly dashboards: Offer clear interfaces for managing data permissions, toggles, and account details. Often ‘My Account’ areas of product/service experiences, are after-thoughts, designed around enterprise necessary preference capture over user control and baking in trust.
• Dynamic consent: Let individuals adjust permissions over time (something we’ll explore deeper in the third article in this series).
• Multi-level autonomy (dynamic consent): If AI-driven features handle sensitive tasks—like personal finance—allow users to set thresholds (e.g., “Alert me over £100” or “Ask before investing on my behalf”)

Real-Life Example – Google’s My Account

While not perfect, Google’s central dashboard attempts to unify user controls—letting individuals pause location tracking, delete search history, or manage ad personalisation. This structure at least surfaces these choices, rather than burying them.

Designing for transparency

What it means: Transparency means telling users what’s happening, why it’s happening, and how decisions are made. Dr Joy Buolamwini shows that when AI remains a “black box,” it can lead to biases going unchallenged—especially in facial recognition or credit scoring. 

The bias inherent in facial recognition technologies, particularly for females with darker skin, is very well documented by Buolamwini and her not-for-profit  Algorithmic Justice League. Knowing these systems are in use by a large number of US State police authorities, Border forces and other enforcement agencies in the US and EU should be a concern for us all (we’ve shared this multiple times, but here we go again – Coded Bias is a Netflix documentary by Buolamwini explores this topic in detail.

Some considerations:

• Explainable AI: Offer simple breakdowns (“Your loan application was approved because you met income and credit thresholds”).
• Open policies: When data usage or AI logic changes, communicate it early. Possibly provide knowledge bases or whitepapers for those who want deeper details.
• Visual cues: If an AI interacts with user data in real time, show a small prompt or icon, building user awareness and comfort.

Real-life example – Microsoft’s Responsible AI Resources

Microsoft publicly shares guidelines and standards for how it develops AI, demonstrating a commitment to transparent practices. This level of disclosure helps both users and partners trust they’re working with a company that adheres to ethical standards.

Some questions

Q: Can a product be too transparent and reveal proprietary secrets?

A: Striking a balance is key. Offer enough detail so users understand data usage and AI logic without disclosing sensitive IP.

Q: How do we avoid user fatigue from too many privacy controls?

A: Lean into intuitive interfaces and progressive disclosure. Put critical choices up front, and let users dive deeper only if they wish.

Q: Is “privacy by design” more costly or time-consuming?

A: It can require more planning initially, but it often reduces legal, reputational, and technical debts later on.

Q: What if my organisation still relies on ad revenue from user data?

A: Consider more transparent data models—like clearly stating, “We share limited browsing data to support free services.” Users prefer honesty, and many will opt in if they feel respected.