Gartner Blog Network

Forget About a Privacy UX if You Can’t Even Get CX Right

by Bart Willemsen  |  February 10, 2020  |  1 Comment

In the many thousands of calls I’ve had in my recent 3.5 years with Gartner, mostly related to privacy and ethics, it’s become clear that the obvious is not obvious to everyone. Privacy is about the customer, not the data. It’s about gaining trust, or losing it. It’s about the user, and the experience. It’s about transparency, control, openness and all those wonderful core values more. You know, all the values we prefer in real life that must be part of our digital interactions just as much. Especially now that the #DigitalSociety emerges all around us. And so, we talk about how to approach a customer, how to treat and protect data, and how to build a program at scale with all accompanying benefits.

Privacy is not just about avoiding sanctions. It’s about your reputation as an organization, about how much your customer is able to trust you, and getting it right has benefits that include reduced storage costs, smoother and more focused innovation, reduced post-project bolt-on headaches, stabilizing or even improving customer retention levels, and an overall competitive advantage. That also requires a frictionless Privacy UX. What’s that? I’m glad you ask. It’s simple: every touchpoint with every customer must provide:

  • transparency (in full, notice, your statements, contextually relevant and obliviously clear)
  • choice (how are preferences managed, how consent, preventing exclusion or discrimination)
  • rights (privacy is a fundamental human right in art 12 of the UDHR, but individuals in contemporary privacy laws certainly also have rights: access, correction, portability, erasure, etc)

Now, take consent. I have always been impressed with how values seem to change with our motives. How is it possible: On Friday morning in the office one discusses with their legal representation the notion of consent in one way. That evening, at the dinner table, the same notion of consent is discussed in a completely different way with one’s son who is about to go on a date. In the morning we look for opportunities in pre-checked boxes, language that is as vague as possible, and we pretend to be able to assume the customer is OK with our ‘great offering we have for them’. In the evening, we explain that he should better not assume anything, be vague about his intentions, or even worse, execute ‘because hey, a pre-checked box was not unchecked’. Of course not! We want him to be a gentleman. Can’t we extent that similar courtesy to our customer?

I wanted to write about courteous behaviour to our customer and the wonders it brings us. About the best practices we see when organizations adhere to those incredible values of transparency, honesty, integrity in all intentions. But I can’t. And that makes me a little angry.

This text flows on my screen from an apartment in Sao Paulo, Brazil. Here, a person pays R$ 209 per month for a basic TV package and a 120 mpbs home internet connection. I won’t say who is the provider, because I’m told by local friends it is a universal industry problem in the country. You know what happens?

Every time we come back in this apartment from a conference or a vacation, the speed is gone and the TV has no signal. Everytime we call, and things get better until our next trip. I can only imagine that they’re measuring how we use the signals, and reallocate resources elsewhere the moment our usage drops. They swear on the phone that is not the case, and there’s of course no mention of it in the privacy policy or EULA. But I’m reluctant to accept what ‘they say’ by now. Why?

Here’s the customer experience (CX): Sometimes we have no TV for days, and a consistent delivery of over 100 mbps even within one business day has proven impossible. For a few days now, we experience intermittent internet connection, and speeds between only 880 kbps and 11 mbps. Of course, we call again. An robot message ‘ALWAYS’ tells me that they have ‘just installed an update’ that requires me to turn off the home box for 10 seconds and then ‘all should be well’. A few days ago we were told mechanics were working on it, and the next morning THEY CALLED ME to check and see if the line was at 120 mbps. It miraculously was. And it stayed like that for 5 minutes. Then it fell to previous state. Knowing the option menu by heart, we always get to speak to someone. In four consecutive calls with different people (I know, my dearest industrious little callcenter agents, it’s not your fault because you follow scripts), we hear four different reasons for the ‘why’.

1- ‘There is a problem in specifically your apartment building, both towers. We’re working on it’.

2-‘There is a problem in the city of Sao Paulo’

3-‘There is a problem across three entire provences including Sao Paulo en Belo Horizonte, we’re having all our staff active to solve this major issue’ (sidenote; we were dispatched to that agent just as fast as all the other times, but maybe not a single other Brazilian person calls the provider when without TV and internet).

4-‘Unfortunately, there is a problem specifically in your tower of the apartment building. The people in the other building don’t have it, but we’re working to have someone come over and fix it.’


Folks, it does NOT work! It does not help to lie to your customer, to feed false information, to bull(*peeeep*) your way out with automated messages that tell me a necessary update has JUST installed when I call (every time again) and bottom line, to assume the customer is a dumb person you can just continue to milk as if it was 1999.

If that’s how you treat people, don’t bother working on adjusting your privacy notices ‘for compliance with privacy laws’. If that’s the operation in practice, don’t bother to start your privacy statement with ‘we value you as a customer, we value your privacy’. You’re missing the point.

We’re stepping to a provider who seems to be more trustworthy, and who has a decent CX and is working to straighten out their Privacy UX. Getting transparency and privacy right, gets you me as a customer. Getting it wrong: you just lost me.

The good news? For all you folks out there who want to get it right: let Gartner know where you want to start and I’m sure we’ll talk soon.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Bart Willemsen
VP Analyst,
4 years at Gartner
11 years IT Industry

Bart Willemsen is a VP Analyst with focus on privacy compliance, risk management and all privacy-related challenges in an international context. With detailed knowledge of privacy in various jurisdictions, he's also proficient in security and risk management strategies. Read Full Bio

Thoughts on Forget About a Privacy UX if You Can’t Even Get CX Right

  1. Michael Hoos says:

    Well said. Like: disabling Siri but doing a google search and after the first two letters typing google comes up with a proposal for the topic I just discussed. Spooky or providing UU ( user uncertainty). Developing a proffessional paranoia may help us to be clear in the complainication (communication with complaint) to providers.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.