How Apple designed a privacy policy people will actually read

When I was growing up I kept a diary. All my deepest, darkest secrets of my 12-year old life were carefully scribed within its pages. I never showed it to anyone, and I always kept it safely hidden behind my dresser. Perfectly secure. Until one fateful day, I forgot to tuck it away before rushing off to school.

When I came home that evening, my brother had a mischievous grin on his face and I realized with horror what had happened. A screaming match ensued (as they often do between siblings). I argued he’d invaded my privacy and had no right to dig into my personal life. He argued that my diary was in plain sight and therefore fair game.

Eventually, our parents stepped in to mediate, and after a long and arduous trial, the verdict was, well, murky. Sure, my brother was wrong for snooping where he knew he didn’t belong. But I’d also left my ‘secret’ information out in the open, unprotected, for all to see. My parents ruled that we both needed to be responsible for the information we owned, and the information we acquired. They asked us to treat both types of information with care and respect.

That’s how we’d all like it to be, right? We want our personal information treated with care and respect. But is that how you felt the last time you read a privacy policy? Or maybe I should first ask when you last read—I mean really read—a privacy policy? Been a while? Never, perhaps?

It’s not surprising. They’re typically long, or, boring, or filled with legalese that even some lawyers don’t understand—or all of the above. These policies were a burden that a company’s legal department mandated to comply with regulations (or protect against potential lawsuits). The policies were for the company, not the individual at the other side of the agreement.

So if a privacy policy goes unread by a user, does that mean it’s not part of the user experience? Is there any point to putting the time and effort into designing an experience most people won’t even have?

If Apple has anything to say about the matter, the answer is, “Absolutely.” The company recently breathed new life into its privacy policy—and reminded all of us that a privacy policy can be just as sleek and sexy as the device you’re reading it on.

As I read the new policy (which is really more of a section of Apple’s website rather than just a stand-alone policy), I considered what would make users continue reading. What was it about this privacy policy that would pull them in? What principals of the user and customer experience are employed? What can you learn from Apple to improve your own privacy policy?

In this post I’ll highlight three lessons you can learn from Apple’s approach to privacy, that can be applied to your own to create a better experience for your users—whether you’re a bootstrapped startup or an established, household name.

1. Building trust

Establishing trust is a well-known commandment of good UX. But when it comes to a topic like privacy, it can get tricky. Companies use user’s information in all sorts of ways. To help soften the blow, some companies take a stance of telling users what they think they want to hear, rather than what’s really going on.

But that’s not how trust is built, is it? Have you ever come home after a long day of meetings and realized you had food stuck in your teeth? You probably wondered why no one brought it to your attention, right? But when someone does tell you the truth—that your spinach salad is front and center every time you smile—you might feel a tad awkward at first, but ultimately are grateful to the person that was willing to tell you what was really going on.

The start of Apple’s privacy section begins with a note from the company’s CEO, Tim Cook. He comes right out and explains why the update was necessary, what users should expect from it. Tim doesn’t miss the opportunity to subtly dig on competitors,

“Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers.”

But he also doesn’t shy away from admitting that Apple does pull in advertising revenue. That transparency helps build trust with users, which will go a long way when it comes to understanding—and actually reading—a privacy policy.

2. Human-centered copy

We talk about using human-centered language a lot. Real people are at the center of everything we create. So the words we choose should be crafted for them. Not a corporation or legal counsel.

Yet technical and legal documents are notorious for resorting to arcane language that doesn’t speak to its intended audience. And the privacy policy tends to be a major offender. When copy is written with its user in mind, it’s written in a way that people would actually read. A privacy policy that’s framed to protect a company’s interests alone won’t resonate with users.

But a policy that frames privacy from the perspective of users is highly effective. Throughout Apple’s privacy policy, they refer to the user directly,

“When you add a credit, debit, or store card to Apple Pay…”

This policy is written for the user, and it’s clear with every word. Your privacy policy should be explained in a way that you’d speak to a friend, a colleague, or your mother.

3. Privacy is part of the product

It’s hard to talk about Apple without mentioning design. Apple’s new policy is presented with the same elegance as everything they’re selling. Take a look at the privacy policy description for Apple Pay:

Now take a look at the actual Apple Pay product page:

Pretty similar, right? That's because Apple is framing privacy as a feature of each product. It’s a selling point that differentiates it from the competition—not a legal footnote no one will ever read.  

A lot has changed since I kept a diary. For starters, all my diaries after that incident have had locks. Privacy isn’t as simple as keeping your information hidden behind your bedroom dresser. We give out our personal information in exchange for “free” products or services without much thought. Yet we still value our privacy and expect those that hold the keys to our information to treat it with care and respect.

Part of that respect is providing a privacy policy that outlines how your company treats people’s information in a clear, approachable, and delightful way. The privacy policy is every bit a part of the user experience as your marketing emails or landing pages. It contains information your users need to know, and through it, you have the opportunity to build and develop a relationship with them.