To put the point first: You need to handle users’ data sensitively, and tell them so in language they’ll understand.
A best practice that is hard to execute is putting required legalese into plain language for users. Why is it hard? Well, it’s legalese. Most product managers aren’t including it because they like it. They’re including it at the behest of a legal advisor. They’re including it to CYA in case something goes wrong. And, because the source of legalese is usually a lawyer, it isn’t written with the typical online user in mind (sorry, lawyers).
The good news is, if we’ve done our research, we have a pretty good sense of what scares users. When I worked on digital health products sold through employers and insurance plans, our users had one big fear in common. They’d tell us that they assumed we shared their individual data with the HR manager or healthcare provider. They thought (wrongly) that using our programs was letting their bosses and doctors see their most private, personal information.
We had all the “data will only be provided in aggregate” language in the legalese but almost no one read it or understood it. Like many terms of service (ToS) documents, ours was a dense block of text that was hard to skim.
Our fix? We pulled that piece about not sharing individual data out of the huge text block and moved it to the front of the legalese. We rewrote it in simple language that doesn’t require a legal education to understand. We also repeated our commitment to privacy as we collected data in the product: “Remember, anything you share is confidential. Any reports we produce use average data from hundreds or even thousands of people.”
This change seems simple. It was, in many ways, simple.
But it wasn’t easy to pull off.
We had to make our legal reviewers comfortable that the simplified privacy statement was as legally protective as the dense, complicated one. It took a lot of rounds of review to get there.
If you work in an environment where you have this type of structured legal review, get to know your reviewers. Have some human conversations with them, outside of your review meetings (which can feel like trials). I found that once the legal counsel knew where I was coming from and trusted me a little, and once I understood their concerns and trusted them a little, it became much easier to find a solution that worked for both of us.