Terms & (Mis)understandings:
Navigating User Consent in Apps and Websites
Role: Lead UX Researcher, UXR Task Force Co-Chair | Timeline: 6-7 weeks
●
●
●
Skills:
Stakeholder Communication
Participant Recruitment
Data Analysis
Research Planning
Data Visualization
Background.
The Financial Data Exchange (FDX) is a nonprofit organization committed to establishing a unified and interoperable standard for secure and user-friendly access to financial data for both consumers and businesses. Within this data-driven ecosystem, data intermediaries emerge as key players. These entities act as intermediaries that handle data processing on behalf of other organizations. Data intermediaries assume a pivotal role in managing data access and safeguarding personal information in compliance with regulations and the preferences of data subjects.
Central to this study is the concept of a consent flow, which facilitates the process of users granting or declining permission for their data to be collected and utilized. This case study places a special emphasis on user consent flows within a financial context, where data intermediaries predominantly comprise financial institutions.
Challenge
When users go through consent processes, they're shown a lot of information from financial companies and middlemen that might not be easy to notice. Unfortunately, not much has changed over time in how this information is shown to users. As a result, users might not really know who they're sharing their information with or what exactly they're agreeing to share.
Goal: Determine optimal consent info presentation and user understanding of consent terms in financial flows
Methodology
In response to the research request from another FDX Task Force, our initial step was to collectively define project goals to establish clarity and alignment within the project team. Given the distributed nature of the Task Force members across various time zones, we devised a set of research questions to divide among ourselves, allowing asynchronous completion leading up to the next team meeting. During this period, team members leveraged internal resources from their respective organizations and integrated these findings with insights gleaned from supplementary literature reviews in our secondary research phase.
To bring these insights together, we synthesized the outcomes of our secondary research with the findings from two follow-up participant surveys, which were thoughtfully crafted by my Co-Chair. I then analyzed the survey responses, providing a direct and deeper understanding of user sentiments and behaviors throughout consent flows.
This project was a collaborative effort involving myself and three other dedicated members of the UXR Task Force. As a Chair of the UXR Task Force, I took on a leadership role, spearheading the research initiatives. My key responsibilities encompassed spearheading extensive secondary research to uncover market standards, meticulously analyzing primary research insights, formulating comprehensive findings reports, and crafting two distinct presentations. One presentation offered a high-level overview of the findings, while the other delved deeper into the granular details.
Research Planning
As we transitioned to individual research tasks within the UXR Task Force, my Co-Chair and I facilitated the finalization of the research plan. With a clear project purpose, goals, and key questions established, the remaining components of success criteria, timeline, research methodologies, and scope were discussed collaboratively.
Given our time and resource constraints, I suggested employing participant surveys to gather both quantitative and qualitative insights. This would enable us to efficiently capture user behavior and validate existing standards. Drawing on this approach, my Co-Chair and I constructed a comprehensive project timeline and scope, estimating a duration of approximately 6 to 7 weeks, accounting for the time commitment of the Task Force members.
Literature Review
To address the research questions at hand, I conducted an in-depth literature review, consulting reputable sources such as McKinsey, Forbes, Harvard Business Review, Consumer Affairs, and various UX-focused blogs. My approach involved reading each article twice – first to grasp its content and then to extract key notes and quotes for integration into the final research report and presentation. The review tackled questions such as:
What are user preferences for consuming external links presented by intermediaries?
What is the most effective way to phrase consent information to users to achieve maximum comprehension?
From this literature review, a clear pattern emerged regarding the market standard for consent flow design. It predominantly manifests in two formats: one with consent terminology embedded within lengthy, legally intricate text that can be challenging for the average person to comprehend, and the other presenting them as links. Both approaches consistently position the consent terms beneath the buttons facilitating progression within the consent flow. This placement suggests that its display doesn't prioritize user understanding. Instead, it seemed to prioritize user progression, sometimes at the expense of user understanding.
FDX Bank Aggregator Study
In collaboration with the Financial Data Exchange (FDX), I gained access to an alternative set of industry standards through their research and case studies. This opportunity allowed me to explore FDX's established market standards for third-party bank aggregators. While the focus of this project was the user consent flow, it was specifically related to financial institutions and intermediaries, highlighting the context of the bank linking process with third-party bank aggregators. FDX's standards emphasize crucial design and structural elements that ensure users engage with a transparent, concise, and secure process, including:
Employing active opt-in methods
Providing detailed consent choices
Distinguishing consent requests from other Terms and Conditions
Explicitly listing all organizations relying on the user's consent
Clearly informing users of their right to easily withdraw consent
Survey Design
While my Co-Chair of the UXR Task Force was responsible for designing the surveys, I actively contributed by offering feedback to identify any unclear questions or potential biases that might have been overlooked. This collaborative effort ensured the questions aligned with the project's objectives and followed a logical flow from a technical standpoint. Subsequently, my Co-Chair crafted two identical Maze surveys to assess various consent flow scenarios, encompassing opt-in options for the Terms of Service and Privacy Policy.
Some of the survey questions were:
How concerned are you with keeping your information secure while linking your bank? (Opinion Scale)
How concerned are you with how your information will be used while linking your bank? (Opinion Scale)
How concerned are you with who has access to your information while linking your bank? (Opinion Scale)
When linking your bank like shown today, what information would you like to know? (Open Question)
Handling participant recruitment for the surveys, I utilized the research recruitment platform, Prolific, to filter and select 318 participants who met specific criteria, including location, age, ownership of credit card and bank account, frequency of financial app usage, and prior engagement with Terms & Conditions. To further refine participant selection, I implemented a preliminary screener process.
Analysis and Synthesis
Using Google Sheets, I meticulously documented and organized the questions, their types, responses, immediate observations, and insights from the survey. This enabled efficient sorting and comparison between open-ended, usability, and multiple-choice questions. Subsequently, I integrated findings from secondary research and focused on synthesizing information directly related to our research questions.
Regarding users' design preferences, there's a clear inclination toward embedded consent documents rather than external links, coupled with a desire for more contextual information on data usage. Regarding user behaviors observed in the survey, security consistently emerged as their top priority and the majority of participants indicated an understanding of consent terminology. However, some remained unclear about agreeing to share their data, especially with multiple stakeholders, and understanding the process to access additional data usage information.
Impact:
Through this research report and presentation, we gained insights to address critical inquiries, aligning our efforts with market standards and enhancing the user experience on the platform. After sharing the findings with the FDX Working Group, leaders and board members expressed their intent to integrate these findings into their upcoming organizational market standards report, potentially thousands of organizations in the future.