Select Page

Master’s Thesis: Co-designing an employee MyData service

February to July 2020

Personal data privacy is a crucial and timely issue as we are living in a post-GDPR world where individuals have rights over their data. Due to this multiple companies have adapted data portability to allow users to see their own data and control how its used. The MyData Global initiative has been working tirelessly for years to encourage and promote this way of working when it comes to companies using personal data of customers. However what has largely been ignored is the employment context. Given the rise of big data and AI – new ways to gather data are becoming increasingly common place but these cannot be adopted without a regard to privacy. Especially in the work place, this conversation is important as the future of work is increasingly based on digital analytics and learning about what knowledge a company has, how can that knowledge be search-able, how can companies predict their future better or how can they know what topics of discussion are emerging within the organisation. 

The Challenge: 

To find the best approach to creating transparency and providing data rights to employees in the context of a Finnish technology consultancy.

How do you design to develop trust that can help empower through data use?

This was further divided into three focused design questions to tackle through the methods used:

  1. How might we use transparency for employee data to create informed, data decision-makers? 
  2. How might we provide control over their data to employees?
  3. How might we build an understanding of the value of data usage through the transparency? 

Learning from literature:

The thesis includes a thorough literature review that is looking at the various components of topics that make up this discussion. It tries to gather understanding from the legal perspective of the GDPR law and Article 8 of the European Convention on Human Rights. It then looks at how employee data can be used and how trust is important for organisations looking to use data to grow their future business. Then we looked further into how digital tools can build that trust – specifically how transparency-enhancing tools are important to understand what we need to build. We also looked at informed consent and how HCI needs to enable better understanding of data – also deep diving into the usability aspects of privacy policies as a use case. We will also focus on privacy by design literature and how a collaborative design methodology can be included in designing the aforementioned service.

From the information gathered in the literature review, the main research questions of this thesis are about how might we design trust, specifically how can we measure and enhance transparency and control for employees in a technology consultancy and explain the value of data through a digital service.

How much influence people think they have at this stage

What data is used in applications according to employees

Phase I: User Research

A collaborative design methodology was utilised to design an employee MyData service. This design process was undertaken at a medium-sized Finnish technology consultancy so the context is focused on its employees. The user research is the first phase of this process and involves the conducting of a survey that got 98 responses and co-creative interviews with 11 employees around data usage awareness amongst employees at a Finnish technology consultancy.

1. The survey focused on understanding the current awareness of how much of their data they think is currently being used internally to develop data-driven applications. The survey also asked participants how different types of the company and personal data from different internal applications should be used based on their own comfort levels. Participants also addressed how much influence they felt they currently have over their data in the organisation. There are also multiple open questions that are qualitatively analysed and those findings are presented.

2. The second part of the user research focused on conducting co-creative interviews with selected employees. There were 11 interviews conducted. The interviews focused on expanding on the questions from the survey. Interviewees were asked to talk about their awareness of data usage, their views on what type of control they needed over their data and what value they thought their data could bring them. 



Phase II: Workshops

The two user research methods are then used to formulate some user requirements that are necessary for a service that brings transparency to employee data and control over how it is used by the employer. This then helps with creation of mock-up UIs that display the data that is present and a combination of applications that use that data – both real and fictitious. These mock-ups are then evaluated by 12 participants in 3 ‘provotype’ workshop sessions. In the workshops, participants are guided through three different tasks focusing on assessing:
  • the data sources presented,
  • the applications that are showcased,
  • setting up consent for data usage in an application.

Additionally, to guide and embed privacy by design, a workshop was also conducted with teams developing data-driven applications. These were targeted to help them address privacy in their work and create a transparent canvas where data-decisions could be documented easily. This workshop would test out the data sensitivity mapping framework designed by me to help these teams arrive at sensitivity recommendations that can be used to handle the data they use in the applications. 

Workshop run live in Miro showing mock-ups

Workshop run live in Miro showing mock-ups

An example sensitivity recommendation

The data categories for company data ideated as a result of workshops

Workshop Results:
These workshops and results are analysed qualitatively to create more robust requirements and understand what aspects of the UI participants were confused about. This analysis was done by splitting the evaluations into thematic issue groups of:
– Process of opting in or out of data usage
– Data Categories
– Terms and Language used
– UI Changes
– Information Design Aspects
– Design to show value
Insights to Prototype:
Using these insights, an interactive prototype of a digital service is created using Figma to reflect what data sources are present in the organisation – some of which belong to employees as well as which applications are using that data. The information about how data is used is aimed to be reflected through this prototype and also interactions are designed to allow for the opting in or out of data usage should employees feel they do not want certain data of theirs used in certain applications.

Phase III: Prototype Testing

This prototype was then tested with 24 participant employees at a Finnish technology consultancy. The testing was done through and testers were asked to complete some tasks through navigating and interacting with the prototype. The tasks were about:
– Exploring the data sources
– Exploring the applications
– Setting consent for personal data
The testers were also asked questions about how this prototype enhanced transparency and how much influence it gave them. They were also asked to fill out a survey using the System Usability Scale to gauge how usable this UI was. The final scores were 75 ( new users) and 78 (super users) well above the 68 passing score.
Main Insights & Findings:
We found that in our sample size of user research, the users did not feel they have much influence over their data but many were aware of what data was being used currently and by whom. Users also had quite many opinions of how data should be used but what was clear was that private data should never be used. Additionally an open question about building trust was overwhelmingly linked to transparency in the answers. 

Similar views were voiced in the interviews, the main observation here was that developing the understanding of value of the data had to be personalised. Employees wanted to see how their data showed insights about themselves and related better to that. Employees also wanted a deeper level of control over data – in terms of granularity of data about them. This was interesting as adding choice proliferation usually increases cognitive load of decisions but the workshops provided a very good opportunity to evaluate the mock-up UIs and the clear finding from that was the current data used was too extensive. There were too many decisions being left to the participants to decide about. Therefore this finding was important to create data categories to help reduce the cognitive load on participants. At the same time, as found in literature, development teams also need guidance and a framework to assess the privacy of data used. We will explore the frame work created that was tested with development teams working on data-driven applications based on employee data.

How much influence employees felt they had after testing this prototype

Flows showing the two main aspects of the service – the data sources and the data applications

The Outcome:

In the final prototype, these categories were created: “work assets”, “business essential” and “personal/behavioral” data. These were aimed to reduce the number of decisions users had to make about which data usage to consent to – this way they only needed to be concerned about the personal/behavioral data categories but also have a chance to build an understanding of how the other data types were used in application to be better informed on data-driven applications.
From the final user tests, there was marked increase in how much influence employees felt they and after using the service. Although it may not be a perfect match to the earlier survey, it can indicate that the prototype clears many unknowns employees had earlier. The information labels and toggle switches helped users be in control of their data and understand better what was being consented to. A usability score was also calculated from these tests based on the SUS although this score is based on the prototype and not the final service but can give an indication for how to develop final service. Further study and work needs to be done to clarify the data categories for consent setting as well as work needs to be done to analyse after a period of time how a service like this affects views about data and its role in the future.

Final Thesis Presentaion