How the data protection law influences user experience research in Brazil

The General Data Protection Law (LGPD) arrived in Brazil you may already know. What few people know is that it changes the rules of the game for all companies that carry out experience research (UX Research) and test their products with end-users, from the approach to the treatment of data. The need for regulation has sparked a race against time, particularly for digital businesses. However, there are still practices that need to be re-discussed and reformulated so that the interests of the business do not override the security of the data of the people involved.

From the previous to the current scenario

Having a trip to a coffee shop interrupted by designers or even a sudden call to understand your own experience with a product/service were normal activities for some Brazilians, especially the population of the Rio-São Paulo axis – where there is the greatest concentration of technology companies. User-centered design and the disciplines related to digital products have a clear mission: it is necessary to understand time after time how users relate to the product or service and how the experience obtained is. This can be done through different methods, with different levels of complexity, and helps the team understand if it is solving a problem. However, due to the need to save the time invested in this activity, guerrilla tests that deal with this interception of people to test and give an opinion on products and services.

With the stiffening and the need to comply with the basic principles of the LGPD, these activities are now not so common. This is because when conducting research and testing we come into contact with different types of data that need to be stored in secure environments. Image, voice, name, are just examples of data that can be collected in product studies and, if stored poorly, there is a risk that the holder of this data has real damages. 

Furthermore, it is extremely necessary for people to know why they are being contacted and for what purpose their data will be processed. We can no longer collect data just to “confirm a theory” without regard to how we are going to use it.

A loss that leads to gains

The need to collect permissions, inform the purpose of studies, and store data in a secure environment is not new to experiment researchers (UX Researchers). Many of the protocols already followed were inspired not only by ethical research principles but also by the European data protection law (GDPR). When we talk about experience research, we are talking about “knowing the experience gained by people through the senses”. That’s what the book UX Research com sotaque brasileiro says. The area may seem new in Brazil, but it has become popular precisely because of the need to apply stricter collection and treatment protocols, in addition to the power to transform qualitative inputs into bets for digital products. 

While some teams believe in the loss of speed in collecting qualitative inputs from users, researchers have worked hard to ensure that companies can carry out ethical, fit-for-purpose studies that protect participant data. 

Adequacy of software to avoid contacts from personal devices, data traceability flows, anonymization, permission policies, and team awareness are common activities in the routines of research teams. The advantage of all this is that it is now necessary to think about the relevance of the collection and its structuring, to avoid episodes of contestation and leaks.

How to know if a company is acting properly with the data protection law when carrying out research 

You can already understand that research and LGPD go hand in hand, especially in the digital environment. But how do I know if the products I use respect the principles of the law?

At the moment, there is no “magic formula” that says once and for all how companies should address privacy issues. However, we can be aware of some indications that point to the application of the protocols. They are:

• Mention of the privacy policy when inviting to respond or participate in surveys;
• Mention of the anonymization of the participants’ data;
• The clear objective of the study and the reason for the contact;
• Contact made directly by the company and not through personal accounts;
• In case of acceptance for opinion polls, sending of consent form or consent requested by video or audio before the beginning of the session;
• Options to enable or disable the receipt of surveys on websites and applications;

A quick way to find out what you’re eligible for is to check the privacy policy for terms like “data privacy”, “consent”, “surveys”. 

Some companies have adopted a direct link with customer service, as is the case of Nubank, which displays a survey code in emails, allowing you to check in chat if the survey received is in fact from the company [see image below].

Image is taken from the author’s email box

#Foreveryonesee: print of an email from Nubank inviting the author to answer a survey, with the survey code and the invitation to access the service in case of questions.

It doesn’t matter the form, but the content

We can no longer simply pick up the phone, access the data of a user of the digital product in question, and call to ask how the experience is going. However, it is possible, with creative solutions that respect the internal environment of each company, to create new ways of capturing what people think and do and how all this relates to technological solutions.

This is how companies have opened space for research people in areas such as anthropology, social sciences, human sciences, among others – known as UX Researchers – to be able to do this ethically and with the necessary diversity of methods and samples. Every time we include these professionals in internal and external research activities, we are helping to ensure that the principles of the LGPD are complied with and that the purpose of the data collected is not diverted.

Want to know how digital products relate to your data and the implications of that? Read researcher Juliana Roman’s text about Clubhouse and LGPD.

The views and opinions expressed in this blogpost are those of the author. 
Illustration by Freepik Stories.