Data Requests

Data privacy law compliance

Company

Reddit

Role

User Researcher
Product Designer

Timeline

2019

Team

PM
4 Engineers

eServices landing page
Context

Information privacy and data protection

Reddit aims to foster connections between people by providing safe communities for endless conversation. Reddit complies with data privacy laws, i.e., General Data Protection Regulation (GDPR) for the EU and California Consumer Privacy Act (CCPA) for California, which allows Redditors to access and/or delete their Reddit data. With CCPA effective in 2020, we expect a spike in data requests.

Reddar is the all-in-one internal tools platform which our internal teams use to review reported content and handle legal requests.

Research

I started by reading a lot of Google Docs—and while they explained the process clearly, they were long. I scheduled an interview and shadow session with a Legal Ops team member. I watched him work, took notes, and asked questions. Because his work was very process driven, creating a user flow helped me understand the existing process and spot problem areas.

I created personas for my users: Redditor (the people requesting data) and Legal Ops (the people creating the data export).

Problems and Ideation

From shadowing and interviewing Legal Ops, I was able to identify these problems. I had a brainstorm session with the PM and engineers to discuss ideas on how to solve them.

Problem 1
Redditors need an easier way to request data because it currently takes 2 separate steps via email and private message.

Problem 2
Legal Ops need a way to securely send data to the requestor because zipped files sent via email are not safe.

Problem 3
Legal Ops need a better way to store all data request info. Manual logging is slow, error-prone, and makes it hard to see the full picture.

Problem 4
Legal Ops need to verify the requester’s email because a verified email isn’t required to create a Reddit account, but it is needed to send the data file.

Solution

Self serve form that requires login
Secure link for data download
Bring data request process into Reddar
Two way communication

Self serve form that requires login, Secure link for data download,

Bring data request process into Reddar, Two way comms

Ideal Flow

I created an ideal user flow to help me layout the screens and UI elements I would need to design for a user requesting data and Legal Ops processing a single ticket.

Challenges

Even though we were designing a self serve form, we were still going to honor email requests. And if we wanted to move towards a single platform on Reddar, the designs needed to be flexible to support web form requests and email requests.

Bringing the ads and gifts data into the data export was out of scope. So I had to design knowing that Legal Ops would still need to manually pull ads and gifts data.

Web form

I looked at how other companies enabled data downloads. The only information we needed from the requestor was whether they wanted all their Reddit data or from a certain time frame. The form design was straightforward as we had standard form elements already and I worked with the UX copywriter and Policy team to formalize the copy.

Reddar Ticket

Web form

As for the ticket page, I came up with 5 different explorations, which I conducted usability testing with Legal Ops. Starting from the homepage of Reddar, I asked him to find his way to the data request queue and process the first ticket. With their reactions and thoughts, I was able to iterate on a final design.

Result

↑ Number of tickets reviewed 

↓ Turnaround time

↓ Number of swivel chairs in order to process a ticket

We have reduced this from 9 to 3

↓ Manual logging

We have automated all logging except for ads and gifts data, which can be easily recorded in the task widget.