Register today for our expert-led virtual AI workshops!
Workshops
Home
/
Blog
/
Designing for privacy in a surveillance age with Robert Stribley

Designing for privacy in a surveillance age with Robert Stribley

04/23/2026

Privacy concerns didn’t appear overnight—they’ve been building quietly alongside the technologies we rely on every day. Lou and Robert Stribley, author of Design for Privacy, explore how digital tracking, AI, and data sharing have reshaped the way personal information moves through the modern web.

Robert traces the growing privacy challenge from early internet tracking to today’s complex ecosystem of smartphones, online services, and AI systems. While many users understand that they’re trading data for convenience, few grasp how widely their information is distributed—or how easily supposedly anonymous data can be re-identified. As AI accelerates the ability to combine and analyze datasets, those risks are growing quickly.

Then the conversation turns to what designers can do about it. Robert outlines practical ways UX professionals can improve privacy outcomes, from collecting less data and avoiding deceptive patterns to improving language transparency and giving users meaningful control over their information. Despite the scale of the problem, Robert argues that designers have more agency and influence than they realize. Thoughtful design decisions can help protect users while also strengthening trust and long-term business success.

What You’ll Learn from this Episode:

  • Why privacy concerns have intensified with smartphones, AI, and online tracking
  • How “anonymous” data can often be re-identified through data aggregation
  • Why users have conflicting attitudes about personalization and data tracking
  • The role UX designers can play in improving privacy protections
  • How deceptive design patterns (including cookie banners) manipulate user consent
  • Why clearer language and better privacy tools can give users meaningful control over their data

Q&A with Robert Stribley

This Q&A is drawn from the podcast episode.

Q: How did we get here? Privacy concerns feel urgent right now, but they didn’t appear overnight.

A: That’s exactly right — they didn’t appear overnight. The privacy challenges we face today have been building quietly alongside the technologies we’ve relied on every day. It starts with early internet tracking, the rise of smartphones, the explosion of online services, and now AI layered on top of all of that. Each wave added new ways for personal information to move through the world, often without users fully understanding what was happening.

Most people have some awareness that they’re trading data for convenience. What they rarely grasp is how widely their information is actually distributed once they’ve handed it over — or how many parties end up with access to it. I’ve looked at the cookie behavior on a single UK news site and found that it shared user data with over 600 third parties. Most visitors to that site have no idea.

Q: You talk about the problem of “re-identification.” Can you explain what that means and why it matters?

A: Re-identification is one of the most underappreciated privacy risks out there. The common assumption is that if you strip personally identifiable information — your name, email address, phone number — from a dataset, the data becomes safe and anonymous. That’s simply not true.

One study found that 87 percent of the U.S. population could be uniquely identified using just three data points: zip code, birth date, and gender. That’s it. So when companies claim their data is “anonymized,” that word is doing a lot of work it often can’t support. And now AI is accelerating this problem considerably — the ability to combine and analyze datasets has grown dramatically, and that makes re-identification faster and easier than ever.

Q: How does AI specifically change the privacy landscape for designers?

A: AI introduces risks at several levels simultaneously. At a data level, AI systems are trained on enormous datasets, and that data has often been collected in ways users weren’t fully aware of or didn’t meaningfully consent to. The FTC has been clear that quietly updating a privacy policy to collect data for AI training is deceptive and illegal — but it still happens.
At a design level, there’s a real risk that AI-generated interfaces will suggest or implement deceptive patterns simply because those patterns perform well. If you ask a generative AI tool to optimize a sign-up flow, it might recommend a pre-checked consent box or obscure opt-out language because historically those patterns increase conversions. Without a designer in the room who actively questions those recommendations from an ethical standpoint, those patterns can get shipped without scrutiny.
The pace of change is genuinely hard to keep up with. But that’s an argument for designers being more engaged in these conversations, not less.

Q: What are some of the concrete things UX designers can actually do to improve privacy outcomes?

A: There are several meaningful levers designers have — more than most realize. The first is data minimization: simply collecting less. Every piece of data you don’t collect is a piece of data that can’t be misused, breached, or re-identified. That sounds obvious, but in practice, the default in many organizations is to collect everything and figure out the use later. Designers can push back on that.

The second is transparency — not just in the legal, terms-of-service sense, but genuinely clear language that explains what data is being collected, why, who it’s shared with, and what users can do about it. Most privacy disclosures fail this test completely.

Third, avoiding deceptive patterns. Dark patterns in privacy contexts — pre-ticked checkboxes, buried opt-outs, confusing toggle labels — are unfortunately common. Designers who can identify those patterns have a responsibility to name them and advocate for something better.

And fourth, giving users meaningful control over their information. Not a control panel buried five levels deep, but genuine, accessible choices that people can actually find and use.

Q: The problem is so large — surveillance capitalism, AI, data brokers. Can individual designers really make a difference?

A: I understand why the scale of the problem can feel paralyzing. But I genuinely believe designers have more agency than they typically give themselves credit for. You’re often sitting in the room when the decision gets made. You’re the one who draws the form, writes the microcopy on the consent screen, decides where the privacy settings live in the navigation.
Those are not small decisions. They affect millions of people. And because designers tend to be the people in an organization who are most attuned to the user’s perspective and experience, they’re often uniquely positioned to raise the question: what does this design decision mean for the people who are going to use this?
That’s not a guarantee of success — organizational cultures vary enormously. But choosing to notice, and choosing to speak up, is the starting point for anything changing.

Q: You make the case that privacy is also good for business. What’s the argument there?

A: The business case is real and it’s growing stronger. The risks of data misuse or accidental exposure — reputationally, legally, and financially — are enormous. We’ve watched major companies face regulatory fines and public backlash over privacy failures that, in hindsight, could have been avoided with better design decisions earlier in the process.
But beyond risk mitigation, there’s a positive case: trust. Users who feel confident that a product handles their data responsibly are more likely to engage with it, stay with it, and recommend it. Privacy-respecting design builds the kind of long-term relationship with users that superficially convenient but privacy-compromising products can’t sustain. It’s not a constraint on good design — it’s a competitive advantage if you’re willing to treat it that way.

Q: What do you hope designers take away from this conversation?

A: I hope they come away with a sense that this is their problem to engage with — not just legal’s problem, or the security team’s problem, or something that gets sorted out in compliance. Designers shape the experiences through which people interact with technology and hand over their personal information. That’s a real responsibility.
Privacy is ultimately about consent and control — allowing people meaningful say over what happens to their own information. That’s a fundamentally human-centered value, and human-centered design is supposed to be what we do. The two things are not in conflict. Once you see it that way, it becomes hard not to care.

About our guest

Robert Stribley is a user experience design professional with some 25 years of experience. He works with brands both big and small across diverse sectors to provide thoughtful user experience solutions. He worked for many years at both Razorfish and Publicis Sapient, and recently started his own UX consulting company, Technique. Although he has particular experience designing for automotive and financial services, Robert has worked with companies as diverse as the American Red Cross, FreshDirect, JP Morgan, Mercedes-Benz, Travel Channel, and Women’s Wear Daily. He teaches user experience design at the School of Visual Arts in Manhattan. A chronic student himself, Robert earned degrees in journalism and English education and certificates in political journalism, privacy and data security, and global affairs. Read more »

Quick Reference Guide:

0:15 – Meet Robert, Lou’s neighbor

1:51 – How Robert got into the privacy field

5:06 – Perceptions of privacy and the concessions we make

8:01 – Terms of Service – we accept them blindly – and why that can be risky

15:54 – 5 Reasons to use the Rosenverse

18:39 – What designers can do about data privacy

28:08 – Privacy tools and potential tools for users

32:38 – Robert’s gift for listeners

Resources and Links from Today’s Episode: