When digital platform companies become aware that their users have been exposed to risks, or are likely to be exposed in the future, they often do not have a playbook of effective communication practices that go beyond narrow notification requirements. The standard approaches — ranging from lengthy legal documents to easily dismissed pop-ups — typically fail to inform users in ways that enable better decision-making.
This challenge is at the center of a new CLTC report, Designing Risk Communications, that looks at some of the existing risk communication practices used by digital platforms, and provides a framework for improving their approach. Published as part of the CLTC White Paper Series, the report was authored by Jessica Newman, CLTC Research Fellow and Program Lead for the AI Security Initiative; Ann Cleaveland, CLTC’s Executive Director; Grace Gordon, a Master of Development Practice student at UC Berkeley who was a 2020 Summer Graduate Student Researcher at CLTC; and Steven Weber, Faculty Director of CLTC and current Associate Dean and Head of School of the UC Berkeley School of Information.
The paper explores relevant insights from theories of risk communications, how these have been applied in practice across different sectors, and why they are relevant to the particular risks and communication needs of digital platforms. The analysis was informed by a series of expert interviews and a multi-stakeholder workshop held in February 2020 at the University of California, Berkeley to investigate the current state of risk communications in the technology sector, and to assess the feasibility of adopting best practices from other sectors and the scientific literature.
The report introduces a practical agenda, a “roadmap” to serve as a preliminary guide for digital platforms trying to redefine how they communicate risks with users. The roadmap draws from insights at the intersection of decision science, psychology, sociology, and communications to propose three practices that digital platform firms can adopt to improve risk communications, including:
- Engagement: Create accessible, informative, and actionable communication formats to enable effective risk communication.
- Design: Establish processes for risk communication in advance, and create metrics to assess effectiveness and ensure the resilience of risk communication efforts.
- Evaluation: Establish processes for risk communication in advance, and create metrics to assess effectiveness and ensure the resilience of risk communication efforts.
The report highlights relevant examples of risk communication from digital platforms, such as Facebook’s Privacy Checkup and Apple’s recently released privacy nutrition labels, which give consumers a quick, scannable glimpse into the potential privacy risks of a digital service prior to using it. The paper also draws on examples from other domains, such as the Aviation Safety Reporting System, used to capture and communicate potential risks across the aviation industry, and the Drug Facts Box, which is designed to communicate side effects and other information about over-the-counter and prescription drugs.
“Decades of literature about the science of risk communication combined with lessons from other sectors, provide a fresh take on how digital platforms can improve meaningful dialogue and engagement with users about potential risks,” the authors write. “In an environment of expanding digital risks and growing distrust of technology companies, a shared roadmap for risk communications can leverage the interdependence of many digital platforms, help ‘raise all boats,’ and support an improved environment for both users and digital platform firms.”